Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"S.M.A.R.T. Repair Data Recover" virus infection [Closed]

Started by Aluckett , Jun 16 2012 05:25 AM

  • Please log in to reply

#1
Aluckett
Posted 16 June 2012 - 05:25 AM

Aluckett

    Member

  • Member
  • PipPip
  • 14 posts
My computer has been hit with the "S.M.A.R.T. Repair Data Recover" virus. I hope you can help. If I start the computer normally, the cascading error messages come up and then the "SMART Repair" screen. My desktop has disappeared, file names do not appear where they used to in Windows Explorer. The symptoms I have read about seem to all be happening. I have been able to launch some programs by opening from the data file display, but I have done very little of this activity since the virus hit a couple of evenings ago. I am running in Safe Mode now.

Here are the contents from an OTL scan done last night. The first is the OTL.txt file, the second the Extras.txt file:

OTL logfile created on: 6/15/2012 11:19:39 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Administrator.AL-PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 562.43 Mb Available Physical Memory | 62.94% Memory free
2.12 Gb Paging File | 1.77 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 51.79 Gb Free Space | 69.49% Space Free | Partition Type: NTFS
Drive E: | 143.75 Gb Total Space | 97.27 Gb Free Space | 67.66% Space Free | Partition Type: NTFS
Drive F: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.41% Space Free | Partition Type: FAT32

Computer Name: AL-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (All) ==========

PRC - [2012/06/15 23:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\OTL.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008/04/14 06:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/14 06:42:38 | 000,050,688 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:42:18 | 000,015,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008/04/14 06:42:16 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe


========== Modules (All) ==========

MOD - [2012/06/15 23:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\OTL.exe
MOD - [2012/06/15 14:40:19 | 001,946,984 | ---- | M] (PCTools) -- C:\Program Files\PC Tools\PC Tools Security\avdb\navex32a.dll
MOD - [2012/06/15 14:40:19 | 000,284,008 | ---- | M] (PCTools) -- C:\Program Files\PC Tools\PC Tools Security\avdb\ecmsvr32.DLL
MOD - [2012/06/15 14:40:19 | 000,177,512 | ---- | M] (PCTools) -- C:\Program Files\PC Tools\PC Tools Security\avdb\naveng32.dll
MOD - [2012/06/15 14:40:19 | 000,058,688 | ---- | M] (PCTools) -- C:\Program Files\PC Tools\PC Tools Security\avdb\ecmldr32.DLL
MOD - [2012/05/31 09:22:09 | 000,599,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2012/05/16 11:08:26 | 000,916,992 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2012/05/11 20:12:34 | 011,111,424 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
MOD - [2012/05/11 11:14:12 | 000,353,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\whitelist.sdp
MOD - [2012/05/11 11:14:10 | 001,022,904 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\Sqlite3DB.dll
MOD - [2012/05/11 11:14:10 | 000,311,224 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\stasks.sdp
MOD - [2012/05/11 11:14:10 | 000,140,728 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SysAccess.dll
MOD - [2012/05/11 11:13:50 | 000,407,480 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SH.dll
MOD - [2012/05/11 11:13:50 | 000,365,496 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SOFactory.sdp
MOD - [2012/05/11 11:13:50 | 000,295,864 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\Settings.sdp
MOD - [2012/05/11 11:13:48 | 001,181,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SDNetPlugin.dll
MOD - [2012/05/11 11:13:48 | 000,764,344 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\sdextra.sdp
MOD - [2012/05/11 11:13:48 | 000,347,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\sdcore.dll
MOD - [2012/05/11 11:13:46 | 000,519,096 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\scaneng.sdp
MOD - [2012/05/11 11:13:46 | 000,475,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\PWindow.dll
MOD - [2012/05/11 11:13:46 | 000,373,176 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\quarantine.sdp
MOD - [2012/05/11 11:13:46 | 000,316,344 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\RebootManager.sdp
MOD - [2012/05/11 11:13:46 | 000,297,912 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\RegHelper.dll
MOD - [2012/05/11 11:13:44 | 000,677,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\SDNET.SDP
MOD - [2012/05/11 11:13:44 | 000,522,680 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\ScriptEngine.SDP
MOD - [2012/05/11 11:13:44 | 000,510,392 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\StartUp.SDP
MOD - [2012/05/11 11:13:44 | 000,419,256 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\Site.sdp
MOD - [2012/05/11 11:13:42 | 000,553,912 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\Network.SDP
MOD - [2012/05/11 11:13:42 | 000,470,968 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\grfiles.SDP
MOD - [2012/05/11 11:13:42 | 000,459,192 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\Process.SDP
MOD - [2012/05/11 11:13:42 | 000,442,808 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\grAV.sdp
MOD - [2012/05/11 11:13:42 | 000,409,528 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\grregistry.SDP
MOD - [2012/05/11 11:13:42 | 000,164,792 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\grImmunizer.SDP
MOD - [2012/05/11 11:13:40 | 000,612,280 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\Behavior.sdp
MOD - [2012/05/11 11:13:40 | 000,559,032 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\Browsers.SDP
MOD - [2012/05/11 11:13:40 | 000,402,872 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\email.sdp
MOD - [2012/05/11 11:13:40 | 000,392,120 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\cookie.sdp
MOD - [2012/05/11 11:13:40 | 000,376,760 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\plugins\DLGuard.sdp
MOD - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
MOD - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
MOD - [2012/05/11 11:13:38 | 000,227,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\PCTWSC.dll
MOD - [2012/05/11 11:13:36 | 000,250,808 | ---- | M] (PC Tools ) -- C:\Program Files\PC Tools\PC Tools Security\PCTMime.dll
MOD - [2012/05/11 11:13:36 | 000,148,408 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\NfyMan.sdp
MOD - [2012/05/11 11:13:32 | 000,329,656 | ---- | M] (PC Tools Research Pty Ltd.) -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
MOD - [2012/05/11 11:13:32 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/05/11 11:13:22 | 000,198,072 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\Localizer.sdp
MOD - [2012/05/11 11:13:20 | 000,305,080 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\PCTSDDLL.dll
MOD - [2012/05/11 11:13:18 | 000,412,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\inethlpr.dll
MOD - [2012/05/11 11:13:16 | 000,490,424 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\FileStorage.sdp
MOD - [2012/05/11 11:13:16 | 000,449,464 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\IDBLib.sdp
MOD - [2012/05/11 11:13:16 | 000,312,248 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\filehlpr.dll
MOD - [2012/05/11 11:13:16 | 000,110,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\Immunizer.sdp
MOD - [2012/05/11 11:13:14 | 000,700,344 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\cdialogs.dll
MOD - [2012/05/11 11:13:14 | 000,456,120 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\BH.dll
MOD - [2012/05/11 11:13:14 | 000,319,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\commhlpr.dll
MOD - [2012/05/11 11:13:12 | 001,375,160 | ---- | M] (PC Tools Research) -- C:\Program Files\PC Tools\PC Tools Security\avengine\SDAVgate.dll
MOD - [2012/05/11 11:13:12 | 000,651,704 | ---- | M] (PC Tools Research) -- C:\Program Files\PC Tools\PC Tools Security\avengine\SEPS.dll
MOD - [2012/05/11 11:13:12 | 000,290,232 | ---- | M] (PC Tools Research) -- C:\Program Files\PC Tools\PC Tools Security\avengine\PCTScanCloud.dll
MOD - [2012/05/11 11:13:12 | 000,107,960 | ---- | M] (PC Tools Research) -- C:\Program Files\PC Tools\PC Tools Security\avengine\PCTRevoke.dll
MOD - [2012/05/11 11:13:12 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/05/11 11:13:10 | 000,480,184 | ---- | M] (TODO: <Company name>) -- C:\Program Files\PC Tools\PC Tools Security\avengine\PCTCleanAVE.dll
MOD - [2012/05/11 11:13:10 | 000,464,312 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\avengine\PCTDSCli.dll
MOD - [2012/05/11 11:13:10 | 000,288,184 | ---- | M] (PC Tools Research) -- C:\Program Files\PC Tools\PC Tools Security\avengine\pctdefdb.dll
MOD - [2012/05/11 11:13:08 | 001,941,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\PC Tools\PC Tools Security\avengine\dec_abi.dll
MOD - [2012/05/11 11:13:08 | 001,087,928 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools\PC Tools Security\avengine\PCTAVEng.dll
MOD - [2012/05/11 11:12:58 | 001,087,416 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SDInfo.sdp
MOD - [2012/05/11 11:10:02 | 001,005,496 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\SystemMonitor.sdp
MOD - [2012/05/11 11:09:54 | 001,058,744 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\commom.dll
MOD - [2012/05/11 11:09:48 | 000,923,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\commlib.dll
MOD - [2012/05/11 10:42:33 | 006,007,808 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mshtml.dll
MOD - [2012/05/11 10:42:33 | 002,000,384 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2012/05/11 10:42:33 | 001,212,416 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2012/05/11 10:42:33 | 000,629,760 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeeds.dll
MOD - [2012/05/11 10:42:33 | 000,247,808 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2012/05/11 10:42:33 | 000,184,320 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iepeers.dll
MOD - [2012/05/11 10:42:33 | 000,012,800 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\xpshims.dll
MOD - [2012/05/11 10:16:44 | 000,912,896 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\PCToolsComponents.bpl
MOD - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
MOD - [2012/05/11 10:06:04 | 001,874,944 | ---- | M] (CodeGear) -- C:\Program Files\PC Tools\PC Tools Security\vcl100.bpl
MOD - [2012/05/11 10:05:56 | 000,853,504 | ---- | M] (CodeGear) -- C:\Program Files\PC Tools\PC Tools Security\rtl100.bpl
MOD - [2012/05/08 18:21:40 | 000,141,240 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBDCom.dll
MOD - [2012/04/23 12:36:44 | 001,284,024 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\KDS\KDSInterface.dll
MOD - [2012/04/07 08:40:30 | 008,778,400 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_228.ocx
MOD - [2012/02/29 10:10:16 | 000,177,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll
MOD - [2012/02/29 10:10:16 | 000,148,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2012/02/28 11:42:52 | 000,092,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\pctEFA\pctEFACli.dll
MOD - [2012/02/09 11:43:34 | 001,748,992 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
MOD - [2011/11/16 10:21:44 | 000,354,816 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winhttp.dll
MOD - [2011/11/16 10:21:44 | 000,152,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
MOD - [2011/11/01 12:07:10 | 001,288,704 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2011/10/14 10:47:29 | 000,176,128 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll
MOD - [2011/09/26 12:41:20 | 000,220,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleacc.dll
MOD - [2011/09/05 09:56:22 | 001,510,400 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll
MOD - [2011/09/05 09:56:21 | 001,025,024 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browseui.dll
MOD - [2011/04/18 23:51:18 | 000,653,136 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/03/11 10:10:38 | 000,471,552 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2011/03/04 02:37:06 | 000,726,528 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\jscript.dll
MOD - [2011/03/03 02:55:19 | 000,149,504 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2011/01/21 10:44:37 | 008,462,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010/12/22 08:34:28 | 000,301,568 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
MOD - [2010/12/20 13:32:15 | 000,551,936 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010/12/20 13:26:00 | 000,730,112 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll
MOD - [2010/12/09 11:15:09 | 000,718,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010/11/09 10:52:35 | 000,249,856 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2010/08/27 01:57:43 | 000,099,840 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srvsvc.dll
MOD - [2010/08/23 12:12:04 | 000,617,472 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comctl32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/16 04:45:00 | 000,590,848 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010/06/14 03:41:45 | 001,172,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll
MOD - [2010/04/16 11:36:56 | 000,406,016 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usp10.dll
MOD - [2009/12/08 05:23:28 | 000,474,112 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009/10/12 09:38:19 | 000,149,504 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll
MOD - [2009/10/12 09:38:18 | 000,079,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll
MOD - [2009/09/11 10:18:39 | 000,136,192 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
MOD - [2009/09/04 17:03:36 | 000,058,880 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shsvcs.dll
MOD - [2009/07/17 15:01:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2009/06/25 04:25:26 | 000,056,832 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009/06/25 04:25:26 | 000,054,272 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll
MOD - [2009/06/10 02:14:49 | 000,132,096 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wkssvc.dll
MOD - [2009/03/21 10:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
MOD - [2009/03/08 05:33:40 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\corpol.dll
MOD - [2009/03/08 05:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxtmsft.dll
MOD - [2009/03/08 05:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxtrans.dll
MOD - [2009/03/08 05:31:38 | 000,034,816 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imgutil.dll
MOD - [2009/03/08 05:31:36 | 000,046,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pngfilt.dll
MOD - [2009/03/08 05:22:46 | 000,164,352 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieui.dll
MOD - [2009/03/08 05:22:38 | 000,156,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msls31.dll
MOD - [2009/03/06 10:22:18 | 000,284,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll
MOD - [2009/02/09 08:10:48 | 000,617,472 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009/02/09 08:10:48 | 000,473,600 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2009/02/09 08:10:48 | 000,453,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll
MOD - [2009/02/09 08:10:48 | 000,401,408 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll
MOD - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
MOD - [2009/01/07 19:21:04 | 000,121,856 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xmllite.dll
MOD - [2009/01/07 19:20:36 | 000,023,552 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008/10/23 08:36:14 | 000,286,720 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008/10/15 12:34:24 | 000,337,408 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008/06/24 12:43:16 | 000,074,240 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll
MOD - [2008/04/14 06:42:46 | 000,146,432 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008/04/14 06:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
MOD - [2008/04/14 06:42:38 | 000,050,688 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
MOD - [2008/04/14 06:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
MOD - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
MOD - [2008/04/14 06:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
MOD - [2008/04/14 06:42:18 | 000,015,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
MOD - [2008/04/14 06:42:12 | 000,483,840 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsvc.dll
MOD - [2008/04/14 06:42:12 | 000,082,432 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2008/04/14 06:42:12 | 000,052,736 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll
MOD - [2008/04/14 06:42:12 | 000,022,528 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 06:42:12 | 000,019,968 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2008/04/14 06:42:12 | 000,019,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll
MOD - [2008/04/14 06:42:12 | 000,018,432 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 06:42:12 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wship6.dll
MOD - [2008/04/14 06:42:10 | 000,727,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008/04/14 06:42:10 | 000,578,560 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008/04/14 06:42:10 | 000,531,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll
MOD - [2008/04/14 06:42:10 | 000,430,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssapi.dll
MOD - [2008/04/14 06:42:10 | 000,273,920 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll
MOD - [2008/04/14 06:42:10 | 000,218,624 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008/04/14 06:42:10 | 000,214,528 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/14 06:42:10 | 000,175,104 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll
MOD - [2008/04/14 06:42:10 | 000,172,032 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008/04/14 06:42:10 | 000,144,896 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmisvc.dll
MOD - [2008/04/14 06:42:10 | 000,099,328 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll
MOD - [2008/04/14 06:42:10 | 000,095,232 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/14 06:42:10 | 000,092,672 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlnotify.dll
MOD - [2008/04/14 06:42:10 | 000,053,760 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 06:42:10 | 000,043,520 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/14 06:42:10 | 000,032,256 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll
MOD - [2008/04/14 06:42:10 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/14 06:42:10 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008/04/14 06:42:10 | 000,016,896 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winrnr.dll
MOD - [2008/04/14 06:42:08 | 000,713,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/14 06:42:08 | 000,385,536 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\themeui.dll
MOD - [2008/04/14 06:42:08 | 000,295,424 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv.dll
MOD - [2008/04/14 06:42:08 | 000,181,760 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll
MOD - [2008/04/14 06:42:08 | 000,171,008 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll
MOD - [2008/04/14 06:42:08 | 000,123,392 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umpnpmgr.dll
MOD - [2008/04/14 06:42:08 | 000,067,584 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008/04/14 06:42:08 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/14 06:42:06 | 000,985,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008/04/14 06:42:06 | 000,433,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\riched20.dll
MOD - [2008/04/14 06:42:06 | 000,415,744 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll
MOD - [2008/04/14 06:42:06 | 000,314,880 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll
MOD - [2008/04/14 06:42:06 | 000,181,248 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
MOD - [2008/04/14 06:42:06 | 000,178,176 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll
MOD - [2008/04/14 06:42:06 | 000,140,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc_os.dll
MOD - [2008/04/14 06:42:06 | 000,065,024 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/14 06:42:06 | 000,064,000 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008/04/14 06:42:06 | 000,049,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll
MOD - [2008/04/14 06:42:06 | 000,044,032 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/14 06:42:06 | 000,039,424 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll
MOD - [2008/04/14 06:42:06 | 000,025,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll
MOD - [2008/04/14 06:42:06 | 000,007,168 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll
MOD - [2008/04/14 06:42:06 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc.dll
MOD - [2008/04/14 06:42:04 | 001,703,936 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netshell.dll
MOD - [2008/04/14 06:42:04 | 000,245,760 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 06:42:04 | 000,237,056 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll
MOD - [2008/04/14 06:42:04 | 000,186,368 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasmans.dll
MOD - [2008/04/14 06:42:04 | 000,144,384 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll
MOD - [2008/04/14 06:42:04 | 000,143,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2008/04/14 06:42:04 | 000,122,880 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll
MOD - [2008/04/14 06:42:04 | 000,118,784 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008/04/14 06:42:04 | 000,084,992 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008/04/14 06:42:04 | 000,080,896 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 06:42:04 | 000,076,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll
MOD - [2008/04/14 06:42:04 | 000,067,072 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2008/04/14 06:42:04 | 000,061,440 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll
MOD - [2008/04/14 06:42:04 | 000,044,032 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 06:42:04 | 000,038,400 | -H-- | M] (Microsoft Corporation) -- c:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
MOD - [2008/04/14 06:42:04 | 000,027,648 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll
MOD - [2008/04/14 06:42:04 | 000,025,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll
MOD - [2008/04/14 06:42:04 | 000,024,576 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll
MOD - [2008/04/14 06:42:04 | 000,023,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008/04/14 06:42:04 | 000,017,408 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll
MOD - [2008/04/14 06:42:04 | 000,007,680 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll
MOD - [2008/04/14 06:42:02 | 000,622,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll
MOD - [2008/04/14 06:42:02 | 000,413,696 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 06:42:02 | 000,407,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll
MOD - [2008/04/14 06:42:02 | 000,343,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008/04/14 06:42:02 | 000,198,144 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netman.dll
MOD - [2008/04/14 06:42:02 | 000,195,072 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll
MOD - [2008/04/14 06:42:02 | 000,116,224 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstlsapi.dll
MOD - [2008/04/14 06:42:02 | 000,047,104 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll
MOD - [2008/04/14 06:42:02 | 000,036,352 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll
MOD - [2008/04/14 06:42:02 | 000,017,920 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll
MOD - [2008/04/14 06:42:02 | 000,011,776 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 06:42:00 | 002,843,136 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll
MOD - [2008/04/14 06:42:00 | 000,997,376 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2008/04/14 06:42:00 | 000,297,984 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008/04/14 06:42:00 | 000,159,232 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimtf.dll
MOD - [2008/04/14 06:42:00 | 000,071,680 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 06:42:00 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2008/04/14 06:41:58 | 000,586,240 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/14 06:41:58 | 000,087,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/14 06:41:58 | 000,059,904 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2008/04/14 06:41:58 | 000,019,968 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/14 06:41:56 | 000,344,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll
MOD - [2008/04/14 06:41:56 | 000,331,264 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipnathlp.dll
MOD - [2008/04/14 06:41:56 | 000,110,080 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008/04/14 06:41:56 | 000,094,720 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 06:41:56 | 000,032,768 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/14 06:41:56 | 000,011,264 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icaapi.dll
MOD - [2008/04/14 06:41:54 | 001,082,368 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll
MOD - [2008/04/14 06:41:54 | 000,367,616 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2008/04/14 06:41:54 | 000,247,808 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll
MOD - [2008/04/14 06:41:54 | 000,185,344 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 06:41:54 | 000,126,976 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll
MOD - [2008/04/14 06:41:54 | 000,056,320 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
MOD - [2008/04/14 06:41:54 | 000,040,960 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll
MOD - [2008/04/14 06:41:54 | 000,030,720 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll
MOD - [2008/04/14 06:41:54 | 000,026,112 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll
MOD - [2008/04/14 06:41:54 | 000,023,552 | -H-- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmserver.dll
MOD - [2008/04/14 06:41:54 | 000,019,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dimsntfy.dll
MOD - [2008/04/14 06:41:54 | 000,016,896 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fltlib.dll
MOD - [2008/04/14 06:41:54 | 000,014,336 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 06:41:54 | 000,009,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll
MOD - [2008/04/14 06:41:52 | 000,824,320 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3dim700.dll
MOD - [2008/04/14 06:41:52 | 000,792,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008/04/14 06:41:52 | 000,512,512 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll
MOD - [2008/04/14 06:41:52 | 000,498,688 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008/04/14 06:41:52 | 000,326,656 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dll
MOD - [2008/04/14 06:41:52 | 000,279,552 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008/04/14 06:41:52 | 000,276,992 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008/04/14 06:41:52 | 000,194,560 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll
MOD - [2008/04/14 06:41:52 | 000,163,840 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2008/04/14 06:41:52 | 000,126,976 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dhcpcsvc.dll
MOD - [2008/04/14 06:41:52 | 000,101,888 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dll
MOD - [2008/04/14 06:41:52 | 000,077,824 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browser.dll
MOD - [2008/04/14 06:41:52 | 000,064,512 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptnet.dll
MOD - [2008/04/14 06:41:52 | 000,062,464 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll
MOD - [2008/04/14 06:41:52 | 000,062,464 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\authz.dll
MOD - [2008/04/14 06:41:52 | 000,060,416 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/14 06:41:52 | 000,058,368 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll
MOD - [2008/04/14 06:41:52 | 000,033,280 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll
MOD - [2008/04/14 06:41:52 | 000,027,136 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddrawex.dll
MOD - [2008/04/14 06:41:52 | 000,025,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 06:41:52 | 000,008,704 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2008/04/14 06:41:50 | 001,852,928 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/04/14 06:41:50 | 000,193,536 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 06:41:50 | 000,143,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/14 06:41:50 | 000,125,952 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008/04/14 06:41:50 | 000,098,304 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\actxprxy.dll
MOD - [2008/04/14 06:41:50 | 000,039,424 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acadproc.dll
MOD - [2008/04/14 06:41:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmi.dll
MOD - [2008/04/14 06:40:22 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 06:40:08 | 000,177,152 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008/04/14 00:09:26 | 002,897,920 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2008/04/14 00:07:58 | 000,208,384 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008/04/14 00:07:58 | 000,138,752 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll
MOD - [2008/04/13 23:56:06 | 000,094,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2008/04/13 22:53:32 | 000,048,128 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll
MOD - [2003/03/31 08:00:00 | 000,089,600 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\langwrbk.dll
MOD - [2003/03/31 08:00:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\riched32.dll


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/04/07 08:40:30 | 000,253,600 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/14 00:51:14 | 000,182,768 | -H-- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/01/14 00:51:02 | 000,136,176 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2012/01/14 00:51:02 | 000,136,176 | -H-- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2011/11/27 19:41:23 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/20 05:18:24 | 000,440,696 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/08/27 01:57:43 | 000,099,840 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 09:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 02:14:49 | 000,132,096 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 13:17:26 | 000,045,568 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 08:10:48 | 000,617,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 08:10:48 | 000,401,408 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 08:10:48 | 000,401,408 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/07 16:26:58 | 000,253,952 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 12:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/05/26 23:18:44 | 000,439,808 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/04/14 06:42:42 | 000,126,464 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 06:42:40 | 000,289,792 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 06:42:40 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 06:42:40 | 000,018,432 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 06:42:36 | 000,141,312 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 06:42:36 | 000,089,600 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 06:42:34 | 000,095,744 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 06:42:30 | 000,111,104 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 06:42:30 | 000,111,104 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 06:42:30 | 000,078,848 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 06:42:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 06:42:26 | 000,075,264 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 06:42:26 | 000,032,768 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 06:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 06:42:24 | 000,150,528 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 06:42:18 | 000,224,768 | -H-- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 06:42:18 | 000,005,120 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 06:42:18 | 000,005,120 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 06:42:16 | 000,033,280 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 06:42:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 06:42:14 | 000,044,544 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 06:42:12 | 000,483,840 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 06:42:12 | 000,129,024 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 06:42:12 | 000,080,896 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 06:42:12 | 000,006,656 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 06:42:10 | 000,333,824 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 06:42:10 | 000,185,856 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 06:42:10 | 000,175,104 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 06:42:10 | 000,144,896 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 06:42:10 | 000,068,096 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 06:42:10 | 000,015,872 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 06:42:08 | 000,295,424 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 06:42:08 | 000,249,856 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 06:42:08 | 000,171,008 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 06:42:08 | 000,090,112 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 06:42:08 | 000,071,680 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 06:42:06 | 000,192,512 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 06:42:06 | 000,059,904 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 06:42:06 | 000,039,424 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 06:42:06 | 000,018,944 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 06:42:04 | 000,435,200 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 06:42:04 | 000,409,088 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 06:42:04 | 000,291,328 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 06:42:04 | 000,186,368 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 06:42:04 | 000,088,576 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 06:42:04 | 000,038,400 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 06:42:02 | 000,198,144 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 06:42:00 | 000,033,792 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 06:41:58 | 000,061,440 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 06:41:58 | 000,053,248 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 06:41:58 | 000,013,824 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 06:41:56 | 000,331,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 06:41:54 | 000,132,096 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 06:41:54 | 000,033,792 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 06:41:54 | 000,023,552 | -H-- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 06:41:54 | 000,023,040 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 06:41:52 | 000,126,976 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 06:41:52 | 000,077,824 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 06:41:52 | 000,062,464 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 06:41:52 | 000,042,496 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 06:41:50 | 000,167,936 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 06:41:50 | 000,017,408 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/10/26 15:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 14:40:34 | 000,335,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/08/24 23:30:20 | 000,027,648 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2003/03/31 08:00:00 | 000,132,608 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Unknown] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/05/08 18:21:46 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/05/02 09:46:36 | 000,139,656 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/08/17 09:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 09:29:31 | 000,456,320 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 10:02:00 | 000,010,496 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 09:37:43 | 000,105,472 | -H-- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 09:18:03 | 000,357,888 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 11:17:02 | 000,040,960 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/10/20 12:20:16 | 000,265,728 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 06:43:22 | 000,040,840 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 06:43:22 | 000,021,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 06:43:22 | 000,012,040 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 01:58:40 | 000,175,744 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 01:51:02 | 000,162,816 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 01:50:44 | 000,091,520 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 01:50:38 | 000,182,656 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 01:49:50 | 000,048,384 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 01:49:44 | 000,075,264 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 01:49:44 | 000,051,328 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 01:48:02 | 000,052,480 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 01:47:20 | 000,083,072 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 01:45:56 | 000,060,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 01:45:54 | 000,574,976 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 01:45:46 | 000,064,512 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 01:44:30 | 000,143,744 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 01:44:22 | 000,063,744 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 01:30:20 | 000,030,080 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 01:27:34 | 000,041,472 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 01:27:28 | 000,014,336 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 01:27:22 | 000,034,560 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 01:27:16 | 000,152,832 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 01:27:08 | 000,020,864 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 01:26:40 | 000,069,120 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 01:26:34 | 000,035,072 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 01:26:04 | 000,034,688 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 01:26:00 | 000,014,592 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 01:24:30 | 000,011,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 01:23:36 | 000,036,608 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/14 01:21:26 | 000,059,904 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 01:17:38 | 000,025,856 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/14 01:15:40 | 000,026,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/14 01:15:38 | 000,059,520 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 01:15:36 | 000,030,208 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 01:15:36 | 000,017,152 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/14 01:15:28 | 000,010,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/14 01:15:14 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 01:15:10 | 000,172,416 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 01:15:10 | 000,056,576 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 01:15:08 | 000,006,272 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 01:15:02 | 000,052,864 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 01:14:50 | 000,799,744 | -H-- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 01:14:48 | 000,153,344 | -H-- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 01:14:42 | 000,020,992 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 01:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 01:11:00 | 000,042,112 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 01:10:50 | 000,019,712 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 01:10:50 | 000,011,392 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 01:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 01:10:48 | 000,036,352 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/14 01:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/14 01:10:28 | 000,057,600 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/14 01:10:26 | 000,027,392 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 01:10:26 | 000,020,480 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 01:10:14 | 000,015,744 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/14 01:10:12 | 000,080,128 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 01:09:54 | 000,007,552 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/14 01:09:54 | 000,004,352 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 01:09:52 | 000,005,376 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/14 01:09:52 | 000,004,992 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/14 01:09:48 | 000,384,768 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 01:09:48 | 000,042,368 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 01:09:48 | 000,024,576 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 01:09:48 | 000,023,040 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 01:06:54 | 000,073,472 | -H-- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 01:06:48 | 000,015,488 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 01:06:46 | 000,068,224 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/14 01:06:44 | 000,120,192 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 01:06:42 | 000,037,248 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/14 01:06:36 | 000,187,776 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/14 01:03:30 | 000,044,544 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 01:03:00 | 000,129,792 | -H-- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/14 01:02:52 | 000,196,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 01:02:46 | 000,180,608 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 01:02:40 | 000,030,848 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 01:02:40 | 000,019,072 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 01:02:38 | 000,066,048 | -H-- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 01:01:34 | 000,036,352 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 01:01:32 | 000,035,840 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 23:09:24 | 000,142,592 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 23:09:16 | 000,020,480 | -H-- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 23:06:06 | 000,144,384 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:05:40 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/10/05 16:57:08 | 000,012,544 | -H-- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/23 19:56:28 | 003,966,976 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/31 08:00:00 | 000,125,056 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 08:00:00 | 000,032,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 08:00:00 | 000,032,512 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 08:00:00 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 08:00:00 | 000,017,792 | -H-- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 08:00:00 | 000,016,512 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 08:00:00 | 000,013,952 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 08:00:00 | 000,012,416 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 08:00:00 | 000,012,160 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2003/03/31 08:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 08:00:00 | 000,011,648 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 08:00:00 | 000,008,832 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 08:00:00 | 000,007,936 | -H-- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2003/03/31 08:00:00 | 000,006,784 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 08:00:00 | 000,005,888 | -H-- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 08:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 08:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 08:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 08:00:00 | 000,003,328 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2003/03/31 08:00:00 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2003/03/31 08:00:00 | 000,002,864 | -H-- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2001/08/17 09:59:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{35CE37D6-BD17-4CD9-8B38-10991C734297}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 16 CE C5 6C 4B CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/11/27 19:41:24 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/15 14:32:18 | 000,000,000 | ---D | M]

[2012/06/15 04:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KaDQddpRUWxinGi.exe] C:\Documents and Settings\All Users\Application Data\KaDQddpRUWxinGi.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [PC Tools Security] C:\Documents and Settings\Administrator.AL-PC\Local Settings\Temporary Internet Files\Content.IE5\I1N2S1JT\SD_Online_aff_GenericRevenueWire_207[1].exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BBE297A-591D-4E6C-8592-DC87B2EEA02F}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/15 11:58:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 23:18:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\OTL.exe
[2012/06/15 22:38:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/15 21:55:11 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\tdsskiller.exe
[2012/06/15 14:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/06/15 14:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\TestApp
[2012/06/15 06:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\AdobeUM
[2012/06/15 06:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Local Settings\Application Data\Adobe
[2012/06/15 05:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\Malwarebytes
[2012/06/15 05:44:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.AL-PC\PrivacIE
[2012/06/15 05:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\Macromedia
[2012/06/15 05:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\Adobe
[2012/06/15 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AL-PC\Local Settings\Application Data\Microsoft
[2012/06/15 05:43:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\Microsoft
[2012/06/15 05:43:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Start Menu\Programs\Startup
[2012/06/15 05:43:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Start Menu
[2012/06/15 05:43:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AL-PC\SendTo
[2012/06/15 05:43:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Application Data
[2012/06/15 05:43:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Start Menu\Programs\Accessories
[2012/06/15 05:43:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.AL-PC\IETldCache
[2012/06/15 05:43:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.AL-PC\Cookies
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Templates
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Recent
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\PrintHood
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\NetHood
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\My Documents
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Local Settings\Application Data\Microsoft Help
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Local Settings
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Favorites
[2012/06/15 05:43:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.AL-PC\Desktop
[2012/06/15 05:02:50 | 000,070,736 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/06/15 05:02:49 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0616.old
[2012/06/15 05:02:49 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/06/15 05:02:49 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0616.old
[2012/06/15 05:02:49 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/06/15 05:02:48 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/06/15 05:01:18 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/06/15 05:01:10 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/06/15 05:01:05 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/06/15 05:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/15 04:59:32 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/06/15 04:59:32 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/06/15 04:59:25 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/06/15 04:59:25 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/06/15 04:59:23 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/06/15 04:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/15 04:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/15 04:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/06/15 04:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/06/15 04:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/15 04:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/15 04:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/15 03:57:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/15 03:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/15 03:56:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/15 03:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/15 03:33:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/06/14 08:12:28 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2012/06/14 00:37:22 | 000,521,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/05/20 19:18:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2010
[2012/05/20 19:17:47 | 000,000,000 | -H-D | C] -- C:\Program Files\HRBlock2010
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 23:20:02 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator.AL-PC\NTUSER.DAT
[2012/06/15 23:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\OTL.exe
[2012/06/15 23:03:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 22:59:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/06/15 22:58:11 | 000,000,874 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 22:58:05 | 000,532,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/15 22:56:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.AL-PC\ntuser.ini
[2012/06/15 22:56:37 | 001,600,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.AL-PC\Local Settings\Application Data\IconCache.db
[2012/06/15 22:49:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/15 21:56:10 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\tdsskiller.exe
[2012/06/15 14:30:19 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/15 14:11:03 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 14:01:23 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dKspPj7AyVgUa7
[2012/06/15 13:56:57 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7r
[2012/06/15 13:56:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7
[2012/06/15 05:58:06 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2012/06/15 04:48:47 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/06/15 03:57:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/15 02:43:01 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/14 21:28:34 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dKspPj7AyVgUa7.exe
[2012/06/14 20:43:57 | 000,344,576 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\KaDQddpRUWxinGi.exe
[2012/06/14 09:28:07 | 000,189,000 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:10:20 | 000,000,129 | -H-- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/14 02:08:45 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/11 21:15:57 | 000,001,813 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/31 09:22:09 | 000,599,040 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/22 06:51:39 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/20 23:28:01 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 22:57:43 | 000,532,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/15 13:53:56 | 001,600,656 | -H-- | C] () -- C:\Documents and Settings\Administrator.AL-PC\Local Settings\Application Data\IconCache.db
[2012/06/15 05:43:33 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.AL-PC\ntuser.ini
[2012/06/15 05:43:32 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator.AL-PC\NTUSER.DAT
[2012/06/15 05:43:32 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator.AL-PC\Start Menu\Programs\Remote Assistance.lnk
[2012/06/15 05:43:32 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Administrator.AL-PC\Start Menu\Programs\Windows Media Player.lnk
[2012/06/15 05:02:49 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0616.old
[2012/06/15 05:02:49 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/06/15 05:02:49 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/06/15 05:02:49 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/06/15 05:02:49 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/06/15 05:02:49 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/06/15 05:01:10 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/15 04:48:47 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/06/15 03:57:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 21:28:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7r
[2012/06/14 21:28:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7
[2012/06/14 21:28:45 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dKspPj7AyVgUa7
[2012/06/14 21:28:34 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dKspPj7AyVgUa7.exe
[2012/06/14 20:46:11 | 000,344,576 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\KaDQddpRUWxinGi.exe
[2012/05/20 23:28:01 | 000,001,682 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk
[2012/03/31 12:30:10 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD_Start.INI
[2012/02/15 09:11:58 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 04:05:32 | 000,000,129 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/08 22:08:32 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\unvise32.dll
[2011/11/27 19:41:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/15 14:09:22 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2011/11/15 14:09:22 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2011/11/15 14:09:22 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2011/11/15 14:09:22 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2011/11/15 14:09:22 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2011/11/15 12:01:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 11:58:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\control.ini
[2011/11/15 11:58:06 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/11/15 11:58:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/11/15 11:55:54 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/15 11:55:44 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\vbaddin.ini
[2011/11/15 11:55:44 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\vb.ini
[2011/11/15 11:55:03 | 000,013,223 | -H-- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2011/11/15 11:55:01 | 000,001,931 | -H-- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2011/11/15 05:46:30 | 000,389,346 | -H-- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/11/15 05:46:29 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/15 05:45:20 | 000,189,000 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/06/15 14:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\TestApp
[2012/05/20 19:16:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2012/06/15 23:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 6/15/2012 11:19:39 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Administrator.AL-PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 562.43 Mb Available Physical Memory | 62.94% Memory free
2.12 Gb Paging File | 1.77 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 51.79 Gb Free Space | 69.49% Space Free | Partition Type: NTFS
Drive E: | 143.75 Gb Total Space | 97.27 Gb Free Space | 67.66% Space Free | Partition Type: NTFS
Drive F: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.41% Space Free | Partition Type: FAT32

Computer Name: AL-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F907A69-6332-4F87-AD74-3C91A627D2C6}" = H&R Block Virginia 2009
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Browser Defender_is1" = Browser Guard 4.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"PROPLUS" = Microsoft Office Professional Plus 2007
"Recuva" = Recuva
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"VLabs Electricity Demo" = Edmark Virtual Labs Electricity DL
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2012 9:52:01 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2012 11:17:32 AM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2012 11:45:36 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/15/2012 9:22:10 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/17/2012 8:44:43 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2012 8:18:46 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2012 10:58:40 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2012 10:58:42 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2012 7:09:39 PM | Computer Name = AL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2012 10:43:48 PM | Computer Name = AL-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\AL\MY DOCUMENTS\CYBERQUEST.DOCX>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ OSession Events ]
Error - 1/5/2012 10:46:55 PM | Computer Name = AL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20865
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/15/2012 1:56:14 PM | Computer Name = AL-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 6/15/2012 2:09:54 PM | Computer Name = AL-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 6/15/2012 2:13:50 PM | Computer Name = AL-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2012 2:14:36 PM | Computer Name = AL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm PCTSD

Error - 6/15/2012 2:32:51 PM | Computer Name = AL-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2012 2:36:00 PM | Computer Name = AL-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2012 2:36:00 PM | Computer Name = AL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm PCTSD

Error - 6/15/2012 10:56:41 PM | Computer Name = AL-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2012 11:04:12 PM | Computer Name = AL-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2012 11:05:20 PM | Computer Name = AL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm PCTSD

< End of report >

At the risk of TMI, I am also posting the output from the TDSS Killer scan. I copied the items found to Quarantine but did not delete.

21:56:11.0078 2824 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:56:11.0328 2824 ============================================================
21:56:11.0328 2824 Current date / time: 2012/06/15 21:56:11.0328
21:56:11.0328 2824 SystemInfo:
21:56:11.0328 2824
21:56:11.0328 2824 OS Version: 5.1.2600 ServicePack: 3.0
21:56:11.0328 2824 Product type: Workstation
21:56:11.0328 2824 ComputerName: AL-PC
21:56:11.0328 2824 UserName: Administrator
21:56:11.0328 2824 Windows directory: C:\WINDOWS
21:56:11.0328 2824 System windows directory: C:\WINDOWS
21:56:11.0328 2824 Processor architecture: Intel x86
21:56:11.0328 2824 Number of processors: 2
21:56:11.0328 2824 Page size: 0x1000
21:56:11.0328 2824 Boot type: Safe boot with network
21:56:11.0328 2824 ============================================================
21:56:14.0156 2824 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:56:14.0171 2824 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:56:14.0234 2824 ============================================================
21:56:14.0234 2824 \Device\Harddisk0\DR0:
21:56:14.0234 2824 MBR partitions:
21:56:14.0234 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
21:56:14.0234 2824 \Device\Harddisk1\DR1:
21:56:14.0234 2824 MBR partitions:
21:56:14.0234 2824 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0xA962F3, BlocksNum 0x11F827CE
21:56:14.0234 2824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xA962B4
21:56:14.0234 2824 ============================================================
21:56:14.0265 2824 C: <-> \Device\Harddisk0\DR0\Partition0
21:56:14.0312 2824 E: <-> \Device\Harddisk1\DR1\Partition0
21:56:14.0312 2824 F: <-> \Device\Harddisk1\DR1\Partition1
21:56:14.0312 2824 ============================================================
21:56:14.0312 2824 Initialize success
21:56:14.0312 2824 ============================================================
21:58:10.0031 2920 ============================================================
21:58:10.0031 2920 Scan started
21:58:10.0031 2920 Mode: Manual; SigCheck; TDLFS;
21:58:10.0031 2920 ============================================================
21:58:11.0734 2920 Abiosdsk - ok
21:58:11.0765 2920 abp480n5 - ok
21:58:11.0843 2920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:58:13.0671 2920 ACPI - ok
21:58:13.0687 2920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:58:13.0921 2920 ACPIEC - ok
21:58:14.0031 2920 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:14.0078 2920 AdobeFlashPlayerUpdateSvc - ok
21:58:14.0093 2920 adpu160m - ok
21:58:14.0171 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:58:14.0390 2920 aec - ok
21:58:14.0437 2920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:58:14.0500 2920 AFD - ok
21:58:14.0531 2920 Aha154x - ok
21:58:14.0562 2920 aic78u2 - ok
21:58:14.0593 2920 aic78xx - ok
21:58:14.0640 2920 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:58:14.0828 2920 Alerter - ok
21:58:14.0875 2920 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:58:15.0093 2920 ALG - ok
21:58:15.0109 2920 AliIde - ok
21:58:15.0156 2920 amsint - ok
21:58:15.0203 2920 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:58:15.0406 2920 AppMgmt - ok
21:58:15.0421 2920 asc - ok
21:58:15.0453 2920 asc3350p - ok
21:58:15.0484 2920 asc3550 - ok
21:58:15.0546 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:58:15.0734 2920 AsyncMac - ok
21:58:15.0781 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:58:15.0984 2920 atapi - ok
21:58:16.0000 2920 Atdisk - ok
21:58:16.0062 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:58:16.0265 2920 Atmarpc - ok
21:58:16.0312 2920 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:58:16.0500 2920 AudioSrv - ok
21:58:16.0531 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:58:16.0750 2920 audstub - ok
21:58:16.0812 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:58:17.0015 2920 Beep - ok
21:58:17.0093 2920 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
21:58:17.0359 2920 BITS - ok
21:58:17.0390 2920 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:58:17.0593 2920 Browser - ok
21:58:17.0796 2920 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
21:58:17.0859 2920 Browser Defender Update Service - ok
21:58:17.0890 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:58:18.0125 2920 cbidf2k - ok
21:58:18.0140 2920 cd20xrnt - ok
21:58:18.0187 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:58:18.0406 2920 Cdaudio - ok
21:58:18.0437 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:58:18.0625 2920 Cdfs - ok
21:58:18.0640 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:58:18.0859 2920 Cdrom - ok
21:58:18.0875 2920 Changer - ok
21:58:18.0921 2920 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:58:19.0109 2920 CiSvc - ok
21:58:19.0140 2920 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:58:19.0343 2920 ClipSrv - ok
21:58:19.0359 2920 CmdIde - ok
21:58:19.0390 2920 COMSysApp - ok
21:58:19.0453 2920 Cpqarray - ok
21:58:19.0500 2920 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:58:19.0703 2920 CryptSvc - ok
21:58:19.0718 2920 dac2w2k - ok
21:58:19.0750 2920 dac960nt - ok
21:58:19.0859 2920 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:58:19.0953 2920 DcomLaunch - ok
21:58:20.0015 2920 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:58:20.0218 2920 Dhcp - ok
21:58:20.0234 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:58:20.0437 2920 Disk - ok
21:58:20.0453 2920 dmadmin - ok
21:58:20.0578 2920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:58:20.0875 2920 dmboot - ok
21:58:20.0921 2920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:58:21.0125 2920 dmio - ok
21:58:21.0140 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:58:21.0359 2920 dmload - ok
21:58:21.0390 2920 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:58:21.0593 2920 dmserver - ok
21:58:21.0656 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:58:21.0859 2920 DMusic - ok
21:58:21.0875 2920 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:58:21.0921 2920 Dnscache - ok
21:58:22.0015 2920 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:58:22.0218 2920 Dot3svc - ok
21:58:22.0234 2920 dpti2o - ok
21:58:22.0312 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:58:22.0500 2920 drmkaud - ok
21:58:22.0562 2920 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:58:22.0750 2920 EapHost - ok
21:58:22.0781 2920 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:58:22.0968 2920 ERSvc - ok
21:58:23.0015 2920 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:58:23.0062 2920 Eventlog - ok
21:58:23.0125 2920 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
21:58:23.0187 2920 EventSystem - ok
21:58:23.0218 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:58:23.0437 2920 Fastfat - ok
21:58:23.0468 2920 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:58:23.0546 2920 FastUserSwitchingCompatibility - ok
21:58:23.0593 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:58:23.0796 2920 Fdc - ok
21:58:23.0828 2920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:58:24.0031 2920 Fips - ok
21:58:24.0062 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:58:24.0265 2920 Flpydisk - ok
21:58:24.0312 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:58:24.0500 2920 FltMgr - ok
21:58:24.0546 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:58:24.0750 2920 Fs_Rec - ok
21:58:24.0781 2920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:58:24.0984 2920 Ftdisk - ok
21:58:25.0031 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:58:25.0218 2920 Gpc - ok
21:58:25.0406 2920 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:58:25.0468 2920 gupdate - ok
21:58:25.0484 2920 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:58:25.0515 2920 gupdatem - ok
21:58:25.0562 2920 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:58:25.0609 2920 gusvc - ok
21:58:25.0656 2920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:58:25.0859 2920 HDAudBus - ok
21:58:25.0968 2920 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:58:26.0156 2920 helpsvc - ok
21:58:26.0187 2920 HidServ - ok
21:58:26.0234 2920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:58:26.0437 2920 hidusb - ok
21:58:26.0500 2920 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:58:26.0687 2920 hkmsvc - ok
21:58:26.0718 2920 hpn - ok
21:58:26.0781 2920 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:58:26.0859 2920 HSFHWBS2 - ok
21:58:26.0953 2920 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:58:27.0093 2920 HSF_DPV - ok
21:58:27.0156 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:58:27.0187 2920 HTTP - ok
21:58:27.0234 2920 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:58:27.0421 2920 HTTPFilter - ok
21:58:27.0437 2920 i2omgmt - ok
21:58:27.0484 2920 i2omp - ok
21:58:27.0531 2920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:58:27.0734 2920 i8042prt - ok
21:58:27.0796 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:58:28.0000 2920 Imapi - ok
21:58:28.0046 2920 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
21:58:28.0250 2920 ImapiService - ok
21:58:28.0281 2920 ini910u - ok
21:58:28.0562 2920 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:58:28.0859 2920 IntcAzAudAddService - ok
21:58:28.0968 2920 IntelIde - ok
21:58:29.0031 2920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:58:29.0203 2920 intelppm - ok
21:58:29.0265 2920 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:58:29.0453 2920 ip6fw - ok
21:58:29.0484 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:58:29.0687 2920 IpFilterDriver - ok
21:58:29.0718 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:58:29.0906 2920 IpInIp - ok
21:58:29.0953 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:58:30.0171 2920 IpNat - ok
21:58:30.0187 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:58:30.0390 2920 IPSec - ok
21:58:30.0421 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:58:30.0609 2920 IRENUM - ok
21:58:30.0656 2920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:58:30.0843 2920 isapnp - ok
21:58:30.0984 2920 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:58:31.0015 2920 JavaQuickStarterService - ok
21:58:31.0046 2920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:58:31.0250 2920 Kbdclass - ok
21:58:31.0296 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:58:31.0500 2920 kmixer - ok
21:58:31.0531 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:58:31.0593 2920 KSecDD - ok
21:58:31.0640 2920 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:58:31.0703 2920 lanmanserver - ok
21:58:31.0765 2920 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:58:31.0812 2920 lanmanworkstation - ok
21:58:31.0843 2920 lbrtfdc - ok
21:58:31.0921 2920 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:58:32.0109 2920 LmHosts - ok
21:58:32.0187 2920 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:58:32.0234 2920 MDM ( UnsignedFile.Multi.Generic ) - warning
21:58:32.0234 2920 MDM - detected UnsignedFile.Multi.Generic (1)
21:58:32.0265 2920 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:58:32.0296 2920 mdmxsdk - ok
21:58:32.0343 2920 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:58:32.0515 2920 Messenger - ok
21:58:32.0546 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:58:32.0765 2920 mnmdd - ok
21:58:32.0796 2920 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:58:32.0984 2920 mnmsrvc - ok
21:58:33.0015 2920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:58:33.0203 2920 Modem - ok
21:58:33.0250 2920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:58:33.0421 2920 Mouclass - ok
21:58:33.0468 2920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:58:33.0671 2920 mouhid - ok
21:58:33.0703 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:58:33.0906 2920 MountMgr - ok
21:58:33.0937 2920 mraid35x - ok
21:58:33.0984 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:58:34.0187 2920 MRxDAV - ok
21:58:34.0265 2920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:58:34.0343 2920 MRxSmb - ok
21:58:34.0359 2920 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:58:34.0562 2920 MSDTC - ok
21:58:34.0578 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:58:34.0765 2920 Msfs - ok
21:58:34.0781 2920 MSIServer - ok
21:58:34.0828 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:58:35.0031 2920 MSKSSRV - ok
21:58:35.0062 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:58:35.0250 2920 MSPCLOCK - ok
21:58:35.0281 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:58:35.0468 2920 MSPQM - ok
21:58:35.0500 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:58:35.0687 2920 mssmbios - ok
21:58:35.0718 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:58:35.0765 2920 Mup - ok
21:58:35.0843 2920 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:58:36.0078 2920 napagent - ok
21:58:36.0109 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:58:36.0296 2920 NDIS - ok
21:58:36.0328 2920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:58:36.0375 2920 NdisTapi - ok
21:58:36.0390 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:58:36.0578 2920 Ndisuio - ok
21:58:36.0625 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:58:36.0812 2920 NdisWan - ok
21:58:36.0843 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:58:36.0921 2920 NDProxy - ok
21:58:36.0968 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:58:37.0140 2920 NetBIOS - ok
21:58:37.0187 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:58:37.0390 2920 NetBT - ok
21:58:37.0437 2920 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:58:37.0625 2920 NetDDE - ok
21:58:37.0640 2920 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:58:37.0828 2920 NetDDEdsdm - ok
21:58:37.0875 2920 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:58:38.0062 2920 Netlogon - ok
21:58:38.0109 2920 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:58:38.0296 2920 Netman - ok
21:58:38.0359 2920 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:58:38.0421 2920 Nla - ok
21:58:38.0437 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:58:38.0625 2920 Npfs - ok
21:58:38.0703 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:58:38.0921 2920 Ntfs - ok
21:58:38.0937 2920 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:58:39.0125 2920 NtLmSsp - ok
21:58:39.0187 2920 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:58:39.0375 2920 NtmsSvc - ok
21:58:39.0421 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:58:39.0625 2920 Null - ok
21:58:39.0656 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:58:39.0859 2920 NwlnkFlt - ok
21:58:39.0875 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:58:40.0078 2920 NwlnkFwd - ok
21:58:40.0281 2920 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:58:40.0343 2920 odserv - ok
21:58:40.0406 2920 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:40.0437 2920 ose - ok
21:58:40.0484 2920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:58:40.0671 2920 Parport - ok
21:58:40.0703 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:58:40.0906 2920 PartMgr - ok
21:58:40.0937 2920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:58:41.0140 2920 ParVdm - ok
21:58:41.0187 2920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:58:41.0375 2920 PCI - ok
21:58:41.0390 2920 PCIDump - ok
21:58:41.0437 2920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:58:41.0640 2920 PCIIde - ok
21:58:41.0687 2920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:58:41.0890 2920 Pcmcia - ok
21:58:41.0937 2920 PCTBD (f66917b35d1e543065bdba7853d2e26d) C:\WINDOWS\system32\Drivers\PCTBD.sys
21:58:42.0000 2920 PCTBD - ok
21:58:42.0062 2920 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys
21:58:42.0109 2920 PCTCore - ok
21:58:42.0171 2920 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
21:58:42.0234 2920 pctDS - ok
21:58:42.0312 2920 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
21:58:42.0406 2920 pctEFA - ok
21:58:42.0453 2920 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys
21:58:42.0484 2920 PCTSD - ok
21:58:42.0515 2920 PDCOMP - ok
21:58:42.0546 2920 PDFRAME - ok
21:58:42.0578 2920 PDRELI - ok
21:58:42.0609 2920 PDRFRAME - ok
21:58:42.0640 2920 perc2 - ok
21:58:42.0671 2920 perc2hib - ok
21:58:42.0781 2920 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:58:42.0828 2920 PlugPlay - ok
21:58:42.0859 2920 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:58:43.0046 2920 PolicyAgent - ok
21:58:43.0078 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:58:43.0265 2920 PptpMiniport - ok
21:58:43.0296 2920 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:58:43.0500 2920 Processor - ok
21:58:43.0515 2920 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:58:43.0703 2920 ProtectedStorage - ok
21:58:43.0734 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:58:43.0921 2920 PSched - ok
21:58:43.0968 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:58:44.0171 2920 Ptilink - ok
21:58:44.0203 2920 ql1080 - ok
21:58:44.0234 2920 Ql10wnt - ok
21:58:44.0265 2920 ql12160 - ok
21:58:44.0296 2920 ql1240 - ok
21:58:44.0328 2920 ql1280 - ok
21:58:44.0359 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:58:44.0578 2920 RasAcd - ok
21:58:44.0625 2920 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:58:44.0796 2920 RasAuto - ok
21:58:44.0843 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:58:45.0015 2920 Rasl2tp - ok
21:58:45.0062 2920 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:58:45.0265 2920 RasMan - ok
21:58:45.0296 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:58:45.0500 2920 RasPppoe - ok
21:58:45.0531 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:58:45.0718 2920 Raspti - ok
21:58:45.0765 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:58:45.0953 2920 Rdbss - ok
21:58:45.0968 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:58:46.0171 2920 RDPCDD - ok
21:58:46.0250 2920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:58:46.0437 2920 rdpdr - ok
21:58:46.0500 2920 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:58:46.0578 2920 RDPWD - ok
21:58:46.0609 2920 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:58:46.0812 2920 RDSessMgr - ok
21:58:46.0859 2920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:58:47.0062 2920 redbook - ok
21:58:47.0109 2920 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:58:47.0312 2920 RemoteAccess - ok
21:58:47.0343 2920 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:58:47.0546 2920 RemoteRegistry - ok
21:58:47.0562 2920 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
21:58:47.0750 2920 RpcLocator - ok
21:58:47.0812 2920 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:58:47.0875 2920 RpcSs - ok
21:58:47.0890 2920 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
21:58:48.0125 2920 RSVP - ok
21:58:48.0171 2920 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:58:48.0343 2920 rtl8139 - ok
21:58:48.0375 2920 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:58:48.0562 2920 SamSs - ok
21:58:48.0593 2920 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:58:48.0796 2920 SCardSvr - ok
21:58:48.0843 2920 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:58:49.0031 2920 Schedule - ok
21:58:49.0234 2920 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
21:58:49.0328 2920 sdAuxService - ok
21:58:49.0406 2920 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
21:58:49.0515 2920 sdCoreService - ok
21:58:49.0625 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:58:49.0828 2920 Secdrv - ok
21:58:49.0859 2920 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:58:50.0062 2920 seclogon - ok
21:58:50.0125 2920 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:58:50.0312 2920 SENS - ok
21:58:50.0359 2920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:58:50.0546 2920 serenum - ok
21:58:50.0578 2920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:58:50.0765 2920 Serial - ok
21:58:50.0781 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:58:50.0984 2920 Sfloppy - ok
21:58:51.0046 2920 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:58:51.0281 2920 SharedAccess - ok
21:58:51.0312 2920 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:58:51.0375 2920 ShellHWDetection - ok
21:58:51.0390 2920 Simbad - ok
21:58:51.0421 2920 Sparrow - ok
21:58:51.0484 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:58:51.0671 2920 splitter - ok
21:58:51.0718 2920 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:58:51.0765 2920 Spooler - ok
21:58:51.0828 2920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:58:52.0031 2920 sr - ok
21:58:52.0078 2920 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
21:58:52.0250 2920 srservice - ok
21:58:52.0312 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:58:52.0390 2920 Srv - ok
21:58:52.0437 2920 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:58:52.0640 2920 SSDPSRV - ok
21:58:52.0687 2920 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:58:52.0906 2920 stisvc - ok
21:58:52.0953 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:58:53.0156 2920 swenum - ok
21:58:53.0203 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:58:53.0390 2920 swmidi - ok
21:58:53.0406 2920 SwPrv - ok
21:58:53.0453 2920 symc810 - ok
21:58:53.0500 2920 symc8xx - ok
21:58:53.0531 2920 sym_hi - ok
21:58:53.0562 2920 sym_u3 - ok
21:58:53.0640 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:58:53.0828 2920 sysaudio - ok
21:58:53.0859 2920 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:58:54.0062 2920 SysmonLog - ok
21:58:54.0109 2920 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:58:54.0312 2920 TapiSrv - ok
21:58:54.0375 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:58:54.0468 2920 Tcpip - ok
21:58:54.0515 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:58:54.0703 2920 TDPIPE - ok
21:58:54.0734 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:58:54.0921 2920 TDTCP - ok
21:58:54.0968 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:58:55.0156 2920 TermDD - ok
21:58:55.0203 2920 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:58:55.0437 2920 TermService - ok
21:58:55.0484 2920 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:58:55.0500 2920 Themes - ok
21:58:55.0531 2920 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
21:58:55.0734 2920 TlntSvr - ok
21:58:55.0750 2920 TosIde - ok
21:58:55.0796 2920 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:58:56.0000 2920 TrkWks - ok
21:58:56.0062 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:58:56.0234 2920 Udfs - ok
21:58:56.0281 2920 ultra - ok
21:58:56.0359 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:58:56.0578 2920 Update - ok
21:58:56.0640 2920 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:58:56.0843 2920 upnphost - ok
21:58:56.0875 2920 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:58:57.0078 2920 UPS - ok
21:58:57.0109 2920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:58:57.0296 2920 usbehci - ok
21:58:57.0359 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:58:57.0531 2920 usbhub - ok
21:58:57.0546 2920 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:58:57.0750 2920 usbohci - ok
21:58:57.0812 2920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:58:58.0000 2920 usbprint - ok
21:58:58.0031 2920 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:58:58.0218 2920 usbstor - ok
21:58:58.0265 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:58:58.0453 2920 VgaSave - ok
21:58:58.0468 2920 ViaIde - ok
21:58:58.0515 2920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:58:58.0703 2920 VolSnap - ok
21:58:58.0765 2920 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:58:58.0984 2920 VSS - ok
21:58:59.0046 2920 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
21:58:59.0281 2920 W32Time - ok
21:58:59.0312 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:58:59.0515 2920 Wanarp - ok
21:58:59.0531 2920 WDICA - ok
21:58:59.0593 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:58:59.0781 2920 wdmaud - ok
21:58:59.0906 2920 Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
21:58:59.0937 2920 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
21:58:59.0937 2920 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
21:58:59.0984 2920 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:59:00.0156 2920 WebClient - ok
21:59:00.0265 2920 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:59:00.0359 2920 winachsf - ok
21:59:00.0437 2920 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:59:00.0671 2920 winmgmt - ok
21:59:00.0750 2920 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
21:59:00.0812 2920 WmdmPmSN - ok
21:59:00.0890 2920 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:59:01.0015 2920 Wmi - ok
21:59:01.0078 2920 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:59:01.0281 2920 WmiApSrv - ok
21:59:01.0328 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:59:01.0546 2920 WS2IFSL - ok
21:59:01.0609 2920 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:59:01.0796 2920 wscsvc - ok
21:59:01.0828 2920 WSearch - ok
21:59:01.0890 2920 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:59:02.0093 2920 wuauserv - ok
21:59:02.0156 2920 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:59:02.0359 2920 WZCSVC - ok
21:59:02.0421 2920 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:59:02.0625 2920 xmlprov - ok
21:59:02.0671 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:59:02.0687 2920 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:59:02.0687 2920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:59:02.0718 2920 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:59:02.0718 2920 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:59:02.0750 2920 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk1\DR1
21:59:02.0781 2920 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.b ) - infected
21:59:02.0781 2920 \Device\Harddisk1\DR1 - detected Rootkit.Boot.SST.b (0)
21:59:02.0781 2920 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
21:59:02.0781 2920 \Device\Harddisk1\DR1 - detected TDSS File System (1)
21:59:02.0796 2920 Boot (0x1200) (c74cb41dc07fe54b17605ca8ebe07451) \Device\Harddisk0\DR0\Partition0
21:59:02.0812 2920 \Device\Harddisk0\DR0\Partition0 - ok
21:59:02.0859 2920 Boot (0x1200) (5ccca835c3d1ec5a36eab8f55aa6428d) \Device\Harddisk1\DR1\Partition0
21:59:02.0859 2920 \Device\Harddisk1\DR1\Partition0 - ok
21:59:02.0890 2920 Boot (0x1200) (43b5f88b18169895d02182c27e90a5cf) \Device\Harddisk1\DR1\Partition1
21:59:02.0890 2920 \Device\Harddisk1\DR1\Partition1 - ok
21:59:02.0890 2920 ============================================================
21:59:02.0890 2920 Scan finished
21:59:02.0890 2920 ============================================================
21:59:03.0046 2912 Detected object count: 6
21:59:03.0046 2912 Actual detected object count: 6
22:38:08.0578 2912 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - copied to quarantine
22:38:08.0578 2912 MDM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:38:08.0718 2912 C:\Program Files\Web Assistant\ExtensionUpdaterService.exe - copied to quarantine
22:38:08.0718 2912 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:38:09.0640 2912 \Device\Harddisk0\DR0\# - copied to quarantine
22:38:09.0640 2912 \Device\Harddisk0\DR0 - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
22:38:09.0703 2912 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
22:38:09.0765 2912 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
22:38:09.0765 2912 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
22:38:09.0781 2912 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
22:38:09.0796 2912 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:38:09.0796 2912 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:38:09.0796 2912 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:38:09.0796 2912 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:38:09.0796 2912 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
22:38:09.0812 2912 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
22:38:09.0859 2912 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
22:38:09.0859 2912 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
22:38:09.0890 2912 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
22:38:09.0921 2912 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
22:38:10.0000 2912 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
22:38:10.0375 2912 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
22:38:10.0406 2912 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
22:38:10.0406 2912 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Quarantine
22:38:10.0421 2912 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:38:10.0421 2912 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
22:38:10.0421 2912 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
22:38:10.0437 2912 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
22:38:10.0500 2912 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
22:38:10.0500 2912 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
22:38:10.0515 2912 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
22:38:10.0515 2912 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
22:38:10.0515 2912 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
22:38:10.0515 2912 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:38:10.0531 2912 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:38:10.0531 2912 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:38:10.0531 2912 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:38:10.0562 2912 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
22:38:10.0562 2912 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
22:38:10.0562 2912 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
22:38:10.0578 2912 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
22:38:10.0578 2912 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
22:38:10.0593 2912 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
22:38:10.0609 2912 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
22:38:11.0000 2912 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
22:38:11.0046 2912 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
22:38:11.0046 2912 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:38:11.0109 2912 \Device\Harddisk1\DR1\# - copied to quarantine
22:38:11.0109 2912 \Device\Harddisk1\DR1 - copied to quarantine
22:38:11.0171 2912 \Device\Harddisk1\DR1\TDLFS\cfg.ini - copied to quarantine
22:38:11.0171 2912 \Device\Harddisk1\DR1\TDLFS\mbr - copied to quarantine
22:38:11.0171 2912 \Device\Harddisk1\DR1\TDLFS\bckfg.tmp - copied to quarantine
22:38:11.0187 2912 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
22:38:11.0187 2912 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
22:38:11.0187 2912 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
22:38:11.0203 2912 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
22:38:11.0203 2912 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
22:38:11.0218 2912 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
22:38:11.0265 2912 \Device\Harddisk1\DR1\TDLFS\keywords - copied to quarantine
22:38:11.0265 2912 \Device\Harddisk1\DR1\TDLFS\lsflt7.ver - copied to quarantine
22:38:11.0265 2912 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.b ) - User select action: Quarantine
22:38:11.0281 2912 \Device\Harddisk1\DR1\TDLFS\cfg.ini - copied to quarantine
22:38:11.0281 2912 \Device\Harddisk1\DR1\TDLFS\mbr - copied to quarantine
22:38:11.0281 2912 \Device\Harddisk1\DR1\TDLFS\bckfg.tmp - copied to quarantine
22:38:11.0296 2912 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
22:38:11.0296 2912 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
22:38:11.0343 2912 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
22:38:11.0343 2912 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
22:38:11.0359 2912 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
22:38:11.0359 2912 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
22:38:11.0375 2912 \Device\Harddisk1\DR1\TDLFS\keywords - copied to quarantine
22:38:11.0375 2912 \Device\Harddisk1\DR1\TDLFS\lsflt7.ver - copied to quarantine
22:38:11.0375 2912 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Quarantine
22:42:38.0359 2132 ============================================================
22:42:38.0359 2132 Scan started
22:42:38.0359 2132 Mode: Manual; SigCheck; TDLFS;
22:42:38.0359 2132 ============================================================
22:42:39.0687 2132 Abiosdsk - ok
22:42:39.0718 2132 abp480n5 - ok
22:42:39.0796 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:42:40.0437 2132 ACPI - ok
22:42:40.0468 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:42:40.0671 2132 ACPIEC - ok
22:42:40.0765 2132 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:42:40.0796 2132 AdobeFlashPlayerUpdateSvc - ok
22:42:40.0828 2132 adpu160m - ok
22:42:40.0890 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:42:41.0078 2132 aec - ok
22:42:41.0125 2132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:42:41.0203 2132 AFD - ok
22:42:41.0234 2132 Aha154x - ok
22:42:41.0265 2132 aic78u2 - ok
22:42:41.0296 2132 aic78xx - ok
22:42:41.0343 2132 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:42:41.0531 2132 Alerter - ok
22:42:41.0562 2132 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:42:41.0765 2132 ALG - ok
22:42:41.0781 2132 AliIde - ok
22:42:41.0812 2132 amsint - ok
22:42:41.0875 2132 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:42:42.0078 2132 AppMgmt - ok
22:42:42.0093 2132 asc - ok
22:42:42.0125 2132 asc3350p - ok
22:42:42.0140 2132 asc3550 - ok
22:42:42.0187 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:42:42.0375 2132 AsyncMac - ok
22:42:42.0421 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:42:42.0609 2132 atapi - ok
22:42:42.0625 2132 Atdisk - ok
22:42:42.0687 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:42:42.0859 2132 Atmarpc - ok
22:42:42.0890 2132 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:42:43.0062 2132 AudioSrv - ok
22:42:43.0109 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:42:43.0328 2132 audstub - ok
22:42:43.0375 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:42:43.0578 2132 Beep - ok
22:42:43.0640 2132 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
22:42:43.0859 2132 BITS - ok
22:42:43.0890 2132 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:42:44.0078 2132 Browser - ok
22:42:44.0296 2132 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
22:42:44.0343 2132 Browser Defender Update Service - ok
22:42:44.0375 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:42:44.0593 2132 cbidf2k - ok
22:42:44.0609 2132 cd20xrnt - ok
22:42:44.0656 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:42:44.0859 2132 Cdaudio - ok
22:42:44.0906 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:42:45.0078 2132 Cdfs - ok
22:42:45.0109 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:42:45.0312 2132 Cdrom - ok
22:42:45.0343 2132 Changer - ok
22:42:45.0390 2132 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:42:45.0578 2132 CiSvc - ok
22:42:45.0593 2132 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:42:45.0812 2132 ClipSrv - ok
22:42:45.0828 2132 CmdIde - ok
22:42:45.0859 2132 COMSysApp - ok
22:42:45.0921 2132 Cpqarray - ok
22:42:45.0984 2132 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:42:46.0156 2132 CryptSvc - ok
22:42:46.0187 2132 dac2w2k - ok
22:42:46.0218 2132 dac960nt - ok
22:42:46.0281 2132 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:42:46.0375 2132 DcomLaunch - ok
22:42:46.0437 2132 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:42:46.0640 2132 Dhcp - ok
22:42:46.0656 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:46.0859 2132 Disk - ok
22:42:46.0875 2132 dmadmin - ok
22:42:47.0000 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:42:47.0281 2132 dmboot - ok
22:42:47.0328 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:42:47.0546 2132 dmio - ok
22:42:47.0562 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:42:47.0765 2132 dmload - ok
22:42:47.0812 2132 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:42:48.0000 2132 dmserver - ok
22:42:48.0031 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:42:48.0234 2132 DMusic - ok
22:42:48.0250 2132 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:42:48.0312 2132 Dnscache - ok
22:42:48.0343 2132 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:42:48.0562 2132 Dot3svc - ok
22:42:48.0578 2132 dpti2o - ok
22:42:48.0625 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:42:48.0812 2132 drmkaud - ok
22:42:48.0859 2132 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:42:49.0046 2132 EapHost - ok
22:42:49.0078 2132 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:42:49.0265 2132 ERSvc - ok
22:42:49.0296 2132 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:42:49.0343 2132 Eventlog - ok
22:42:49.0406 2132 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:42:49.0453 2132 EventSystem - ok
22:42:49.0484 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:42:49.0687 2132 Fastfat - ok
22:42:49.0734 2132 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:42:49.0843 2132 FastUserSwitchingCompatibility - ok
22:42:49.0890 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:42:50.0078 2132 Fdc - ok
22:42:50.0125 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:42:50.0312 2132 Fips - ok
22:42:50.0343 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:42:50.0531 2132 Flpydisk - ok
22:42:50.0578 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:42:50.0765 2132 FltMgr - ok
22:42:50.0812 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:42:51.0015 2132 Fs_Rec - ok
22:42:51.0046 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:42:51.0250 2132 Ftdisk - ok
22:42:51.0281 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:42:51.0468 2132 Gpc - ok
22:42:51.0625 2132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:51.0687 2132 gupdate - ok
22:42:51.0703 2132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:51.0734 2132 gupdatem - ok
22:42:51.0781 2132 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:42:51.0828 2132 gusvc - ok
22:42:51.0859 2132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:42:52.0046 2132 HDAudBus - ok
22:42:52.0125 2132 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:42:52.0312 2132 helpsvc - ok
22:42:52.0328 2132 HidServ - ok
22:42:52.0375 2132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:42:52.0546 2132 hidusb - ok
22:42:52.0578 2132 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:42:52.0765 2132 hkmsvc - ok
22:42:52.0796 2132 hpn - ok
22:42:52.0859 2132 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:42:52.0921 2132 HSFHWBS2 - ok
22:42:53.0015 2132 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:42:53.0109 2132 HSF_DPV - ok
22:42:53.0171 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:42:53.0203 2132 HTTP - ok
22:42:53.0250 2132 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:42:53.0421 2132 HTTPFilter - ok
22:42:53.0437 2132 i2omgmt - ok
22:42:53.0484 2132 i2omp - ok
22:42:53.0531 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:42:53.0718 2132 i8042prt - ok
22:42:53.0796 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:42:53.0984 2132 Imapi - ok
22:42:54.0015 2132 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
22:42:54.0203 2132 ImapiService - ok
22:42:54.0250 2132 ini910u - ok
22:42:54.0515 2132 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:42:54.0796 2132 IntcAzAudAddService - ok
22:42:54.0890 2132 IntelIde - ok
22:42:54.0937 2132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:42:55.0109 2132 intelppm - ok
22:42:55.0125 2132 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:42:55.0328 2132 ip6fw - ok
22:42:55.0359 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:42:55.0562 2132 IpFilterDriver - ok
22:42:55.0593 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:42:55.0781 2132 IpInIp - ok
22:42:55.0812 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:42:56.0031 2132 IpNat - ok
22:42:56.0062 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:42:56.0250 2132 IPSec - ok
22:42:56.0296 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:42:56.0484 2132 IRENUM - ok
22:42:56.0531 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:42:56.0703 2132 isapnp - ok
22:42:56.0828 2132 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:42:56.0859 2132 JavaQuickStarterService - ok
22:42:56.0890 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:42:57.0093 2132 Kbdclass - ok
22:42:57.0140 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:42:57.0328 2132 kmixer - ok
22:42:57.0359 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:42:57.0437 2132 KSecDD - ok
22:42:57.0484 2132 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:42:57.0578 2132 lanmanserver - ok
22:42:57.0625 2132 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:42:57.0687 2132 lanmanworkstation - ok
22:42:57.0703 2132 lbrtfdc - ok
22:42:57.0796 2132 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:42:57.0968 2132 LmHosts - ok
22:42:58.0046 2132 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:42:58.0078 2132 MDM ( UnsignedFile.Multi.Generic ) - warning
22:42:58.0078 2132 MDM - detected UnsignedFile.Multi.Generic (1)
22:42:58.0140 2132 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:42:58.0171 2132 mdmxsdk - ok
22:42:58.0203 2132 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:42:58.0406 2132 Messenger - ok
22:42:58.0437 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:42:58.0640 2132 mnmdd - ok
22:42:58.0687 2132 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:42:58.0859 2132 mnmsrvc - ok
22:42:58.0906 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:42:59.0093 2132 Modem - ok
22:42:59.0140 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:42:59.0312 2132 Mouclass - ok
22:42:59.0359 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:42:59.0562 2132 mouhid - ok
22:42:59.0593 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:42:59.0796 2132 MountMgr - ok
22:42:59.0812 2132 mraid35x - ok
22:42:59.0859 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:43:00.0031 2132 MRxDAV - ok
22:43:00.0109 2132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:43:00.0156 2132 MRxSmb - ok
22:43:00.0187 2132 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:43:00.0375 2132 MSDTC - ok
22:43:00.0406 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:43:00.0578 2132 Msfs - ok
22:43:00.0593 2132 MSIServer - ok
22:43:00.0656 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:43:00.0828 2132 MSKSSRV - ok
22:43:00.0859 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:43:01.0031 2132 MSPCLOCK - ok
22:43:01.0062 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:43:01.0250 2132 MSPQM - ok
22:43:01.0281 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:43:01.0484 2132 mssmbios - ok
22:43:01.0515 2132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:43:01.0562 2132 Mup - ok
22:43:01.0625 2132 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:43:01.0828 2132 napagent - ok
22:43:01.0890 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:43:02.0078 2132 NDIS - ok
22:43:02.0109 2132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:43:02.0171 2132 NdisTapi - ok
22:43:02.0203 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:43:02.0390 2132 Ndisuio - ok
22:43:02.0437 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:43:02.0609 2132 NdisWan - ok
22:43:02.0671 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:43:02.0734 2132 NDProxy - ok
22:43:02.0781 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:43:02.0968 2132 NetBIOS - ok
22:43:03.0000 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:43:03.0203 2132 NetBT - ok
22:43:03.0250 2132 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:43:03.0453 2132 NetDDE - ok
22:43:03.0468 2132 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:43:03.0656 2132 NetDDEdsdm - ok
22:43:03.0703 2132 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:43:03.0859 2132 Netlogon - ok
22:43:03.0921 2132 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:43:04.0093 2132 Netman - ok
22:43:04.0156 2132 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:43:04.0218 2132 Nla - ok
22:43:04.0234 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:43:04.0437 2132 Npfs - ok
22:43:04.0500 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:43:04.0765 2132 Ntfs - ok
22:43:04.0781 2132 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:43:04.0968 2132 NtLmSsp - ok
22:43:05.0031 2132 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:43:05.0265 2132 NtmsSvc - ok
22:43:05.0296 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:43:05.0500 2132 Null - ok
22:43:05.0531 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:43:05.0718 2132 NwlnkFlt - ok
22:43:05.0750 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:43:05.0953 2132 NwlnkFwd - ok
22:43:06.0125 2132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:43:06.0171 2132 odserv - ok
22:43:06.0234 2132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:06.0281 2132 ose - ok
22:43:06.0343 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:43:06.0531 2132 Parport - ok
22:43:06.0609 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:43:06.0796 2132 PartMgr - ok
22:43:06.0828 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:43:07.0031 2132 ParVdm - ok
22:43:07.0062 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:43:07.0234 2132 PCI - ok
22:43:07.0250 2132 PCIDump - ok
22:43:07.0281 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:43:07.0484 2132 PCIIde - ok
22:43:07.0531 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:43:07.0718 2132 Pcmcia - ok
22:43:07.0765 2132 PCTBD (f66917b35d1e543065bdba7853d2e26d) C:\WINDOWS\system32\Drivers\PCTBD.sys
22:43:07.0796 2132 PCTBD - ok
22:43:07.0859 2132 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys
22:43:07.0906 2132 PCTCore - ok
22:43:07.0953 2132 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
22:43:08.0000 2132 pctDS - ok
22:43:08.0078 2132 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
22:43:08.0156 2132 pctEFA - ok
22:43:08.0203 2132 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys
22:43:08.0234 2132 PCTSD - ok
22:43:08.0250 2132 PDCOMP - ok
22:43:08.0281 2132 PDFRAME - ok
22:43:08.0312 2132 PDRELI - ok
22:43:08.0343 2132 PDRFRAME - ok
22:43:08.0375 2132 perc2 - ok
22:43:08.0406 2132 perc2hib - ok
22:43:08.0531 2132 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:43:08.0562 2132 PlugPlay - ok
22:43:08.0609 2132 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:43:08.0781 2132 PolicyAgent - ok
22:43:08.0812 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:43:09.0000 2132 PptpMiniport - ok
22:43:09.0046 2132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:43:09.0218 2132 Processor - ok
22:43:09.0234 2132 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:43:09.0421 2132 ProtectedStorage - ok
22:43:09.0453 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:43:09.0656 2132 PSched - ok
22:43:09.0687 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:43:09.0906 2132 Ptilink - ok
22:43:09.0937 2132 ql1080 - ok
22:43:09.0968 2132 Ql10wnt - ok
22:43:10.0000 2132 ql12160 - ok
22:43:10.0031 2132 ql1240 - ok
22:43:10.0062 2132 ql1280 - ok
22:43:10.0093 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:43:10.0281 2132 RasAcd - ok
22:43:10.0312 2132 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:43:10.0500 2132 RasAuto - ok
22:43:10.0546 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:43:10.0718 2132 Rasl2tp - ok
22:43:10.0765 2132 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:43:10.0953 2132 RasMan - ok
22:43:10.0968 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:43:11.0171 2132 RasPppoe - ok
22:43:11.0187 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:43:11.0406 2132 Raspti - ok
22:43:11.0437 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:43:11.0625 2132 Rdbss - ok
22:43:11.0640 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:43:11.0843 2132 RDPCDD - ok
22:43:11.0906 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:43:12.0093 2132 rdpdr - ok
22:43:12.0156 2132 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:43:12.0218 2132 RDPWD - ok
22:43:12.0265 2132 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:43:12.0468 2132 RDSessMgr - ok
22:43:12.0515 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:43:12.0703 2132 redbook - ok
22:43:12.0734 2132 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:43:12.0921 2132 RemoteAccess - ok
22:43:12.0968 2132 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:43:13.0156 2132 RemoteRegistry - ok
22:43:13.0171 2132 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:43:13.0343 2132 RpcLocator - ok
22:43:13.0406 2132 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:43:13.0453 2132 RpcSs - ok
22:43:13.0484 2132 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:43:13.0671 2132 RSVP - ok
22:43:13.0703 2132 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:43:13.0875 2132 rtl8139 - ok
22:43:13.0890 2132 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:43:14.0062 2132 SamSs - ok
22:43:14.0125 2132 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:43:14.0312 2132 SCardSvr - ok
22:43:14.0359 2132 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:43:14.0546 2132 Schedule - ok
22:43:14.0734 2132 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
22:43:14.0781 2132 sdAuxService - ok
22:43:14.0875 2132 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
22:43:14.0968 2132 sdCoreService - ok
22:43:15.0093 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:43:15.0281 2132 Secdrv - ok
22:43:15.0328 2132 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:43:15.0500 2132 seclogon - ok
22:43:15.0546 2132 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:43:15.0718 2132 SENS - ok
22:43:15.0750 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:43:15.0921 2132 serenum - ok
22:43:15.0953 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:43:16.0171 2132 Serial - ok
22:43:16.0187 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:43:16.0375 2132 Sfloppy - ok
22:43:16.0437 2132 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:43:16.0656 2132 SharedAccess - ok
22:43:16.0687 2132 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:43:16.0718 2132 ShellHWDetection - ok
22:43:16.0734 2132 Simbad - ok
22:43:16.0765 2132 Sparrow - ok
22:43:16.0796 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:43:16.0984 2132 splitter - ok
22:43:17.0015 2132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:43:17.0078 2132 Spooler - ok
22:43:17.0125 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:43:17.0312 2132 sr - ok
22:43:17.0375 2132 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
22:43:17.0578 2132 srservice - ok
22:43:17.0625 2132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:43:17.0718 2132 Srv - ok
22:43:17.0765 2132 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:43:17.0968 2132 SSDPSRV - ok
22:43:18.0015 2132 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:43:18.0234 2132 stisvc - ok
22:43:18.0265 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:43:18.0468 2132 swenum - ok
22:43:18.0500 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:43:18.0703 2132 swmidi - ok
22:43:18.0718 2132 SwPrv - ok
22:43:18.0765 2132 symc810 - ok
22:43:18.0796 2132 symc8xx - ok
22:43:18.0828 2132 sym_hi - ok
22:43:18.0859 2132 sym_u3 - ok
22:43:18.0906 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:43:19.0109 2132 sysaudio - ok
22:43:19.0156 2132 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:43:19.0343 2132 SysmonLog - ok
22:43:19.0390 2132 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:43:19.0578 2132 TapiSrv - ok
22:43:19.0640 2132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:43:19.0703 2132 Tcpip - ok
22:43:19.0734 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:43:19.0921 2132 TDPIPE - ok
22:43:19.0953 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:43:20.0125 2132 TDTCP - ok
22:43:20.0156 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:43:20.0343 2132 TermDD - ok
22:43:20.0390 2132 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:43:20.0593 2132 TermService - ok
22:43:20.0640 2132 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:43:20.0671 2132 Themes - ok
22:43:20.0703 2132 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:43:20.0890 2132 TlntSvr - ok
22:43:20.0921 2132 TosIde - ok
22:43:20.0968 2132 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:43:21.0156 2132 TrkWks - ok
22:43:21.0218 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:43:21.0375 2132 Udfs - ok
22:43:21.0421 2132 ultra - ok
22:43:21.0500 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:43:21.0718 2132 Update - ok
22:43:21.0765 2132 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:43:21.0984 2132 upnphost - ok
22:43:22.0015 2132 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:43:22.0218 2132 UPS - ok
22:43:22.0250 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:43:22.0421 2132 usbehci - ok
22:43:22.0437 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:43:22.0625 2132 usbhub - ok
22:43:22.0671 2132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:43:22.0859 2132 usbohci - ok
22:43:22.0875 2132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:43:23.0062 2132 usbprint - ok
22:43:23.0109 2132 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:43:23.0281 2132 usbstor - ok
22:43:23.0296 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:43:23.0484 2132 VgaSave - ok
22:43:23.0515 2132 ViaIde - ok
22:43:23.0562 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:43:23.0750 2132 VolSnap - ok
22:43:23.0812 2132 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:43:24.0031 2132 VSS - ok
22:43:24.0093 2132 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
22:43:24.0312 2132 W32Time - ok
22:43:24.0359 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:43:24.0546 2132 Wanarp - ok
22:43:24.0562 2132 WDICA - ok
22:43:24.0609 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:43:24.0812 2132 wdmaud - ok
22:43:24.0937 2132 Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
22:43:24.0953 2132 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
22:43:24.0953 2132 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
22:43:25.0000 2132 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:43:25.0156 2132 WebClient - ok
22:43:25.0250 2132 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:43:25.0343 2132 winachsf - ok
22:43:25.0421 2132 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:43:25.0656 2132 winmgmt - ok
22:43:25.0734 2132 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
22:43:25.0796 2132 WmdmPmSN - ok
22:43:25.0859 2132 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:43:25.0953 2132 Wmi - ok
22:43:26.0015 2132 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:43:26.0218 2132 WmiApSrv - ok
22:43:26.0281 2132 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:43:26.0468 2132 WS2IFSL - ok
22:43:26.0515 2132 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:43:26.0703 2132 wscsvc - ok
22:43:26.0734 2132 WSearch - ok
22:43:26.0796 2132 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:43:26.0984 2132 wuauserv - ok
22:43:27.0046 2132 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:43:27.0234 2132 WZCSVC - ok
22:43:27.0281 2132 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:43:27.0468 2132 xmlprov - ok
22:43:27.0515 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:43:27.0546 2132 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
22:43:27.0546 2132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
22:43:27.0578 2132 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:43:27.0578 2132 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:43:27.0593 2132 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk1\DR1
22:43:27.0640 2132 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.b ) - infected
22:43:27.0640 2132 \Device\Harddisk1\DR1 - detected Rootkit.Boot.SST.b (0)
22:43:27.0640 2132 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
22:43:27.0640 2132 \Device\Harddisk1\DR1 - detected TDSS File System (1)
22:43:27.0656 2132 Boot (0x1200) (c74cb41dc07fe54b17605ca8ebe07451) \Device\Harddisk0\DR0\Partition0
22:43:27.0656 2132 \Device\Harddisk0\DR0\Partition0 - ok
22:43:27.0703 2132 Boot (0x1200) (5ccca835c3d1ec5a36eab8f55aa6428d) \Device\Harddisk1\DR1\Partition0
22:43:27.0703 2132 \Device\Harddisk1\DR1\Partition0 - ok
22:43:27.0734 2132 Boot (0x1200) (43b5f88b18169895d02182c27e90a5cf) \Device\Harddisk1\DR1\Partition1
22:43:27.0734 2132 \Device\Harddisk1\DR1\Partition1 - ok
22:43:27.0750 2132 ============================================================
22:43:27.0750 2132 Scan finished
22:43:27.0750 2132 ============================================================
22:43:27.0796 2152 Detected object count: 6
22:43:27.0796 2152 Actual detected object count: 6
22:54:05.0171 2152 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:05.0171 2152 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:05.0171 2152 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:05.0171 2152 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:54:06.0125 2152 \Device\Harddisk0\DR0\# - copied to quarantine
22:54:06.0125 2152 \Device\Harddisk0\DR0 - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
22:54:06.0187 2152 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
22:54:06.0250 2152 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
22:54:06.0250 2152 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
22:54:06.0265 2152 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
22:54:06.0265 2152 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:54:06.0281 2152 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:54:06.0281 2152 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:54:06.0281 2152 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:54:06.0281 2152 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
22:54:06.0281 2152 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
22:54:06.0343 2152 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
22:54:06.0343 2152 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
22:54:06.0375 2152 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
22:54:06.0406 2152 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
22:54:06.0437 2152 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
22:54:06.0890 2152 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
22:54:06.0921 2152 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
22:54:06.0921 2152 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
22:54:06.0921 2152 \Device\Harddisk0\DR0 - ok
22:54:06.0968 2152 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
22:54:06.0984 2152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:54:06.0984 2152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:54:07.0015 2152 \Device\Harddisk1\DR1\# - copied to quarantine
22:54:07.0015 2152 \Device\Harddisk1\DR1 - copied to quarantine
22:54:07.0093 2152 \Device\Harddisk1\DR1\TDLFS\cfg.ini - copied to quarantine
22:54:07.0109 2152 \Device\Harddisk1\DR1\TDLFS\mbr - copied to quarantine
22:54:07.0109 2152 \Device\Harddisk1\DR1\TDLFS\bckfg.tmp - copied to quarantine
22:54:07.0109 2152 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
22:54:07.0125 2152 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
22:54:07.0125 2152 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
22:54:07.0140 2152 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
22:54:07.0140 2152 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
22:54:07.0187 2152 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
22:54:07.0187 2152 \Device\Harddisk1\DR1\TDLFS\keywords - copied to quarantine
22:54:07.0203 2152 \Device\Harddisk1\DR1\TDLFS\lsflt7.ver - copied to quarantine
22:54:07.0234 2152 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.b ) - will be cured on reboot
22:54:07.0234 2152 \Device\Harddisk1\DR1 - ok
22:54:07.0265 2152 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.b ) - User select action: Cure
22:54:07.0265 2152 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
22:54:07.0265 2152 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
22:56:31.0296 2820 Deinitialize success
  • 0

Advertisements

#2
Aluckett
Posted 18 June 2012 - 10:21 AM

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Update on my original situation with the "S.M.A.R.T. Repair Data Recover" virus.

I ran ComboFix Saturday evening, and the situation has improved. I can now boot normally without getting the cascading error messages and the "SMART Repair" screen. The file names have reappeared in Windows Explorer; so far I am not noticing anything completely missing. I have located a couple of programs by searching for them in Windows Explorer, and run them successfully. However, my desktop is not yet back, and very little appears beyond the first menus from the "Start" button. So still a lot of cleanup and restore to do, plus that low-grade fear that running the computer in this state may be adding to other problems that haven't become evident yet.

Thanks, Al
  • 0

#3
Essexboy
Posted 18 June 2012 - 01:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there the first thing to do is recover your files/icons

Then get a fresh OTL scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log

  • 0

#4
Aluckett
Posted 20 June 2012 - 10:55 PM

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Reports from Rogue Killer processes:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: AL [Admin rights]
Mode: Scan -- Date: 06/21/2012 00:16:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JB-00JJA0 +++++
--- User ---
[MBR] c6c4e61a61f27a3aadaea8184674b82d
[BSP] 25e108d906b88b217f92ff4fef6a42e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160212A +++++
--- User ---
[MBR] 5ace5c2dd8bf107a26f38f3925c0d5a3
[BSP] db63615aa66f3fdfa2e467ad7beb91fe : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11100915 | Size: 147204 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5420 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: AL [Admin rights]
Mode: Remove -- Date: 06/21/2012 00:19:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\WINDOWS\web\wallpaper\Bliss.bmp)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JB-00JJA0 +++++
--- User ---
[MBR] c6c4e61a61f27a3aadaea8184674b82d
[BSP] 25e108d906b88b217f92ff4fef6a42e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160212A +++++
--- User ---
[MBR] 5ace5c2dd8bf107a26f38f3925c0d5a3
[BSP] db63615aa66f3fdfa2e467ad7beb91fe : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11100915 | Size: 147204 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5420 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: AL [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/21/2012 00:28:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 61 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1029 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[G:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[H:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[I:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
[J:] \Device\Harddisk5\DP(1)0-0+c -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Output log from that final OTL scan with special custom steps: OTL logfile created on: 6/21/2012 12:42:12 AM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Administrator.AL-PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 459.21 Mb Available Physical Memory | 51.39% Memory free
2.12 Gb Paging File | 1.75 Gb Available in Paging File | 82.61% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.53 Gb Free Space | 70.50% Space Free | Partition Type: NTFS
Drive D: | 700.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 143.75 Gb Total Space | 97.30 Gb Free Space | 67.68% Space Free | Partition Type: NTFS
Drive F: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.41% Space Free | Partition Type: FAT32

Computer Name: AL-PC | User Name: AL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 00:14:09 | 001,521,152 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\RogueKiller.exe
PRC - [2012/06/15 23:18:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AL-PC\Desktop\OTL.exe
PRC - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/04/07 08:40:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.AL-\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/21 00:15:49 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{35CE37D6-BD17-4CD9-8B38-10991C734297}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-299502267-1482476501-839522115-1003\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKU\S-1-5-21-299502267-1482476501-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1482476501-839522115-1003\..\SearchScopes\{35CE37D6-BD17-4CD9-8B38-10991C734297}: "URL" = http://www.google.co...1I7ADFA_enUS461
IE - HKU\S-1-5-21-299502267-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/06/15 04:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/16 20:31:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1482476501-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-299502267-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BBE297A-591D-4E6C-8592-DC87B2EEA02F}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/15 11:58:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 00:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Desktop\RK_Quarantine
[2012/06/20 07:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Application Data\Malwarebytes
[2012/06/19 16:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Clara Aly Christina
[2012/06/17 10:16:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/16 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/16 20:23:35 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/06/16 20:16:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/16 20:16:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/16 20:16:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/16 20:16:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/16 20:16:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/16 20:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/15 22:58:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AL\Recent
[2012/06/15 22:38:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/15 05:02:49 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0616.old
[2012/06/15 05:02:49 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0616.old
[2012/06/15 05:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/15 04:59:23 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/06/15 04:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/15 04:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/06/15 04:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/15 04:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/15 04:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/15 03:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/15 03:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/15 03:56:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/15 03:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/15 03:33:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\CSC
[2012/06/14 21:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Start Menu\Programs\Data Recovery
[2012/06/14 08:12:28 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 00:43:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/21 00:15:49 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/21 00:14:09 | 001,521,152 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\RogueKiller.exe
[2012/06/21 00:11:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 00:04:44 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 00:04:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/20 17:43:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 23:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/19 09:40:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 03:57:53 | 000,001,131 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\Shortcut to WINWORD.lnk
[2012/06/18 00:46:04 | 000,682,360 | ---- | M] () -- C:\Documents and Settings\AL\My Documents\lii_usc_TI_26_ST_A_CH_1_SC_F.pdf
[2012/06/18 00:23:47 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\Shortcut to freecell.lnk
[2012/06/17 10:03:46 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\AL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/16 20:31:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/16 20:23:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/15 22:58:05 | 000,532,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/15 13:56:57 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7r
[2012/06/15 13:56:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7
[2012/06/15 05:58:06 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2012/06/15 05:16:15 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\AL\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/15 04:48:47 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/06/15 03:57:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 21:28:48 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\Data_Recovery.lnk
[2012/06/14 09:28:07 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:10:20 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/14 02:08:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/11 21:15:57 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/05 14:39:00 | 002,612,736 | ---- | M] () -- C:\Documents and Settings\AL\My Documents\AAMC 2011-annual-report.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 00:15:49 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/21 00:14:07 | 001,521,152 | ---- | C] () -- C:\Documents and Settings\AL\Desktop\RogueKiller.exe
[2012/06/18 03:57:53 | 000,001,131 | ---- | C] () -- C:\Documents and Settings\AL\Desktop\Shortcut to WINWORD.lnk
[2012/06/18 00:46:04 | 000,682,360 | ---- | C] () -- C:\Documents and Settings\AL\My Documents\lii_usc_TI_26_ST_A_CH_1_SC_F.pdf
[2012/06/18 00:23:47 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\AL\Desktop\Shortcut to freecell.lnk
[2012/06/16 20:23:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/16 20:23:36 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/06/16 20:16:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/16 20:16:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/16 20:16:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/16 20:16:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/16 20:16:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/15 22:57:43 | 000,532,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/15 05:16:15 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\AL\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/15 05:02:49 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0616.old
[2012/06/15 04:48:47 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/06/15 03:57:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 21:28:49 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7r
[2012/06/14 21:28:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7
[2012/06/14 21:28:48 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\AL\Desktop\Data_Recovery.lnk
[2012/06/05 14:39:00 | 002,612,736 | ---- | C] () -- C:\Documents and Settings\AL\My Documents\AAMC 2011-annual-report.pdf
[2012/03/31 12:30:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012/02/15 09:11:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 04:05:32 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/08 22:08:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[2011/11/27 19:41:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 06:42:26 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\AL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 12:01:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 11:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/15 05:46:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/15 05:45:20 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/06/15 04:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2012/06/15 14:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AL-PC\Application Data\TestApp
[2011/11/19 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\ICAClient
[2011/11/19 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\TaxCut
[2012/01/31 19:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\Windows Desktop Search
[2012/02/10 08:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\Windows Search
[2012/05/20 19:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/06/15 05:58:06 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/03/31 08:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2003/03/31 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2003/03/31 08:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.MSC >
[2003/03/31 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2003/03/31 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/03/31 08:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2003/03/31 08:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< End of report >

Wasn't sure if you wanted that one. Hoping I followed all instructions completely and properly. Any other steps beyond reboot and see how it behaves? Please let me know if you note items of interest in the logs.

Thanks a lot, Essexman Al
  • 0

#5
Aluckett
Posted 20 June 2012 - 11:26 PM

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I have restarted and logged back in. Finding that upon hitting the "Start" button and going to "All Programs" that the first level menu of possible applications comes up, but after that, many directories (other than Accessories) say "empty" after that. I am pretty sure the programs are still out there. I located a couple (Microsoft Word and a game) and installed shortcuts on my desktop for them. For a couple of programs that previously had shortcuts on the desktop, the shortcuts have come back to the desktop. I can't recall everything I had on the desktop, so I consider the desktop to be a success. Can you think of anything I can do to get these various options/links/shortcuts re-instated?

Thanks, Al
  • 0

#6
Essexboy
Posted 21 June 2012 - 08:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can find the remainder, combofix may have quarantined them

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/14 21:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Start Menu\Programs\Data Recovery
    [2012/06/15 13:56:57 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7r
    [2012/06/15 13:56:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dKspPj7AyVgUa7
    [2012/06/15 05:16:15 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\AL\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/06/14 21:28:48 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\AL\Desktop\Data_Recovery.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Then please navigate to C:\QooBox\Quarantine


And let me know which of the following folders are present

smtmp\1
smtmp\2
smtmp\3
smtmp\4
  • 0

#7
Essexboy
Posted 27 June 2012 - 11:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
admin
Posted 11 July 2012 - 11:46 PM

admin

    Founder Geek

  • Administrator
  • 24,575 posts
Opened at topic starters request.

Please re-open the topic "S.M.A.R.T. Repair Data Recover" virus infection [Closed]. I opened on June 16 but couldn't get back to complete all actions suggested by Essexboy, so he closed it on June 27. My computer is still not back to 100% and I would like to try to get things right again.

Thanks


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP