Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow PC, Virus? [Solved]


  • This topic is locked This topic is locked

#1
butterrice

butterrice

    Member

  • Member
  • PipPipPip
  • 347 posts
I'm trying to help a friend and I'm at a standstill. It's a Toshiba with Windows XP. It is very slow, and shuts down. I'm not seeing malware or a virus. I ran Microsoft Security Essentials, Cleaned Caches, Defragged, ran Malwarebytes, and SuperAntispyware. Can't seem to find the culprit. Any help would be appreciated! The following is the OTL Log:

OTL logfile created on: 6/1/2012 8:34:15 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Me\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 240.60 Mb Available Physical Memory | 23.73% Memory free
2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 55.02 Gb Free Space | 59.22% Space Free | Partition Type: NTFS

Computer Name: ANNEMARIE | User Name: Me | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 19:45:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exe
PRC - [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 10:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/01/26 21:07:32 | 003,884,312 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/05/05 11:19:14 | 000,451,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 20:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008/03/19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69B3B017-E2C1-4338-9994-5B90C8ACE88F}\MpKsl2ef5ae5e.sys -- (MpKsl2ef5ae5e)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/14 05:15:16 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/03/18 15:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 15:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/07/23 14:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 14:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 14:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/06/27 17:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 17:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/10/16 21:19:22 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 16:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/10 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/04/22 20:45:00 | 000,016,896 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\busbcrw.sys -- (busbcrw)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/04/04 14:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\parclass.sys -- (Parclass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60347
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60347
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0C44FB03-902B-4A68-B5EE-3EB348DD603D}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{122801D1-BE7B-44AB-91D8-F7B375F83D24}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{1320F51C-86B5-43C5-85AB-49F878DF1A2E}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{19A8795C-F668-4305-B58D-EAFEED3CAB3F}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89C68405-B2FD-472F-9382-0B6C5E0430B0}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{AC7B2E9E-A592-412C-A60D-2B7359B857E7}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{D6BE6619-6B80-4728-98AD-A7233F108A71}: "URL" = http://search.yahoo....Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60347
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {68FA7D5A-72D5-4BFD-8EEA-BBC5B555DEA5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{144AAE6D-9F81-4756-8A59-BD37D8A24C39}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60347
IE - HKCU\..\SearchScopes\{297759A3-903D-4E8D-AD17-ECB6454F3E2C}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{68FA7D5A-72D5-4BFD-8EEA-BBC5B555DEA5}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{8D5CD5AB-39D6-4111-9204-136D2DEF237D}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C0E0375C-6967-4D72-9413-C929D23D53B2}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DDB06745-C067-48C6-95A5-1C401809F310}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F3EAC764-C72A-40D2-B779-3715E144D2BC}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/01 02:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/02 23:20:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/06/29 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2010/06/29 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/01 20:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\extensions
[2012/03/03 02:21:34 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/03 01:53:19 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/01 20:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\extensions\staged
[2012/05/25 22:38:59 | 000,002,103 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\searchplugins\wot-safe-search.xml
[2012/03/02 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/10 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/24 20:40:27 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2012/02/05 00:26:48 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2012/02/05 00:26:48 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2012/02/05 00:26:48 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2012/02/05 00:26:48 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....oke/Coupons.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE55274A-5C0A-49A9-87E4-410E90EC7852}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 11:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4dfbf244-fe5a-11de-a8c5-0013025dbfdb}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 20:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp09A2827B-F28A-C81E-25B5-ED07E4054243-Signatures
[2012/06/01 20:13:26 | 000,000,000 | ---D | C] -- C:\788c93e7b9858a200f
[2012/06/01 20:08:42 | 000,000,000 | ---D | C] -- C:\57d32ac2f4be317f1db65a9be677c885
[2012/06/01 19:55:09 | 000,000,000 | ---D | C] -- C:\1d6af05265d7166fa7a64939b262
[2012/06/01 19:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempF91D1888-54D7-79C1-982B-ACECD0CAA485-Signatures
[2012/06/01 19:37:28 | 000,000,000 | ---D | C] -- C:\8bd22e6435dc98c0e2454508
[2012/05/27 03:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

========== Files - Modified Within 30 Days ==========

[2012/06/01 20:43:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/01 20:33:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/01 20:28:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 20:28:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/01 20:10:26 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 20:10:26 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-800253906-3563381494-61074070-1005.job
[2012/05/27 23:09:45 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/27 02:50:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 12:43:31 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/05/26 12:43:30 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 23:05:06 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/05/25 22:58:28 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/15 21:37:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/08 18:13:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/18 18:51:38 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:46:00 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/13 22:56:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 09:17:33 | 000,147,233 | ---- | C] () -- C:\WINDOWS\hpoins17.dat
[2011/03/21 09:17:32 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl17.dat
[2011/01/21 20:01:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/18 02:13:29 | 000,199,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2007/02/18 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/02/17 05:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/03/18 10:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2007/08/08 11:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/03/03 02:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/05 00:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2008/08/10 01:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/03/13 19:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/04/01 03:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/17 20:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/17 22:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FUJIFILM
[2012/03/03 01:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\GARMIN
[2007/04/19 18:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\InterVideo
[2010/05/26 23:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MSNInstaller
[2008/10/23 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Pogo Games
[2012/03/03 01:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\QuickScan
[2010/05/24 21:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\supportdotcom
[2008/07/15 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2008/03/23 11:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\toshiba
[2009/09/08 20:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Windows Desktop Search
[2010/04/25 10:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Windows Search
[2010/12/01 21:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\YosemiteSync
[2012/01/16 16:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/06/01 20:33:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13D82150
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello butterrice and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMA

Double click it to run it. Make sure to restart your system.

How is your system now?

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/01 20:13:26 | 000,000,000 | ---D | C] -- C:\788c93e7b9858a200f
    [2012/06/01 20:08:42 | 000,000,000 | ---D | C] -- C:\57d32ac2f4be317f1db65a9be677c885
    [2012/06/01 19:55:09 | 000,000,000 | ---D | C] -- C:\1d6af05265d7166fa7a64939b262
    [2012/06/01 19:37:28 | 000,000,000 | ---D | C] -- C:\8bd22e6435dc98c0e2454508

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
The ResetDMS comes up as a text document in notepad. Am I doing something wrong?
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this. Download

Attached File  resetdma.zip   1.24KB   21 downloads

Extract ResetDMA.vbs and double click to run it. This should work.
  • 0

#5
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
OKay - i got the "reset" to work and ran the OTL. Now I'm trying to deal with the GMER. This computer uses Microsoft Security Essentials and Windows firewall. For some reason, Microsoft SE is not running in my bar and a prompt comes up saying the following:

Microsoft Security Client
An error has occurred in the program. Try to open it again. If this problem continues, you'll need to reinstall Microsoft Security Client. Erro code:0x8007064e


So I went to uninstall it but it's not on my list of add/remove software. But I can see it in my "start" menu. I just can't open it due to the above.

I tried turn off Windows Firewall, but something is preventing me from doing that. IT keeps turning back on.

These two programs are recommended to be off in order to run GMER.

I will wait for further instruction. Thank you!
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi butterrice,

OK. Leave GMER for now. Let's try these steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
OTL LOG

All processes killed
========== OTL ==========
C:\788c93e7b9858a200f\x86 folder moved successfully.
C:\788c93e7b9858a200f\EN-US folder moved successfully.
C:\788c93e7b9858a200f folder moved successfully.
C:\57d32ac2f4be317f1db65a9be677c885\x86 folder moved successfully.
C:\57d32ac2f4be317f1db65a9be677c885\EN-US folder moved successfully.
C:\57d32ac2f4be317f1db65a9be677c885 folder moved successfully.
C:\1d6af05265d7166fa7a64939b262\x86 folder moved successfully.
C:\1d6af05265d7166fa7a64939b262\EN-US folder moved successfully.
C:\1d6af05265d7166fa7a64939b262 folder moved successfully.
C:\8bd22e6435dc98c0e2454508\x86 folder moved successfully.
C:\8bd22e6435dc98c0e2454508\EN-US folder moved successfully.
C:\8bd22e6435dc98c0e2454508 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Me
->Temp folder emptied: 43673008 bytes
->Temporary Internet Files folder emptied: 7765304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30117398 bytes
->Flash cache emptied: 566 bytes

User: NetworkService
->Temp folder emptied: 38902910 bytes
->Temporary Internet Files folder emptied: 1119835819 bytes
->Java cache emptied: 305 bytes
->Flash cache emptied: 25606 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 440028374 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,603.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06222012_204959

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Me\Local Settings\Temp\BIT38.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Me\Local Settings\Temp\BIT42.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Me\Local Settings\Temp\BIT44.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Me\Local Settings\Temp\BIT7E.tmp scheduled to be moved on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\158951829@x23[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\158951829@x71[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\2011Generic@Bottom3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\admin-ajax[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\buttons[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\dppix[6].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\emily[6].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\follow_button.1340179658[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\if[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\jquery.min[4].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\like[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\passback.c.r[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\slideup[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\spcjs[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\style5[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\syncuppixels[4].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\thickbox[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XYEXT5Z1\ZAPSegments@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\111554[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\@x94[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\adaptvAdPlayer[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\adtag[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\all[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\cms-2-frame[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\conversion[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\data_sync[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\DLX@x72[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\emily[4].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\html5[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\hub[3].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\iframe3[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\jquery.lazyload.pack[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\jquery.morris.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\jquery[4].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\like[5].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\Pix-1x1[3].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\showad[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\style5[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\supersubs[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\tt[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\tweet_button.1340179658[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\widgets[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\USQGTH3M\xd_arbiter[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\110579[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\111553[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\1202577_DA_OTM1MjU0NTg=[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\1209[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\1232467-ufc-on-fx-4-guida-vs-maynard-results-live-commentary-and-play-by-play[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\1340410861[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\26005[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\ajs[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\beacon[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\Best-Beauty-Products-Summer-2012-23530984[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\bXcvEiCQ_q7eKaDwIcgSIg[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\channels[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\common[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\count[6].json moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\data_sync[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\ddtabmenu[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\doneloading[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\fbconnect[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\FLRelease2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\global[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\html5[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\IE[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\iframe[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\jquery[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\Oscar-Videos-1[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\pixel[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\retina[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\style[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\swfstore.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\topscript.js[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTXRL06X\vp_c[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\90second_15_fashion_sites[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\ads_self[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\dref=http%253A%252F%252Fd3.zedo.com%252Fjsc%252Fd3%252Fff2[1].html%253Fn%253D1321%253Bc%253D13%253Bs%253D2%253Bd%253D14%253Bw%253D728%253Bh%253D90 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\iframe!t=1209![1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\isolate[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\pixel[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QRE6Y3I8\tt[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\AdDisplayTrackerServlet[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\americanprofile_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\am[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\ap_ie8[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\ap_screen[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\beacon[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\bestarcadesandgames_com[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\cached_iframe[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\categoryframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\ca[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\checkOAuth[3].esi moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\content_30524_1__fa_converted[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\custom-contact-forms[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\dvtp_src[4].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\F1_NV_CPN_728x90[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\fw-nonplayer-banner[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\ggv2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\global[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\google_service[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\iframe!t=1209![1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\iframe3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\jquery-ui.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\jquery.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\login[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\modelswebtv_com[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\regular[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\regular[2].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\rpc[1].flow moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\sidebar-bottom[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\skin[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\status-316522-06-22-2012[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\swfobject[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\text_group[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\Tremor_SE2_Targeted_Pre-Roll_Companion_300x250_3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\viewChannelModule[1].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P6OO2ARD\viewChannelModule[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\158951829@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\banners[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\caCA9G2X3Q moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\emily[7].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\ff2[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\filmannex[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\gallery[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\global[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\gpro-dropdowns[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\hoverIntent[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\hub[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\iframe2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\iframe[6].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\isolate[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\like[3].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\like[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\like[5].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\like[6].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\plusone[5].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\pubcode.min[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\rs=AItRSTP6JaEOabn9zMUeNGT0KlkDdsjsrA[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\superfish[5].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P1M4P8TW\ttjCAVC47AS moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\32923-2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\adservercontinuation[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\ads[7] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\ad[3] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\ajs[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\alphabird_videoplayer_companion[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\carousel[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\content_30717_1__fa_converted[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\e100810_257[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\emily[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\fastbutton[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\flashdriven_com[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\freq[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\freq[3].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\gotham-light[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\id=23530984;ntype=gallery;tag=summerbeauty;sponsor=summerbeautytag;sz=300x250,550x250;gid=1922153;pos=below_inline1;iframe=1;tile=4;anon=1;ord=20410;[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\iframe[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\iframe[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\jquery.spin[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\lgl[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\Mens-Grooming-Advice-Video-23666512[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\nano[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\nid=23530984;ntype=gallery;tag=summerbeauty;sponsor=summerbeautytag;sz=300x250,300x600,300x40;gid=1922153;pos=above;iframe=1;tile=3;anon=1;ord=20410;[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\noticons-regular-webfont[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\oh-[bleep]-[bleep]-me-that-kind-of-hurt[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\Salmon[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\spin[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\styles[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\swfobject[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\tab[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\ttj[8] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OIR31QLF\wfapiv2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JBY7IIP2\glam_logo[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\%22height%22%3A%22315%22%2C%22pid%22%3A%221686443d8d1131ce%22%2C%22autoplay%22%3A%221%22%2C%22volume%22%3A%2250%22%7D;sz=560x315;ord=4918370023129827[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\0RCbxKI834_791884003[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\1[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\20120623000217[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\AdDisplayTrackerServlet[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\AdDisplayTrackerServlet[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\AmbassadorSacirbey[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\as[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\bold[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\cached_iframe[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\custom-form-elements[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\f3_5AaJnUif1b2N0L7kPyw[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\fastbutton[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\fastbutton[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\freq[3].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\global[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\jquery-ui.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\jquery.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\jquery.nivo.slider.pack[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\jquery[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\meld[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\player[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\social_widget[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\spc[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\status_mevio_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\track_visit[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\traditions[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\ui.tabs[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\viewChannelModule[1].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\viewChannelModule[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FEI21A5H\viewChannelModule[4].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\AdDisplayTrackerServlet[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\adspace[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\beacon[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\brilliantriches_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\build_creative[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\categoryframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\categoryframe[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\counter_xhtml[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\cr[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\default_181050-6[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\effects[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\fastbutton[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\freq[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\gallery;nid=23530984;ntype=gallery;tag=summerbeauty;sponsor=summerbeautytag;sz=728x90;gid=1922153;pos=above;iframe=1;tile=2;anon=1;ord=20410;[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\header[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\iframe3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\if[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\jquery-1.7.1.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\jsapi[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\livefyre[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\nba-star-tony-parker-files-20-million-dollar-lawsuit-against-w-i-p-for-injuries-sustained-from-chris-browndrake-brawl-31945[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\newsletter[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\pinit[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\pixel[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\PRScript[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\sheisthat_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\show[1].json moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\style[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\style[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\vpaidacudeo[4].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EZL76NC6\_static[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EVVT6917\ajtg[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\43-1x1[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\7075412464[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\art-design[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\B6471320[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\bestarcadesandgames_com[4].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\clk[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\dvtp_src[9].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\fa5[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\meld128[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\p-01-0VIaSjnOLg[4].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\piggy_bank[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\sh090[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXP0AQ83\xd_arbiter[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\ads[4] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\dref=http%253A%252F%252Fd3.zedo.com%252Fjsc%252Fd3%252Fff2[1].html%253Fn%253D1321%253Bc%253D13%253Bs%253D2%253Bd%253D14%253Bw%253D728%253Bh%253D90 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\dref=http%253A%252F%252Fquickhealthanswers[2].com%252Fprivacy-policy moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\dwReconcile[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\embed[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\emily[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\fastbutton[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\forms[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\get[1].xml moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\glamadapt_jsrvCA4XIAVC.act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\glamIgm[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\glanky_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\iframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\isolate[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\isolate[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\jcookie[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\jquery.form[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\jquery.nivo.slider.pack[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\jquery.tools.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\lgl[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\lg_polls[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\regular[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\scrolltopcontrol[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\sidebar-middle[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\text_group[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\top[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\ttj[7] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\ui.core[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\ui.resizable[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\viewChannelModule[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B4P4Q28E\vp_c[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\2312[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\ajs[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\ap_main[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\cached_iframe[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\cl[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\cms-2c[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\comment-reply[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\defender[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\dref=http%253A%252F%252Fquickhealthanswers[1].com%252Fprivacy-policy moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\emily[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\emily[3].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\fastbutton[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\freegametopia_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\freq[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\get[1].xml moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\iframe3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\impCAI0MLXP moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\i[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\jquery-1.3.2.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\jquery.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\login[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\parking[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\privacy-policy[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\pulsewrapper[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\quant[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\rc[1].pli moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\sidebar-top[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\st[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\superfish[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\swfobject[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\tabata-mashup-workout-squats-and-push-ups[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\viewChannelModule[1].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9C0AO3Z8\viewChannelModule[3].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3PI3O6OD\companions[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3PI3O6OD\quant[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\34MXZQ8C\empty[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\0%3B~sscs%3D%3f;ord=1997929[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\01[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\3412[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\710928723[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\8b2c1634aaeb3e662a3636f7b182bc6e[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\afr[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\arcade[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\B6335539[1].4;sz=728x90;pc=[TPAS_ID];ord=3275347947347181857 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\categoryframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\data_sync[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\dynamic_companion_banner_iframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\fastbutton[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\fastbutton[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\fastbutton[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\freq[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\getAds[1].jsp moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\gotham-medium[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\iframecheck[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\isolate[2].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\jquery[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\mainHeader[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\script[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\socialreg[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\styles[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\underseakingdom[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0N3CTOEH\widget[1].php moved successfully.
C:\WINDOWS\temp\fla80.tmp moved successfully.
C:\WINDOWS\temp\fla82.tmp moved successfully.
C:\WINDOWS\temp\flaD2.tmp moved successfully.
C:\WINDOWS\temp\flaD3.tmp moved successfully.
C:\WINDOWS\temp\flaD6.tmp moved successfully.
C:\WINDOWS\temp\flaE6.tmp moved successfully.
C:\WINDOWS\temp\flaEA.tmp moved successfully.
C:\WINDOWS\temp\flaED.tmp moved successfully.
C:\WINDOWS\temp\flaEE.tmp moved successfully.
C:\WINDOWS\temp\flaEF.tmp moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#8
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
TDSS KILLER

19:56:04.0704 4828 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:56:06.0704 4828 ============================================================
19:56:06.0750 4828 Current date / time: 2012/06/25 19:56:06.0704
19:56:06.0750 4828 SystemInfo:
19:56:06.0750 4828
19:56:06.0750 4828 OS Version: 5.1.2600 ServicePack: 3.0
19:56:06.0750 4828 Product type: Workstation
19:56:06.0750 4828 ComputerName: ANNEMARIE
19:56:06.0750 4828 UserName: Me
19:56:06.0750 4828 Windows directory: C:\WINDOWS
19:56:06.0750 4828 System windows directory: C:\WINDOWS
19:56:06.0750 4828 Processor architecture: Intel x86
19:56:06.0750 4828 Number of processors: 1
19:56:06.0766 4828 Page size: 0x1000
19:56:06.0766 4828 Boot type: Normal boot
19:56:06.0766 4828 ============================================================
19:58:05.0039 4828 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:58:05.0632 4828 ============================================================
19:58:05.0632 4828 \Device\Harddisk0\DR0:
19:58:05.0710 4828 MBR partitions:
19:58:05.0710 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
19:58:05.0710 4828 ============================================================
19:58:06.0492 4828 C: <-> \Device\Harddisk0\DR0\Partition0
19:58:06.0788 4828 ============================================================
19:58:06.0788 4828 Initialize success
19:58:06.0788 4828 ============================================================
20:03:02.0259 5332 ============================================================
20:03:02.0259 5332 Scan started
20:03:02.0259 5332 Mode: Manual; SigCheck; TDLFS;
20:03:02.0259 5332 ============================================================
20:03:14.0678 5332 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:03:47.0390 5332 !SASCORE - ok
20:03:50.0156 5332 Abiosdsk - ok
20:03:50.0187 5332 abp480n5 - ok
20:03:50.0984 5332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:04:19.0025 5332 ACPI - ok
20:04:19.0790 5332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:04:20.0259 5332 ACPIEC - ok
20:04:20.0290 5332 adpu160m - ok
20:04:20.0899 5332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:04:21.0790 5332 aec - ok
20:04:22.0055 5332 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:04:23.0477 5332 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:04:23.0477 5332 AegisP - detected UnsignedFile.Multi.Generic (1)
20:04:23.0711 5332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:04:24.0508 5332 AFD - ok
20:04:25.0555 5332 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:04:31.0741 5332 AgereSoftModem - ok
20:04:31.0756 5332 Aha154x - ok
20:04:31.0788 5332 aic78u2 - ok
20:04:31.0803 5332 aic78xx - ok
20:04:32.0662 5332 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
20:04:36.0693 5332 aksfridge - ok
20:04:37.0162 5332 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
20:04:37.0490 5332 akshasp - ok
20:04:37.0708 5332 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
20:04:38.0661 5332 akshhl - ok
20:04:38.0724 5332 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
20:04:38.0989 5332 aksusb - ok
20:04:39.0255 5332 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:04:41.0067 5332 Alerter - ok
20:04:41.0192 5332 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:04:43.0707 5332 ALG - ok
20:04:43.0723 5332 AliIde - ok
20:04:43.0770 5332 amsint - ok
20:04:44.0332 5332 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:45.0629 5332 Apple Mobile Device - ok
20:04:46.0535 5332 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:04:47.0816 5332 AppMgmt - ok
20:04:47.0941 5332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:04:48.0831 5332 Arp1394 - ok
20:04:48.0847 5332 asc - ok
20:04:48.0862 5332 asc3350p - ok
20:04:48.0894 5332 asc3550 - ok
20:04:49.0331 5332 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:04:51.0221 5332 aspnet_state - ok
20:04:51.0471 5332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:04:51.0768 5332 AsyncMac - ok
20:04:52.0736 5332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:04:53.0283 5332 atapi - ok
20:04:53.0424 5332 Atdisk - ok
20:04:53.0674 5332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:04:54.0174 5332 Atmarpc - ok
20:04:54.0799 5332 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:04:55.0486 5332 AudioSrv - ok
20:04:55.0580 5332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:04:56.0314 5332 audstub - ok
20:04:56.0689 5332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:04:57.0657 5332 Beep - ok
20:04:58.0313 5332 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
20:04:59.0298 5332 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning
20:04:59.0298 5332 bgsvcgen - detected UnsignedFile.Multi.Generic (1)
20:04:59.0751 5332 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:05:01.0735 5332 BITS - ok
20:05:03.0219 5332 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:05:07.0608 5332 Bonjour Service - ok
20:05:07.0733 5332 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:05:08.0530 5332 Browser - ok
20:05:09.0124 5332 busbcrw (32f39b678b5cd3bdaa2cff481bcea695) C:\WINDOWS\system32\Drivers\busbcrw.sys
20:05:09.0499 5332 busbcrw - ok
20:05:09.0749 5332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:05:10.0295 5332 cbidf2k - ok
20:05:10.0327 5332 cd20xrnt - ok
20:05:10.0405 5332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:12.0092 5332 Cdaudio - ok
20:05:12.0654 5332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:13.0264 5332 Cdfs - ok
20:05:13.0498 5332 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:13.0685 5332 Cdrom - ok
20:05:14.0060 5332 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:05:19.0809 5332 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
20:05:19.0809 5332 CFSvcs - detected UnsignedFile.Multi.Generic (1)
20:05:19.0840 5332 Changer - ok
20:05:20.0075 5332 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:05:20.0325 5332 CiSvc - ok
20:05:20.0559 5332 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:05:20.0981 5332 ClipSrv - ok
20:05:21.0840 5332 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:22.0965 5332 clr_optimization_v2.0.50727_32 - ok
20:05:23.0012 5332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:05:23.0433 5332 CmBatt - ok
20:05:23.0449 5332 CmdIde - ok
20:05:24.0636 5332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:05:25.0480 5332 Compbatt - ok
20:05:25.0480 5332 COMSysApp - ok
20:05:25.0589 5332 Cpqarray - ok
20:05:25.0683 5332 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:05:26.0605 5332 CryptSvc - ok
20:05:26.0651 5332 dac2w2k - ok
20:05:26.0683 5332 dac960nt - ok
20:05:27.0995 5332 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:05:28.0729 5332 DcomLaunch - ok
20:05:29.0120 5332 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:05:30.0151 5332 Dhcp - ok
20:05:30.0229 5332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:30.0635 5332 Disk - ok
20:05:31.0104 5332 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:05:31.0150 5332 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
20:05:31.0150 5332 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
20:05:31.0479 5332 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:05:31.0541 5332 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
20:05:31.0541 5332 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
20:05:31.0713 5332 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:05:31.0853 5332 DLADResN ( UnsignedFile.Multi.Generic ) - warning
20:05:31.0853 5332 DLADResN - detected UnsignedFile.Multi.Generic (1)
20:05:32.0135 5332 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:05:32.0478 5332 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
20:05:32.0478 5332 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
20:05:32.0650 5332 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:05:32.0713 5332 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
20:05:32.0713 5332 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
20:05:32.0978 5332 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:05:33.0088 5332 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
20:05:33.0088 5332 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
20:05:33.0400 5332 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:05:33.0697 5332 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
20:05:33.0697 5332 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
20:05:33.0947 5332 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:05:34.0353 5332 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
20:05:34.0353 5332 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
20:05:34.0572 5332 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:05:35.0118 5332 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
20:05:35.0118 5332 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
20:05:35.0150 5332 dmadmin - ok
20:05:38.0040 5332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:05:39.0805 5332 dmboot - ok
20:05:40.0164 5332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:05:40.0758 5332 dmio - ok
20:05:40.0977 5332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:05:41.0242 5332 dmload - ok
20:05:41.0570 5332 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:05:42.0461 5332 dmserver - ok
20:05:42.0757 5332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:05:45.0163 5332 DMusic - ok
20:05:45.0413 5332 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:05:45.0710 5332 Dnscache - ok
20:05:46.0132 5332 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:05:48.0256 5332 Dot3svc - ok
20:05:48.0303 5332 dpti2o - ok
20:05:48.0553 5332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:49.0147 5332 drmkaud - ok
20:05:49.0678 5332 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:05:50.0647 5332 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
20:05:50.0647 5332 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
20:05:51.0365 5332 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:05:55.0333 5332 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
20:05:55.0333 5332 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
20:05:55.0849 5332 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
20:05:56.0442 5332 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
20:05:56.0442 5332 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
20:05:59.0738 5332 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:06:01.0754 5332 E100B - ok
20:06:03.0503 5332 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:06:04.0081 5332 e1express - ok
20:06:04.0487 5332 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:06:05.0472 5332 EapHost - ok
20:06:10.0627 5332 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
20:06:14.0485 5332 ehRecvr - ok
20:06:17.0125 5332 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
20:06:18.0188 5332 ehSched - ok
20:06:19.0031 5332 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:06:19.0266 5332 ERSvc - ok
20:06:23.0452 5332 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:06:23.0905 5332 Eventlog - ok
20:06:32.0169 5332 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:06:34.0559 5332 EventSystem - ok
20:06:37.0965 5332 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:06:40.0933 5332 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:06:40.0933 5332 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:06:45.0135 5332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:06:46.0432 5332 Fastfat - ok
20:06:48.0291 5332 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:06:50.0431 5332 FastUserSwitchingCompatibility - ok
20:06:53.0977 5332 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:06:56.0945 5332 Fax - ok
20:06:57.0164 5332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:06:59.0211 5332 Fdc - ok
20:07:00.0054 5332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:07:00.0273 5332 Fips - ok
20:07:05.0459 5332 FlipShare Service (27b9b2965221e95f23f33206f95c9447) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
20:07:07.0615 5332 FlipShare Service - ok
20:07:08.0209 5332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:07:08.0490 5332 Flpydisk - ok
20:07:09.0943 5332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:07:10.0505 5332 FltMgr - ok
20:07:12.0395 5332 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:07:14.0270 5332 FontCache3.0.0.0 - ok
20:07:14.0942 5332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:07:15.0223 5332 Fs_Rec - ok
20:07:17.0551 5332 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
20:07:28.0642 5332 FTDIBUS - ok
20:07:32.0548 5332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:07:32.0985 5332 Ftdisk - ok
20:07:34.0375 5332 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
20:07:34.0735 5332 FTSER2K - ok
20:07:35.0078 5332 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:07:35.0156 5332 GEARAspiWDM - ok
20:07:35.0375 5332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:07:36.0125 5332 Gpc - ok
20:07:38.0093 5332 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:07:42.0108 5332 gupdate - ok
20:07:42.0311 5332 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:07:42.0405 5332 gupdatem - ok
20:07:45.0889 5332 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
20:08:35.0972 5332 Hardlock - ok
20:08:36.0519 5332 hasplms - ok
20:08:37.0706 5332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:36.0866 5332 HDAudBus - ok
20:09:42.0536 5332 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:10:22.0747 5332 helpsvc - ok
20:10:22.0825 5332 HidServ - ok
20:10:24.0075 5332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:10:25.0012 5332 HidUsb - ok
20:10:29.0293 5332 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:10:36.0557 5332 hkmsvc - ok
20:10:36.0572 5332 hpn - ok
20:10:37.0791 5332 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:10:40.0118 5332 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:10:40.0118 5332 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:10:40.0400 5332 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:10:41.0009 5332 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:10:41.0009 5332 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:10:41.0165 5332 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:10:50.0585 5332 HPZid412 - ok
20:10:51.0022 5332 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:10:51.0507 5332 HPZipr12 - ok
20:10:52.0835 5332 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:10:53.0100 5332 HPZius12 - ok
20:10:53.0475 5332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:10:54.0350 5332 HTTP - ok
20:10:54.0459 5332 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:10:55.0037 5332 HTTPFilter - ok
20:10:55.0069 5332 i2omgmt - ok
20:10:55.0084 5332 i2omp - ok
20:10:55.0178 5332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:10:57.0146 5332 i8042prt - ok
20:10:58.0349 5332 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:10:59.0833 5332 ialm ( UnsignedFile.Multi.Generic ) - warning
20:10:59.0833 5332 ialm - detected UnsignedFile.Multi.Generic (1)
20:11:01.0348 5332 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:11:03.0754 5332 idsvc - ok
20:11:05.0598 5332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:11:06.0301 5332 Imapi - ok
20:11:06.0691 5332 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:11:07.0628 5332 ImapiService - ok
20:11:07.0660 5332 ini910u - ok
20:11:14.0565 5332 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:11:28.0000 5332 IntcAzAudAddService - ok
20:11:31.0608 5332 IntelIde - ok
20:11:31.0702 5332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:11:31.0874 5332 intelppm - ok
20:11:31.0952 5332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:11:32.0343 5332 Ip6Fw - ok
20:11:32.0718 5332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:33.0124 5332 IpFilterDriver - ok
20:11:33.0499 5332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:11:34.0155 5332 IpInIp - ok
20:11:34.0311 5332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:11:34.0795 5332 IpNat - ok
20:11:36.0639 5332 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
20:11:39.0045 5332 iPod Service - ok
20:11:39.0310 5332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:11:39.0513 5332 IPSec - ok
20:11:39.0685 5332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:11:39.0935 5332 IRENUM - ok
20:11:39.0998 5332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:11:40.0216 5332 isapnp - ok
20:11:40.0357 5332 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
20:11:40.0388 5332 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
20:11:40.0388 5332 Iviaspi - detected UnsignedFile.Multi.Generic (1)
20:11:41.0122 5332 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:11:42.0482 5332 JavaQuickStarterService - ok
20:11:42.0653 5332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:11:42.0950 5332 Kbdclass - ok
20:11:43.0231 5332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:11:43.0622 5332 kmixer - ok
20:11:43.0794 5332 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
20:11:44.0137 5332 KR10N - ok
20:11:44.0403 5332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:11:44.0731 5332 KSecDD - ok
20:11:45.0044 5332 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:11:45.0372 5332 lanmanserver - ok
20:11:45.0544 5332 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:11:45.0809 5332 lanmanworkstation - ok
20:11:46.0122 5332 Lavasoft Kernexplorer - ok
20:11:46.0153 5332 lbrtfdc - ok
20:11:46.0247 5332 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:11:46.0450 5332 LmHosts - ok
20:11:46.0856 5332 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
20:11:48.0168 5332 McrdSvc - ok
20:11:50.0230 5332 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
20:11:50.0511 5332 meiudf ( UnsignedFile.Multi.Generic ) - warning
20:11:50.0511 5332 meiudf - detected UnsignedFile.Multi.Generic (1)
20:11:50.0590 5332 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:11:50.0839 5332 Messenger - ok
20:11:51.0152 5332 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
20:11:53.0964 5332 MHN ( UnsignedFile.Multi.Generic ) - warning
20:11:53.0964 5332 MHN - detected UnsignedFile.Multi.Generic (1)
20:11:54.0292 5332 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:11:54.0386 5332 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:11:54.0386 5332 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:11:55.0136 5332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:11:55.0464 5332 mnmdd - ok
20:11:55.0682 5332 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:11:56.0276 5332 mnmsrvc - ok
20:11:56.0542 5332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:11:56.0776 5332 Modem - ok
20:11:56.0979 5332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:11:57.0198 5332 Mouclass - ok
20:11:57.0510 5332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:11:58.0041 5332 mouhid - ok
20:11:58.0385 5332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:11:58.0619 5332 MountMgr - ok
20:11:59.0385 5332 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:11:59.0807 5332 MpFilter - ok
20:12:00.0619 5332 MpKsl2ef5ae5e - ok
20:12:00.0635 5332 mraid35x - ok
20:12:01.0260 5332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:12:01.0603 5332 MRxDAV - ok
20:12:03.0150 5332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:12:03.0822 5332 MRxSmb - ok
20:12:03.0978 5332 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:12:04.0400 5332 MSDTC - ok
20:12:04.0650 5332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:12:04.0868 5332 Msfs - ok
20:12:04.0884 5332 MSIServer - ok
20:12:05.0134 5332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:12:05.0290 5332 MSKSSRV - ok
20:12:05.0806 5332 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:12:06.0274 5332 MsMpSvc - ok
20:12:06.0368 5332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:12:06.0540 5332 MSPCLOCK - ok
20:12:06.0602 5332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:12:06.0993 5332 MSPQM - ok
20:12:07.0290 5332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:12:07.0462 5332 mssmbios - ok
20:12:07.0649 5332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:12:07.0946 5332 Mup - ok
20:12:08.0227 5332 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:12:08.0508 5332 napagent - ok
20:12:08.0805 5332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:12:09.0149 5332 NDIS - ok
20:12:09.0227 5332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:12:09.0477 5332 NdisTapi - ok
20:12:09.0618 5332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:12:09.0805 5332 Ndisuio - ok
20:12:09.0899 5332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:10.0149 5332 NdisWan - ok
20:12:10.0321 5332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:12:10.0508 5332 NDProxy - ok
20:12:10.0649 5332 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
20:12:10.0946 5332 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:12:10.0946 5332 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:12:11.0086 5332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:12:11.0305 5332 NetBIOS - ok
20:12:11.0445 5332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:12:11.0820 5332 NetBT - ok
20:12:11.0945 5332 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:12:13.0758 5332 NetDDE - ok
20:12:13.0773 5332 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:12:13.0992 5332 NetDDEdsdm - ok
20:12:14.0211 5332 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:12:14.0304 5332 Netdevio ( UnsignedFile.Multi.Generic ) - warning
20:12:14.0304 5332 Netdevio - detected UnsignedFile.Multi.Generic (1)
20:12:14.0429 5332 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:12:14.0773 5332 Netlogon - ok
20:12:15.0085 5332 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:12:15.0382 5332 Netman - ok
20:12:15.0663 5332 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:15.0929 5332 NetTcpPortSharing - ok
20:12:16.0007 5332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:12:16.0398 5332 NIC1394 - ok
20:12:17.0023 5332 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:12:17.0616 5332 Nla - ok
20:12:17.0694 5332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:12:17.0851 5332 Npfs - ok
20:12:19.0350 5332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:12:19.0694 5332 Ntfs - ok
20:12:19.0819 5332 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:12:19.0991 5332 NtLmSsp - ok
20:12:20.0506 5332 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:12:20.0803 5332 NtmsSvc - ok
20:12:20.0881 5332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:12:21.0272 5332 Null - ok
20:12:21.0303 5332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:12:21.0475 5332 NwlnkFlt - ok
20:12:21.0538 5332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:12:21.0834 5332 NwlnkFwd - ok
20:12:21.0959 5332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:12:22.0147 5332 ohci1394 - ok
20:12:22.0631 5332 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:22.0787 5332 ose - ok
20:12:23.0506 5332 Parclass (4512940ecd930438670cdca7fff1a878) C:\WINDOWS\System32\Drivers\Parclass.sys
20:12:23.0584 5332 Parclass ( UnsignedFile.Multi.Generic ) - warning
20:12:23.0584 5332 Parclass - detected UnsignedFile.Multi.Generic (1)
20:12:24.0521 5332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:12:24.0771 5332 Parport - ok
20:12:24.0865 5332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:12:25.0084 5332 PartMgr - ok
20:12:25.0193 5332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:12:25.0381 5332 ParVdm - ok
20:12:25.0412 5332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:12:25.0584 5332 PCI - ok
20:12:25.0599 5332 PCIDump - ok
20:12:25.0646 5332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:12:25.0881 5332 PCIIde - ok
20:12:26.0052 5332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:12:26.0365 5332 Pcmcia - ok
20:12:26.0396 5332 PDCOMP - ok
20:12:26.0412 5332 PDFRAME - ok
20:12:26.0443 5332 PDRELI - ok
20:12:26.0474 5332 PDRFRAME - ok
20:12:26.0490 5332 perc2 - ok
20:12:26.0521 5332 perc2hib - ok
20:12:26.0896 5332 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
20:12:27.0005 5332 Pfc ( UnsignedFile.Multi.Generic ) - warning
20:12:27.0005 5332 Pfc - detected UnsignedFile.Multi.Generic (1)
20:12:27.0052 5332 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:12:27.0287 5332 PlugPlay - ok
20:12:29.0177 5332 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
20:12:33.0504 5332 PMBDeviceInfoProvider - ok
20:12:34.0035 5332 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
20:12:34.0442 5332 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:12:34.0442 5332 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:12:34.0551 5332 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:12:34.0738 5332 PolicyAgent - ok
20:12:34.0863 5332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:12:35.0067 5332 PptpMiniport - ok
20:12:35.0441 5332 Profos - ok
20:12:35.0473 5332 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:12:35.0645 5332 ProtectedStorage - ok
20:12:35.0738 5332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:12:35.0941 5332 PSched - ok
20:12:35.0973 5332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:12:36.0238 5332 Ptilink - ok
20:12:36.0410 5332 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:12:36.0473 5332 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:12:36.0473 5332 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:12:36.0488 5332 ql1080 - ok
20:12:36.0519 5332 Ql10wnt - ok
20:12:36.0551 5332 ql12160 - ok
20:12:36.0566 5332 ql1240 - ok
20:12:36.0598 5332 ql1280 - ok
20:12:36.0676 5332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:12:36.0894 5332 RasAcd - ok
20:12:36.0957 5332 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:12:37.0410 5332 RasAuto - ok
20:12:37.0472 5332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:12:37.0644 5332 Rasl2tp - ok
20:12:38.0363 5332 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:12:38.0613 5332 RasMan - ok
20:12:38.0660 5332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:12:39.0019 5332 RasPppoe - ok
20:12:39.0175 5332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:12:39.0488 5332 Raspti - ok
20:12:39.0597 5332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:12:39.0800 5332 Rdbss - ok
20:12:39.0925 5332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:12:40.0175 5332 RDPCDD - ok
20:12:40.0394 5332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:12:40.0628 5332 rdpdr - ok
20:12:40.0816 5332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:12:41.0003 5332 RDPWD - ok
20:12:41.0159 5332 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:12:41.0659 5332 RDSessMgr - ok
20:12:41.0784 5332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:12:42.0097 5332 redbook - ok
20:12:43.0175 5332 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:12:43.0659 5332 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:12:43.0659 5332 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:12:43.0815 5332 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:12:44.0206 5332 RemoteAccess - ok
20:12:44.0331 5332 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:12:44.0502 5332 RemoteRegistry - ok
20:12:44.0581 5332 RimUsb - ok
20:12:44.0862 5332 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:12:45.0205 5332 RimVSerPort - ok
20:12:45.0330 5332 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:12:45.0565 5332 ROOTMODEM - ok
20:12:45.0799 5332 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:12:46.0033 5332 RpcLocator - ok
20:12:46.0549 5332 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:12:46.0752 5332 RpcSs - ok
20:12:47.0471 5332 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:12:47.0768 5332 RSVP - ok
20:12:48.0486 5332 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:12:49.0299 5332 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
20:12:49.0299 5332 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
20:12:49.0470 5332 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:12:49.0533 5332 s24trans ( UnsignedFile.Multi.Generic ) - warning
20:12:49.0533 5332 s24trans - detected UnsignedFile.Multi.Generic (1)
20:12:49.0720 5332 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:12:49.0892 5332 SamSs - ok
20:12:50.0501 5332 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:12:53.0142 5332 SASDIFSV - ok
20:12:53.0376 5332 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:12:53.0610 5332 SASKUTIL - ok
20:12:53.0720 5332 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:12:53.0938 5332 SCardSvr - ok
20:12:54.0157 5332 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:12:54.0454 5332 Schedule - ok
20:12:54.0641 5332 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:12:54.0891 5332 sdbus - ok
20:12:54.0985 5332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:12:55.0173 5332 Secdrv - ok
20:12:55.0298 5332 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:12:55.0485 5332 seclogon - ok
20:12:55.0547 5332 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:12:55.0719 5332 SENS - ok
20:12:55.0766 5332 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:12:55.0969 5332 Serenum - ok
20:12:56.0172 5332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:12:56.0532 5332 Serial - ok
20:12:56.0782 5332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:12:57.0297 5332 Sfloppy - ok
20:12:58.0031 5332 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:12:58.0969 5332 SharedAccess - ok
20:12:59.0187 5332 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:12:59.0469 5332 ShellHWDetection - ok
20:12:59.0484 5332 Simbad - ok
20:12:59.0531 5332 Sparrow - ok
20:12:59.0625 5332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:12:59.0781 5332 splitter - ok
20:12:59.0922 5332 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:13:00.0047 5332 Spooler - ok
20:13:00.0109 5332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:13:00.0344 5332 sr - ok
20:13:00.0515 5332 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:13:00.0765 5332 srservice - ok
20:13:01.0234 5332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:13:01.0546 5332 Srv - ok
20:13:01.0640 5332 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:13:01.0828 5332 SSDPSRV - ok
20:13:01.0921 5332 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
20:13:01.0968 5332 ssmirrdr - ok
20:13:02.0343 5332 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:13:02.0671 5332 stisvc - ok
20:13:02.0718 5332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:13:02.0906 5332 swenum - ok
20:13:03.0062 5332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:13:03.0281 5332 swmidi - ok
20:13:03.0296 5332 SwPrv - ok
20:13:03.0421 5332 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
20:13:04.0062 5332 Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
20:13:04.0062 5332 Swupdtmr - detected UnsignedFile.Multi.Generic (1)
20:13:04.0187 5332 symc810 - ok
20:13:04.0234 5332 symc8xx - ok
20:13:04.0249 5332 sym_hi - ok
20:13:04.0280 5332 sym_u3 - ok
20:13:04.0421 5332 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:13:04.0640 5332 SynTP - ok
20:13:04.0733 5332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:13:04.0937 5332 sysaudio - ok
20:13:05.0062 5332 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:13:05.0327 5332 SysmonLog - ok
20:13:05.0530 5332 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:13:05.0765 5332 TapiSrv - ok
20:13:06.0093 5332 TAPPSRV (90861642fd6d8fafb1408ee26fa93cb4) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
20:13:06.0202 5332 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
20:13:06.0202 5332 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
20:13:06.0296 5332 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
20:13:06.0421 5332 tbiosdrv - ok
20:13:06.0749 5332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:13:07.0030 5332 Tcpip - ok
20:13:07.0202 5332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:13:07.0342 5332 TDPIPE - ok
20:13:07.0405 5332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:13:07.0561 5332 TDTCP - ok
20:13:07.0655 5332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:13:07.0842 5332 TermDD - ok
20:13:08.0186 5332 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:13:08.0420 5332 TermService - ok
20:13:08.0764 5332 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:13:08.0827 5332 Themes - ok
20:13:09.0670 5332 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
20:13:09.0795 5332 tifm21 - ok
20:13:09.0936 5332 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:13:10.0326 5332 TlntSvr - ok
20:13:10.0358 5332 TosIde - ok
20:13:10.0576 5332 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
20:13:10.0811 5332 tosrfec ( UnsignedFile.Multi.Generic ) - warning
20:13:10.0811 5332 tosrfec - detected UnsignedFile.Multi.Generic (1)
20:13:11.0639 5332 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:13:11.0795 5332 TrkWks - ok
20:13:12.0560 5332 Trufos - ok
20:13:12.0670 5332 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
20:13:12.0826 5332 TVALD ( UnsignedFile.Multi.Generic ) - warning
20:13:12.0826 5332 TVALD - detected UnsignedFile.Multi.Generic (1)
20:13:13.0544 5332 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
20:13:13.0638 5332 Tvs ( UnsignedFile.Multi.Generic ) - warning
20:13:13.0638 5332 Tvs - detected UnsignedFile.Multi.Generic (1)
20:13:13.0716 5332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:13:14.0107 5332 Udfs - ok
20:13:14.0560 5332 ultra - ok
20:13:14.0950 5332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:13:16.0763 5332 Update - ok
20:13:16.0935 5332 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:13:17.0903 5332 upnphost - ok
20:13:17.0950 5332 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:13:18.0981 5332 UPS - ok
20:13:19.0184 5332 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:13:19.0575 5332 USBAAPL - ok
20:13:19.0684 5332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:13:20.0184 5332 usbccgp - ok
20:13:20.0278 5332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:13:20.0465 5332 usbehci - ok
20:13:20.0590 5332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:13:20.0840 5332 usbhub - ok
20:13:21.0043 5332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:13:21.0246 5332 usbprint - ok
20:13:21.0278 5332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:21.0543 5332 usbscan - ok
20:13:21.0715 5332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:13:21.0934 5332 USBSTOR - ok
20:13:22.0012 5332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:13:22.0184 5332 usbuhci - ok
20:13:22.0215 5332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:13:22.0387 5332 VgaSave - ok
20:13:22.0418 5332 ViaIde - ok
20:13:22.0574 5332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:13:22.0730 5332 VolSnap - ok
20:13:22.0793 5332 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:13:23.0105 5332 VSS - ok
20:13:23.0340 5332 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:13:23.0527 5332 W32Time - ok
20:13:24.0199 5332 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:13:24.0683 5332 w39n51 - ok
20:13:25.0339 5332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:25.0542 5332 Wanarp - ok
20:13:25.0730 5332 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:13:26.0105 5332 wanatw - ok
20:13:26.0121 5332 WDICA - ok
20:13:26.0183 5332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:13:26.0433 5332 wdmaud - ok
20:13:26.0574 5332 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:13:26.0730 5332 WebClient - ok
20:13:27.0245 5332 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
20:13:27.0558 5332 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
20:13:27.0558 5332 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
20:13:27.0808 5332 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:13:28.0089 5332 winmgmt - ok
20:13:28.0683 5332 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:13:29.0292 5332 WmdmPmSN - ok
20:13:30.0073 5332 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:13:31.0323 5332 Wmi - ok
20:13:31.0432 5332 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:13:33.0010 5332 WmiApSrv - ok
20:13:34.0478 5332 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:13:36.0400 5332 WMPNetworkSvc - ok
20:13:37.0384 5332 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:13:37.0837 5332 wscsvc - ok
20:13:37.0947 5332 WSearch - ok
20:13:38.0322 5332 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:13:38.0493 5332 wuauserv - ok
20:13:38.0900 5332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:13:39.0118 5332 WudfPf - ok
20:13:39.0306 5332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:13:39.0400 5332 WudfRd - ok
20:13:39.0525 5332 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:13:39.0571 5332 WudfSvc - ok
20:13:40.0040 5332 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:13:40.0649 5332 WZCSVC - ok
20:13:40.0821 5332 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:13:41.0009 5332 xmlprov - ok
20:13:42.0430 5332 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:13:43.0430 5332 YahooAUService - ok
20:13:43.0649 5332 MBR (0x1B8) (8b01f0c11d43c4933677f216a8b3757b) \Device\Harddisk0\DR0
20:13:43.0836 5332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:13:43.0883 5332 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:13:44.0789 5332 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:13:44.0789 5332 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:13:44.0946 5332 Boot (0x1200) (3625ff83eef41d66dc0966f3b983a4b5) \Device\Harddisk0\DR0\Partition0
20:13:44.0946 5332 \Device\Harddisk0\DR0\Partition0 - ok
20:13:44.0961 5332 ============================================================
20:13:44.0961 5332 Scan finished
20:13:44.0961 5332 ============================================================
20:13:45.0430 1788 Detected object count: 40
20:13:45.0430 1788 Actual detected object count: 40
20:17:21.0206 1788 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0206 1788 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0206 1788 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0206 1788 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0206 1788 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0206 1788 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0206 1788 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0206 1788 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0222 1788 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0222 1788 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0222 1788 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0222 1788 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0238 1788 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0238 1788 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0238 1788 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0238 1788 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0238 1788 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0238 1788 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0238 1788 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0238 1788 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0253 1788 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0253 1788 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0253 1788 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0253 1788 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0269 1788 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0269 1788 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0269 1788 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0269 1788 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0269 1788 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0269 1788 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0269 1788 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0269 1788 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0285 1788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0285 1788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0285 1788 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0285 1788 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0300 1788 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0300 1788 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0300 1788 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0300 1788 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0316 1788 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0316 1788 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0316 1788 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0316 1788 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0316 1788 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0316 1788 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0316 1788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0316 1788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0331 1788 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0331 1788 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0331 1788 Parclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0331 1788 Parclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0347 1788 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0347 1788 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0347 1788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0347 1788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0347 1788 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0347 1788 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0347 1788 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0347 1788 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0363 1788 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0363 1788 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0363 1788 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0363 1788 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0378 1788 Swupdtmr ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0378 1788 Swupdtmr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0378 1788 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0378 1788 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0378 1788 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0378 1788 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0378 1788 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0378 1788 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0394 1788 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0394 1788 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:21.0394 1788 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:21.0394 1788 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:00.0544 1788 \Device\Harddisk0\DR0\# - copied to quarantine
20:18:02.0637 1788 \Device\Harddisk0\DR0 - copied to quarantine
20:18:03.0949 1788 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:18:04.0480 1788 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:19:21.0702 1788 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:19:21.0858 1788 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:19:40.0652 1788 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:19:41.0011 1788 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:19:42.0870 1788 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:19:54.0681 1788 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:19:55.0790 1788 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:19:55.0993 1788 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:19:56.0493 1788 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:19:57.0415 1788 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:19:57.0868 1788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:19:57.0868 1788 \Device\Harddisk0\DR0 - ok
20:19:58.0461 1788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:19:58.0461 1788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:19:58.0493 1788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:20:31.0675 5884 Deinitialize success
  • 0

#9
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 21:36:04
-----------------------------
21:36:04.286 OS Version: Windows 5.1.2600 Service Pack 3
21:36:04.286 Number of processors: 1 586 0xE08
21:36:04.286 ComputerName: ANNEMARIE UserName: Me
21:36:15.536 Initialize success
21:37:22.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:37:22.958 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
21:37:22.974 Disk 0 MBR read successfully
21:37:22.989 Disk 0 MBR scan
21:37:23.005 Disk 0 Windows XP default MBR code
21:37:23.021 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95142 MB offset 63
21:37:23.052 Disk 0 Partition 2 00 88 Linux plaintext AKr' 251 MB offset 194852385
21:37:23.130 Disk 0 scanning sectors +195366465
21:37:23.255 Disk 0 scanning C:\WINDOWS\system32\drivers
21:37:41.177 Service scanning
21:37:53.958 Service MpKslb026d818 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\MpKslb026d818.sys **LOCKED** 32
21:38:11.396 Modules scanning
21:38:37.693 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:38:48.068 Disk 0 trace - called modules:
21:38:49.146 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:38:49.193 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ab8ab8]
21:38:49.239 3 CLASSPNP.SYS[f76defd7] -> nt!IofCallDriver -> \Device\00000085[0x86b2e418]
21:38:49.286 5 ACPI.sys[f7635620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b534d0]
21:38:49.333 Scan finished successfully
21:39:31.333 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me\Desktop\MBR.dat"
21:39:31.349 The log file has been saved successfully to "C:\Documents and Settings\Me\Desktop\aswMBR.txt"
  • 0

#10
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
MBR - Not sure that I did this right, but this is what I got when I zipped it.

3м |PP|PW˽8n | uIt8,t< t NF s*F~ t ~ tuҀFFV
! s뼁>}Ut ~ tȠ멋W˿ V r#$?ފCцֱB9V
w#r9Fs |NV sQOtN2V V `UAr6Uu0t+a`j j v
vj h |jjBaasOt 2V aInvalid partition table Error loading operating system Missing operating system JJ  ? 5 !6  U
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi butterrice,

Step 1

Run TDSSKiller one more time and select Delete option for

\Device\Harddisk0\DR0 ( TDSS File System )


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
TDSSKILLER

20:45:03.0462 2492 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:45:03.0774 2492 ============================================================
20:45:03.0774 2492 Current date / time: 2012/06/26 20:45:03.0774
20:45:03.0774 2492 SystemInfo:
20:45:03.0774 2492
20:45:03.0774 2492 OS Version: 5.1.2600 ServicePack: 3.0
20:45:03.0774 2492 Product type: Workstation
20:45:03.0774 2492 ComputerName: ANNEMARIE
20:45:03.0774 2492 UserName: Me
20:45:03.0774 2492 Windows directory: C:\WINDOWS
20:45:03.0774 2492 System windows directory: C:\WINDOWS
20:45:03.0774 2492 Processor architecture: Intel x86
20:45:03.0774 2492 Number of processors: 1
20:45:03.0774 2492 Page size: 0x1000
20:45:03.0774 2492 Boot type: Normal boot
20:45:03.0774 2492 ============================================================
20:45:08.0821 2492 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:45:08.0883 2492 ============================================================
20:45:08.0883 2492 \Device\Harddisk0\DR0:
20:45:08.0883 2492 MBR partitions:
20:45:08.0883 2492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
20:45:08.0883 2492 ============================================================
20:45:09.0055 2492 C: <-> \Device\Harddisk0\DR0\Partition0
20:45:09.0055 2492 ============================================================
20:45:09.0055 2492 Initialize success
20:45:09.0055 2492 ============================================================
20:45:53.0633 0184 ============================================================
20:45:53.0633 0184 Scan started
20:45:53.0633 0184 Mode: Manual; SigCheck; TDLFS;
20:45:53.0633 0184 ============================================================
20:45:56.0274 0184 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:45:56.0805 0184 !SASCORE - ok
20:45:57.0071 0184 Abiosdsk - ok
20:45:57.0087 0184 abp480n5 - ok
20:45:57.0180 0184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:57.0727 0184 ACPI - ok
20:45:57.0743 0184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:45:57.0946 0184 ACPIEC - ok
20:45:57.0962 0184 adpu160m - ok
20:45:58.0008 0184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:45:58.0243 0184 aec - ok
20:45:58.0321 0184 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:45:58.0415 0184 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:45:58.0415 0184 AegisP - detected UnsignedFile.Multi.Generic (1)
20:45:58.0633 0184 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:45:58.0758 0184 AFD - ok
20:46:00.0633 0184 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:46:00.0930 0184 AgereSoftModem - ok
20:46:00.0962 0184 Aha154x - ok
20:46:00.0977 0184 aic78u2 - ok
20:46:01.0008 0184 aic78xx - ok
20:46:01.0102 0184 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
20:46:01.0446 0184 aksfridge - ok
20:46:01.0946 0184 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
20:46:01.0993 0184 akshasp - ok
20:46:02.0040 0184 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
20:46:02.0102 0184 akshhl - ok
20:46:02.0149 0184 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
20:46:02.0196 0184 aksusb - ok
20:46:02.0258 0184 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:46:02.0477 0184 Alerter - ok
20:46:02.0962 0184 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:46:03.0180 0184 ALG - ok
20:46:03.0196 0184 AliIde - ok
20:46:03.0227 0184 amsint - ok
20:46:04.0055 0184 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:04.0165 0184 Apple Mobile Device - ok
20:46:04.0977 0184 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:46:05.0196 0184 AppMgmt - ok
20:46:05.0243 0184 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:46:05.0430 0184 Arp1394 - ok
20:46:05.0462 0184 asc - ok
20:46:05.0477 0184 asc3350p - ok
20:46:05.0508 0184 asc3550 - ok
20:46:05.0712 0184 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:46:05.0743 0184 aspnet_state - ok
20:46:05.0774 0184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:05.0930 0184 AsyncMac - ok
20:46:06.0008 0184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:06.0196 0184 atapi - ok
20:46:06.0227 0184 Atdisk - ok
20:46:06.0290 0184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:06.0462 0184 Atmarpc - ok
20:46:06.0524 0184 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:46:06.0680 0184 AudioSrv - ok
20:46:06.0758 0184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:06.0915 0184 audstub - ok
20:46:06.0977 0184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:46:07.0180 0184 Beep - ok
20:46:07.0290 0184 bgsvcgen (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
20:46:07.0430 0184 bgsvcgen ( UnsignedFile.Multi.Generic ) - warning
20:46:07.0430 0184 bgsvcgen - detected UnsignedFile.Multi.Generic (1)
20:46:07.0524 0184 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:46:07.0743 0184 BITS - ok
20:46:07.0962 0184 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:46:08.0102 0184 Bonjour Service - ok
20:46:08.0180 0184 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:46:08.0337 0184 Browser - ok
20:46:08.0462 0184 busbcrw (32f39b678b5cd3bdaa2cff481bcea695) C:\WINDOWS\system32\Drivers\busbcrw.sys
20:46:08.0540 0184 busbcrw - ok
20:46:08.0587 0184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:08.0743 0184 cbidf2k - ok
20:46:08.0758 0184 cd20xrnt - ok
20:46:08.0821 0184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:08.0993 0184 Cdaudio - ok
20:46:09.0055 0184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:09.0243 0184 Cdfs - ok
20:46:09.0555 0184 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:09.0665 0184 Cdrom - ok
20:46:09.0774 0184 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:46:09.0852 0184 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
20:46:09.0852 0184 CFSvcs - detected UnsignedFile.Multi.Generic (1)
20:46:09.0883 0184 Changer - ok
20:46:09.0930 0184 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:46:10.0102 0184 CiSvc - ok
20:46:10.0133 0184 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:46:10.0383 0184 ClipSrv - ok
20:46:10.0618 0184 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:10.0665 0184 clr_optimization_v2.0.50727_32 - ok
20:46:10.0758 0184 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:46:10.0915 0184 CmBatt - ok
20:46:10.0930 0184 CmdIde - ok
20:46:10.0977 0184 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:46:11.0149 0184 Compbatt - ok
20:46:11.0165 0184 COMSysApp - ok
20:46:11.0212 0184 Cpqarray - ok
20:46:11.0290 0184 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:46:11.0493 0184 CryptSvc - ok
20:46:11.0508 0184 dac2w2k - ok
20:46:11.0540 0184 dac960nt - ok
20:46:11.0649 0184 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:46:11.0774 0184 DcomLaunch - ok
20:46:11.0852 0184 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:46:12.0040 0184 Dhcp - ok
20:46:12.0055 0184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:12.0227 0184 Disk - ok
20:46:12.0305 0184 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:46:12.0337 0184 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0337 0184 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
20:46:12.0446 0184 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:46:12.0493 0184 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0493 0184 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
20:46:12.0540 0184 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:46:12.0602 0184 DLADResN ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0602 0184 DLADResN - detected UnsignedFile.Multi.Generic (1)
20:46:12.0649 0184 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:46:12.0727 0184 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0727 0184 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
20:46:12.0774 0184 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:46:12.0837 0184 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0837 0184 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
20:46:12.0852 0184 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:46:12.0899 0184 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0899 0184 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
20:46:12.0930 0184 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:46:12.0993 0184 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
20:46:12.0993 0184 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
20:46:13.0024 0184 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:46:13.0102 0184 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
20:46:13.0102 0184 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
20:46:13.0133 0184 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:46:13.0243 0184 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
20:46:13.0243 0184 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
20:46:13.0274 0184 dmadmin - ok
20:46:13.0477 0184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:46:13.0665 0184 dmboot - ok
20:46:13.0696 0184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:46:13.0868 0184 dmio - ok
20:46:13.0930 0184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:46:14.0087 0184 dmload - ok
20:46:14.0165 0184 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:46:14.0305 0184 dmserver - ok
20:46:14.0508 0184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:46:14.0665 0184 DMusic - ok
20:46:14.0727 0184 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:46:14.0837 0184 Dnscache - ok
20:46:14.0899 0184 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:46:15.0180 0184 Dot3svc - ok
20:46:15.0212 0184 dpti2o - ok
20:46:15.0243 0184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:15.0758 0184 drmkaud - ok
20:46:15.0962 0184 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:46:16.0024 0184 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
20:46:16.0024 0184 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
20:46:16.0055 0184 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:46:19.0180 0184 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
20:46:19.0180 0184 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
20:46:19.0540 0184 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
20:46:19.0837 0184 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
20:46:19.0837 0184 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
20:46:19.0946 0184 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:46:20.0212 0184 E100B - ok
20:46:20.0305 0184 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:46:20.0399 0184 e1express - ok
20:46:20.0446 0184 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:46:20.0618 0184 EapHost - ok
20:46:21.0118 0184 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
20:46:21.0258 0184 ehRecvr - ok
20:46:21.0352 0184 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
20:46:21.0508 0184 ehSched - ok
20:46:21.0602 0184 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:46:21.0758 0184 ERSvc - ok
20:46:21.0837 0184 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:46:21.0930 0184 Eventlog - ok
20:46:22.0196 0184 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:46:22.0305 0184 EventSystem - ok
20:46:22.0571 0184 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:46:22.0712 0184 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:46:22.0712 0184 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:46:22.0946 0184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:23.0118 0184 Fastfat - ok
20:46:23.0227 0184 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:46:23.0337 0184 FastUserSwitchingCompatibility - ok
20:46:23.0415 0184 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:46:23.0665 0184 Fax - ok
20:46:23.0727 0184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:46:23.0899 0184 Fdc - ok
20:46:23.0962 0184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:46:24.0133 0184 Fips - ok
20:46:24.0368 0184 FlipShare Service (27b9b2965221e95f23f33206f95c9447) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
20:46:24.0571 0184 FlipShare Service - ok
20:46:24.0602 0184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:46:24.0758 0184 Flpydisk - ok
20:46:24.0930 0184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:25.0102 0184 FltMgr - ok
20:46:25.0243 0184 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:25.0258 0184 FontCache3.0.0.0 - ok
20:46:25.0290 0184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:25.0508 0184 Fs_Rec - ok
20:46:25.0649 0184 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
20:46:25.0837 0184 FTDIBUS - ok
20:46:25.0930 0184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:26.0102 0184 Ftdisk - ok
20:46:26.0180 0184 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
20:46:26.0258 0184 FTSER2K - ok
20:46:26.0383 0184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:46:26.0508 0184 GEARAspiWDM - ok
20:46:26.0587 0184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:26.0758 0184 Gpc - ok
20:46:26.0977 0184 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:27.0149 0184 gupdate - ok
20:46:27.0196 0184 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:27.0274 0184 gupdatem - ok
20:46:27.0649 0184 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
20:46:28.0149 0184 Hardlock - ok
20:46:28.0196 0184 hasplms - ok
20:46:28.0305 0184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:46:28.0477 0184 HDAudBus - ok
20:46:28.0602 0184 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:28.0790 0184 helpsvc - ok
20:46:28.0821 0184 HidServ - ok
20:46:28.0883 0184 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:29.0040 0184 HidUsb - ok
20:46:29.0133 0184 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:46:29.0337 0184 hkmsvc - ok
20:46:29.0368 0184 hpn - ok
20:46:29.0649 0184 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:46:29.0837 0184 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:46:29.0837 0184 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:46:29.0946 0184 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:46:30.0118 0184 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:46:30.0118 0184 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:46:30.0180 0184 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:46:30.0524 0184 HPZid412 - ok
20:46:30.0633 0184 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:46:30.0696 0184 HPZipr12 - ok
20:46:30.0758 0184 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:46:30.0837 0184 HPZius12 - ok
20:46:30.0962 0184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:31.0165 0184 HTTP - ok
20:46:31.0212 0184 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:46:31.0383 0184 HTTPFilter - ok
20:46:31.0399 0184 i2omgmt - ok
20:46:31.0446 0184 i2omp - ok
20:46:31.0477 0184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:31.0665 0184 i8042prt - ok
20:46:32.0149 0184 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:46:32.0415 0184 ialm ( UnsignedFile.Multi.Generic ) - warning
20:46:32.0415 0184 ialm - detected UnsignedFile.Multi.Generic (1)
20:46:32.0837 0184 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:33.0102 0184 idsvc - ok
20:46:33.0446 0184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:33.0649 0184 Imapi - ok
20:46:33.0727 0184 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:46:33.0962 0184 ImapiService - ok
20:46:34.0008 0184 ini910u - ok
20:46:34.0915 0184 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:46:35.0633 0184 IntcAzAudAddService - ok
20:46:36.0024 0184 IntelIde - ok
20:46:36.0102 0184 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:46:36.0243 0184 intelppm - ok
20:46:36.0305 0184 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:36.0477 0184 Ip6Fw - ok
20:46:36.0524 0184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:36.0774 0184 IpFilterDriver - ok
20:46:36.0852 0184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:37.0024 0184 IpInIp - ok
20:46:37.0071 0184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:37.0243 0184 IpNat - ok
20:46:37.0727 0184 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
20:46:37.0868 0184 iPod Service - ok
20:46:37.0977 0184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:38.0165 0184 IPSec - ok
20:46:38.0196 0184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:38.0352 0184 IRENUM - ok
20:46:38.0462 0184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:38.0633 0184 isapnp - ok
20:46:38.0680 0184 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
20:46:38.0727 0184 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
20:46:38.0727 0184 Iviaspi - detected UnsignedFile.Multi.Generic (1)
20:46:38.0899 0184 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:46:39.0024 0184 JavaQuickStarterService - ok
20:46:39.0055 0184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:39.0227 0184 Kbdclass - ok
20:46:39.0399 0184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:46:39.0587 0184 kmixer - ok
20:46:39.0618 0184 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
20:46:39.0868 0184 KR10N - ok
20:46:39.0962 0184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:40.0180 0184 KSecDD - ok
20:46:40.0258 0184 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:46:40.0368 0184 lanmanserver - ok
20:46:40.0508 0184 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:46:40.0649 0184 lanmanworkstation - ok
20:46:40.0696 0184 Lavasoft Kernexplorer - ok
20:46:40.0712 0184 lbrtfdc - ok
20:46:40.0821 0184 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:46:40.0993 0184 LmHosts - ok
20:46:41.0196 0184 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
20:46:41.0352 0184 McrdSvc - ok
20:46:41.0524 0184 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
20:46:41.0649 0184 meiudf ( UnsignedFile.Multi.Generic ) - warning
20:46:41.0649 0184 meiudf - detected UnsignedFile.Multi.Generic (1)
20:46:41.0680 0184 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:46:41.0837 0184 Messenger - ok
20:46:41.0883 0184 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
20:46:42.0196 0184 MHN ( UnsignedFile.Multi.Generic ) - warning
20:46:42.0196 0184 MHN - detected UnsignedFile.Multi.Generic (1)
20:46:42.0258 0184 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:46:42.0305 0184 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:46:42.0305 0184 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:46:42.0352 0184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:42.0524 0184 mnmdd - ok
20:46:42.0587 0184 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:46:42.0774 0184 mnmsrvc - ok
20:46:42.0821 0184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:46:42.0977 0184 Modem - ok
20:46:43.0024 0184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:43.0180 0184 Mouclass - ok
20:46:43.0243 0184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:43.0415 0184 mouhid - ok
20:46:43.0540 0184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:43.0712 0184 MountMgr - ok
20:46:43.0790 0184 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:46:43.0868 0184 MpFilter - ok
20:46:44.0227 0184 MpKslb026d818 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\MpKslb026d818.sys
20:46:44.0290 0184 MpKslb026d818 - ok
20:46:44.0321 0184 mraid35x - ok
20:46:44.0446 0184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:44.0618 0184 MRxDAV - ok
20:46:44.0712 0184 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:44.0899 0184 MRxSmb - ok
20:46:44.0962 0184 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:46:45.0149 0184 MSDTC - ok
20:46:45.0212 0184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:46:45.0446 0184 Msfs - ok
20:46:45.0462 0184 MSIServer - ok
20:46:45.0508 0184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:45.0649 0184 MSKSSRV - ok
20:46:45.0805 0184 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:46:45.0837 0184 MsMpSvc - ok
20:46:45.0868 0184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:46.0024 0184 MSPCLOCK - ok
20:46:46.0087 0184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:46.0243 0184 MSPQM - ok
20:46:46.0290 0184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:46.0430 0184 mssmbios - ok
20:46:46.0493 0184 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:46:46.0696 0184 Mup - ok
20:46:46.0883 0184 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:46:47.0087 0184 napagent - ok
20:46:47.0149 0184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:46:47.0399 0184 NDIS - ok
20:46:47.0477 0184 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:47.0602 0184 NdisTapi - ok
20:46:47.0665 0184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:47.0837 0184 Ndisuio - ok
20:46:47.0868 0184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:48.0102 0184 NdisWan - ok
20:46:48.0180 0184 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:48.0258 0184 NDProxy - ok
20:46:48.0352 0184 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
20:46:48.0415 0184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:46:48.0415 0184 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:46:48.0477 0184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:48.0665 0184 NetBIOS - ok
20:46:48.0743 0184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:48.0930 0184 NetBT - ok
20:46:48.0962 0184 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:46:49.0180 0184 NetDDE - ok
20:46:49.0212 0184 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:46:49.0415 0184 NetDDEdsdm - ok
20:46:49.0493 0184 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:46:49.0524 0184 Netdevio ( UnsignedFile.Multi.Generic ) - warning
20:46:49.0524 0184 Netdevio - detected UnsignedFile.Multi.Generic (1)
20:46:49.0602 0184 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:49.0790 0184 Netlogon - ok
20:46:49.0946 0184 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:46:50.0165 0184 Netman - ok
20:46:50.0368 0184 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:50.0399 0184 NetTcpPortSharing - ok
20:46:50.0508 0184 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:46:50.0665 0184 NIC1394 - ok
20:46:50.0790 0184 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:46:50.0883 0184 Nla - ok
20:46:50.0977 0184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:46:51.0149 0184 Npfs - ok
20:46:51.0415 0184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:51.0602 0184 Ntfs - ok
20:46:51.0696 0184 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:51.0837 0184 NtLmSsp - ok
20:46:52.0008 0184 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:46:52.0243 0184 NtmsSvc - ok
20:46:52.0290 0184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:46:52.0477 0184 Null - ok
20:46:52.0524 0184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:52.0696 0184 NwlnkFlt - ok
20:46:52.0758 0184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:52.0962 0184 NwlnkFwd - ok
20:46:53.0040 0184 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:46:53.0212 0184 ohci1394 - ok
20:46:53.0493 0184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:53.0555 0184 ose - ok
20:46:53.0633 0184 Parclass (4512940ecd930438670cdca7fff1a878) C:\WINDOWS\System32\Drivers\Parclass.sys
20:46:53.0680 0184 Parclass ( UnsignedFile.Multi.Generic ) - warning
20:46:53.0680 0184 Parclass - detected UnsignedFile.Multi.Generic (1)
20:46:53.0743 0184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:46:53.0946 0184 Parport - ok
20:46:54.0008 0184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:54.0165 0184 PartMgr - ok
20:46:54.0212 0184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:54.0368 0184 ParVdm - ok
20:46:54.0462 0184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:54.0696 0184 PCI - ok
20:46:54.0712 0184 PCIDump - ok
20:46:54.0743 0184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:54.0915 0184 PCIIde - ok
20:46:54.0962 0184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:46:55.0118 0184 Pcmcia - ok
20:46:55.0133 0184 PDCOMP - ok
20:46:55.0165 0184 PDFRAME - ok
20:46:55.0196 0184 PDRELI - ok
20:46:55.0227 0184 PDRFRAME - ok
20:46:55.0243 0184 perc2 - ok
20:46:55.0274 0184 perc2hib - ok
20:46:55.0540 0184 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
20:46:55.0571 0184 Pfc ( UnsignedFile.Multi.Generic ) - warning
20:46:55.0571 0184 Pfc - detected UnsignedFile.Multi.Generic (1)
20:46:55.0618 0184 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:46:55.0696 0184 PlugPlay - ok
20:46:55.0805 0184 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
20:46:56.0243 0184 PMBDeviceInfoProvider - ok
20:46:56.0352 0184 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
20:46:56.0383 0184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:46:56.0383 0184 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:46:56.0415 0184 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:56.0571 0184 PolicyAgent - ok
20:46:56.0633 0184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:56.0837 0184 PptpMiniport - ok
20:46:56.0930 0184 Profos - ok
20:46:56.0962 0184 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:46:57.0118 0184 ProtectedStorage - ok
20:46:57.0149 0184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:57.0337 0184 PSched - ok
20:46:57.0383 0184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:57.0555 0184 Ptilink - ok
20:46:57.0618 0184 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:57.0665 0184 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:46:57.0665 0184 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:46:57.0680 0184 ql1080 - ok
20:46:57.0712 0184 Ql10wnt - ok
20:46:57.0727 0184 ql12160 - ok
20:46:57.0758 0184 ql1240 - ok
20:46:57.0774 0184 ql1280 - ok
20:46:57.0837 0184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:57.0993 0184 RasAcd - ok
20:46:58.0040 0184 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:46:58.0243 0184 RasAuto - ok
20:46:58.0258 0184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:58.0430 0184 Rasl2tp - ok
20:46:58.0540 0184 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:46:58.0712 0184 RasMan - ok
20:46:58.0774 0184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:58.0962 0184 RasPppoe - ok
20:46:59.0008 0184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:59.0180 0184 Raspti - ok
20:46:59.0227 0184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:59.0399 0184 Rdbss - ok
20:46:59.0430 0184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:59.0571 0184 RDPCDD - ok
20:46:59.0665 0184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:46:59.0821 0184 rdpdr - ok
20:46:59.0899 0184 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:59.0993 0184 RDPWD - ok
20:47:00.0040 0184 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:47:00.0274 0184 RDSessMgr - ok
20:47:00.0321 0184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:47:00.0508 0184 redbook - ok
20:47:00.0790 0184 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:47:01.0008 0184 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:47:01.0008 0184 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:47:01.0055 0184 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:47:01.0243 0184 RemoteAccess - ok
20:47:01.0399 0184 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:47:01.0571 0184 RemoteRegistry - ok
20:47:01.0602 0184 RimUsb - ok
20:47:01.0696 0184 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:47:01.0790 0184 RimVSerPort - ok
20:47:01.0852 0184 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:47:02.0024 0184 ROOTMODEM - ok
20:47:02.0118 0184 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:47:02.0290 0184 RpcLocator - ok
20:47:02.0571 0184 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:47:02.0633 0184 RpcSs - ok
20:47:02.0727 0184 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:47:02.0915 0184 RSVP - ok
20:47:03.0165 0184 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:47:03.0821 0184 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
20:47:03.0821 0184 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
20:47:04.0008 0184 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:47:04.0040 0184 s24trans ( UnsignedFile.Multi.Generic ) - warning
20:47:04.0040 0184 s24trans - detected UnsignedFile.Multi.Generic (1)
20:47:04.0133 0184 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:47:04.0290 0184 SamSs - ok
20:47:04.0399 0184 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:47:04.0852 0184 SASDIFSV - ok
20:47:04.0915 0184 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:47:04.0993 0184 SASKUTIL - ok
20:47:05.0055 0184 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:47:05.0274 0184 SCardSvr - ok
20:47:05.0399 0184 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:47:05.0571 0184 Schedule - ok
20:47:05.0665 0184 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:47:05.0805 0184 sdbus - ok
20:47:05.0883 0184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:47:06.0071 0184 Secdrv - ok
20:47:06.0149 0184 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:47:06.0352 0184 seclogon - ok
20:47:06.0415 0184 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:47:06.0571 0184 SENS - ok
20:47:06.0633 0184 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:47:06.0790 0184 Serenum - ok
20:47:06.0915 0184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:47:07.0133 0184 Serial - ok
20:47:07.0212 0184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:47:07.0399 0184 Sfloppy - ok
20:47:07.0508 0184 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:47:07.0712 0184 SharedAccess - ok
20:47:07.0790 0184 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:47:07.0852 0184 ShellHWDetection - ok
20:47:07.0868 0184 Simbad - ok
20:47:07.0899 0184 Sparrow - ok
20:47:07.0962 0184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:47:08.0118 0184 splitter - ok
20:47:08.0149 0184 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:47:08.0227 0184 Spooler - ok
20:47:08.0321 0184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:47:08.0508 0184 sr - ok
20:47:08.0618 0184 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:47:08.0758 0184 srservice - ok
20:47:08.0915 0184 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:47:09.0040 0184 Srv - ok
20:47:09.0118 0184 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:47:09.0290 0184 SSDPSRV - ok
20:47:09.0383 0184 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
20:47:09.0415 0184 ssmirrdr - ok
20:47:09.0602 0184 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:47:09.0837 0184 stisvc - ok
20:47:09.0915 0184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:47:10.0071 0184 swenum - ok
20:47:10.0180 0184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:47:10.0321 0184 swmidi - ok
20:47:10.0352 0184 SwPrv - ok
20:47:10.0446 0184 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
20:47:11.0430 0184 Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
20:47:11.0430 0184 Swupdtmr - detected UnsignedFile.Multi.Generic (1)
20:47:11.0477 0184 symc810 - ok
20:47:11.0508 0184 symc8xx - ok
20:47:11.0524 0184 sym_hi - ok
20:47:11.0555 0184 sym_u3 - ok
20:47:11.0633 0184 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:47:11.0758 0184 SynTP - ok
20:47:11.0837 0184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:47:12.0024 0184 sysaudio - ok
20:47:12.0087 0184 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:47:12.0290 0184 SysmonLog - ok
20:47:12.0602 0184 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:47:12.0774 0184 TapiSrv - ok
20:47:13.0040 0184 TAPPSRV (90861642fd6d8fafb1408ee26fa93cb4) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
20:47:13.0212 0184 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
20:47:13.0212 0184 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
20:47:13.0274 0184 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
20:47:13.0352 0184 tbiosdrv - ok
20:47:13.0571 0184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:47:13.0774 0184 Tcpip - ok
20:47:13.0821 0184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:47:13.0977 0184 TDPIPE - ok
20:47:14.0008 0184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:47:14.0165 0184 TDTCP - ok
20:47:14.0243 0184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:47:14.0415 0184 TermDD - ok
20:47:14.0602 0184 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:47:14.0790 0184 TermService - ok
20:47:14.0868 0184 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:47:14.0915 0184 Themes - ok
20:47:14.0993 0184 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
20:47:15.0055 0184 tifm21 - ok
20:47:15.0102 0184 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:47:15.0290 0184 TlntSvr - ok
20:47:15.0305 0184 TosIde - ok
20:47:15.0399 0184 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
20:47:15.0508 0184 tosrfec ( UnsignedFile.Multi.Generic ) - warning
20:47:15.0508 0184 tosrfec - detected UnsignedFile.Multi.Generic (1)
20:47:15.0633 0184 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:47:15.0805 0184 TrkWks - ok
20:47:15.0993 0184 Trufos - ok
20:47:16.0055 0184 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
20:47:16.0087 0184 TVALD ( UnsignedFile.Multi.Generic ) - warning
20:47:16.0087 0184 TVALD - detected UnsignedFile.Multi.Generic (1)
20:47:16.0149 0184 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
20:47:16.0227 0184 Tvs ( UnsignedFile.Multi.Generic ) - warning
20:47:16.0227 0184 Tvs - detected UnsignedFile.Multi.Generic (1)
20:47:16.0321 0184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:47:16.0493 0184 Udfs - ok
20:47:16.0540 0184 ultra - ok
20:47:16.0727 0184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:47:16.0930 0184 Update - ok
20:47:17.0102 0184 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:47:17.0274 0184 upnphost - ok
20:47:17.0337 0184 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:47:17.0524 0184 UPS - ok
20:47:17.0587 0184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:47:17.0649 0184 USBAAPL - ok
20:47:17.0696 0184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:47:17.0868 0184 usbccgp - ok
20:47:17.0977 0184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:47:18.0149 0184 usbehci - ok
20:47:18.0227 0184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:47:18.0399 0184 usbhub - ok
20:47:18.0477 0184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:47:18.0649 0184 usbprint - ok
20:47:18.0712 0184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:47:18.0868 0184 usbscan - ok
20:47:18.0946 0184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:47:19.0118 0184 USBSTOR - ok
20:47:19.0227 0184 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:47:19.0383 0184 usbuhci - ok
20:47:19.0680 0184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:47:19.0837 0184 VgaSave - ok
20:47:19.0852 0184 ViaIde - ok
20:47:19.0930 0184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:47:20.0087 0184 VolSnap - ok
20:47:20.0196 0184 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:47:20.0399 0184 VSS - ok
20:47:20.0493 0184 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:47:20.0665 0184 W32Time - ok
20:47:21.0368 0184 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:47:21.0743 0184 w39n51 - ok
20:47:22.0962 0184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:47:23.0133 0184 Wanarp - ok
20:47:23.0227 0184 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:47:23.0290 0184 wanatw - ok
20:47:23.0305 0184 WDICA - ok
20:47:23.0383 0184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:47:23.0555 0184 wdmaud - ok
20:47:23.0618 0184 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:47:23.0790 0184 WebClient - ok
20:47:23.0930 0184 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
20:47:24.0071 0184 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
20:47:24.0071 0184 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
20:47:24.0305 0184 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:47:24.0508 0184 winmgmt - ok
20:47:24.0633 0184 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:47:24.0774 0184 WmdmPmSN - ok
20:47:25.0149 0184 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:47:25.0462 0184 Wmi - ok
20:47:25.0540 0184 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:47:25.0868 0184 WmiApSrv - ok
20:47:26.0227 0184 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:47:26.0665 0184 WMPNetworkSvc - ok
20:47:26.0727 0184 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:47:26.0930 0184 wscsvc - ok
20:47:26.0962 0184 WSearch - ok
20:47:27.0008 0184 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:47:27.0165 0184 wuauserv - ok
20:47:27.0290 0184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:47:27.0399 0184 WudfPf - ok
20:47:27.0462 0184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:47:27.0524 0184 WudfRd - ok
20:47:27.0571 0184 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:47:27.0618 0184 WudfSvc - ok
20:47:27.0852 0184 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:47:28.0102 0184 WZCSVC - ok
20:47:28.0180 0184 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:47:28.0337 0184 xmlprov - ok
20:47:28.0665 0184 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:47:29.0071 0184 YahooAUService - ok
20:47:29.0133 0184 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
20:47:29.0790 0184 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:47:29.0790 0184 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:47:29.0821 0184 Boot (0x1200) (3625ff83eef41d66dc0966f3b983a4b5) \Device\Harddisk0\DR0\Partition0
20:47:29.0821 0184 \Device\Harddisk0\DR0\Partition0 - ok
20:47:29.0821 0184 ============================================================
20:47:29.0821 0184 Scan finished
20:47:29.0821 0184 ============================================================
20:47:29.0962 2920 Detected object count: 39
20:47:29.0962 2920 Actual detected object count: 39
20:50:27.0102 2920 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0102 2920 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0102 2920 bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0102 2920 bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0102 2920 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0102 2920 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0102 2920 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0102 2920 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0118 2920 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0118 2920 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0118 2920 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0118 2920 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0133 2920 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0133 2920 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0133 2920 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0133 2920 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0133 2920 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0133 2920 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0133 2920 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0133 2920 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0149 2920 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0149 2920 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0149 2920 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0149 2920 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0165 2920 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0165 2920 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0180 2920 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0180 2920 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0180 2920 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0180 2920 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0180 2920 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0180 2920 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0180 2920 Parclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0180 2920 Parclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0196 2920 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0196 2920 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0196 2920 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0196 2920 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0196 2920 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0196 2920 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0196 2920 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0196 2920 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0212 2920 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0212 2920 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0212 2920 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0212 2920 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0227 2920 Swupdtmr ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0227 2920 Swupdtmr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0227 2920 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0227 2920 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0243 2920 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0243 2920 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0243 2920 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0243 2920 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0243 2920 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0243 2920 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0243 2920 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:27.0243 2920 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:27.0337 2920 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:50:27.0383 2920 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:50:27.0524 2920 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:50:27.0524 2920 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:50:27.0633 2920 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:50:27.0758 2920 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:50:27.0805 2920 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:50:35.0837 2920 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:50:36.0040 2920 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:50:36.0212 2920 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:50:36.0337 2920 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:50:36.0680 2920 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:50:37.0040 2920 \Device\Harddisk0\DR0\TDLFS - deleted
20:50:37.0040 2920 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:50:54.0743 1856 Deinitialize success
  • 0

#13
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
COMBO FIX

ComboFix 12-06-26.02 - Me 06/26/2012 21:04:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.271 [GMT -4:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: Defender Pro Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Defender Pro Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Me\WINDOWS
C:\install.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\logs
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 00:54 . 2012-06-27 00:54 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\MpKsl0bc441c6.sys
2012-06-27 00:52 . 2012-06-27 00:52 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\offreg.dll
2012-06-27 00:12 . 2012-06-27 00:13 -------- d-----w- c:\windows\LastGood
2012-06-26 01:36 . 2012-06-26 01:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\MpKslb026d818.sys
2012-06-26 01:06 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\mpengine.dll
2012-06-26 00:17 . 2012-06-27 00:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 00:49 . 2012-06-23 00:49 -------- d-----w- C:\_OTL
2012-06-02 02:17 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-06-02 02:09 . 2012-06-02 02:09 -------- d-----w- C:\cfdbbc758d02c5e44d12445ae5625863
2012-06-02 00:15 . 2012-06-02 00:21 -------- d-----w- c:\windows\Temp09A2827B-F28A-C81E-25B5-ED07E4054243-Signatures
2012-06-01 23:46 . 2012-06-01 23:48 -------- d-----w- c:\windows\TempF91D1888-54D7-79C1-982B-ACECD0CAA485-Signatures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2007-05-23 21:46 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-23 21:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2006-02-15 15:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2006-02-15 15:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2006-02-15 15:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-05-23 21:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-15 15:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2006-02-15 14:02 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-05-23 21:46 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2006-02-15 15:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2006-02-15 15:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-11 19:39 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2007-06-11 19:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-06-11 19:39 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 03:41 . 2012-03-04 05:17 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 13:12 . 2006-02-15 14:03 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2012-03-03 02:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 14:40 . 2012-03-03 03:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [N/A]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbMachineComms.exe]
2008-04-10 15:24 96768 ----a-w- c:\4dembroidery\EmbMachineComms.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-20 18:16 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R1 MpKsl0bc441c6;MpKsl0bc441c6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828F0A99-4E3C-4649-BA73-DD8DE88B33C7}\MpKsl0bc441c6.sys [6/26/2012 8:54 PM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 11:09 PM 136176]
S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [9/23/2008 8:40 AM 19824]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [8/1/2007 6:48 PM 16896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 11:09 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [5/14/2010 5:15 AM 10112]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85515551
*NewlyCreated* - MPKSL0BC441C6
*Deregistered* - 85515551
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 03:08]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 03:08]
.
2012-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-06-27 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-06-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-800253906-3563381494-61074070-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-800253906-3563381494-61074070-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: pogo.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\e1k04irm.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\MICROS~1\\Windows\\mspdb45.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-26 21:27:47
ComboFix-quarantined-files.txt 2012-06-27 01:27
.
Pre-Run: 58,141,069,312 bytes free
Post-Run: 58,505,502,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D3F5376D19647840F19D99E62B7AD50F
  • 0

#14
butterrice

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
The PC is picking up pace and beginning to run smoother. Last night it shut down and restarted without my having to do a hard shut down (previously it would not shut down on it's own). It's booting up much faster as well.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that! Let's see if there is anything left after we removed main infection from your system.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP