Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Word Highlight Adware [Solved]

Started by Lucas Buck , Jul 13 2012 11:51 AM

  • This topic is locked This topic is locked

#1
Lucas Buck
Posted 13 July 2012 - 11:51 AM

Lucas Buck

    Member

  • Member
  • PipPip
  • 60 posts
I'm getting word highlights & hotlinks on various sites. When you curser over these highlighted words you get a popup ad. It's also interfering with some vbulletin activities. My pc has also become painfully slow which I suspect is related to this adware.

OTL


OTL logfile created on: 7/13/2012 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Jake\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 249.71 Mb Available Physical Memory | 26.05% Memory free
2.26 Gb Paging File | 0.88 Gb Available in Paging File | 38.71% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 2.51 Gb Free Space | 3.52% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 11:12:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jake\My Documents\Downloads\OTL.exe
PRC - [2012/06/28 15:21:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Jake\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jake\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/17 15:18:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2012/05/12 11:30:45 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/24 16:18:46 | 000,328,800 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/09 11:58:23 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/09 11:58:22 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/06 23:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/08/09 06:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/12 18:46:56 | 000,951,976 | ---- | M] (Acertant) -- C:\Program Files\Acertant\TuneRanger\TuneRangerHelper.exe
PRC - [2006/09/23 09:53:14 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/08/15 09:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/01/20 11:47:34 | 000,081,920 | ---- | M] (Intrigue Technologies Inc) -- C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
PRC - [2004/01/19 13:51:20 | 000,253,952 | ---- | M] () -- C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 15:21:56 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 15:21:53 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\pdf.dll
MOD - [2012/06/28 15:20:37 | 000,526,872 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\libglesv2.dll
MOD - [2012/06/28 15:20:35 | 000,104,984 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\libegl.dll
MOD - [2012/06/28 15:20:24 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\avutil-51.dll
MOD - [2012/06/28 15:20:23 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\avformat-54.dll
MOD - [2012/06/28 15:20:22 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\avcodec-54.dll
MOD - [2012/06/28 14:14:46 | 009,252,040 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
MOD - [2012/06/15 10:31:33 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/15 10:31:11 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/15 10:30:28 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/15 10:21:00 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/15 10:20:04 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 19:38:19 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 19:38:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 10:56:52 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 10:54:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 10:17:01 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 19:53:17 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 19:47:50 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 19:47:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/12/09 13:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 13:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/06/04 00:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll
MOD - [2006/09/23 09:53:14 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/09/23 09:53:14 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/08/23 18:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2004/01/19 13:51:20 | 000,253,952 | ---- | M] () -- C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/10 12:35:36 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/04/12 10:18:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/09 11:58:22 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2010/08/08 20:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/10/18 12:51:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/13 10:15:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5B0F74F-84EA-497C-9C13-CFA99969EA84}\MpKsl30573b33.sys -- (MpKsl30573b33)
DRV - [2011/07/21 08:42:46 | 000,030,016 | ---- | M] (Jaksta Technologies Pty Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jakndis.sys -- (jakndisMP)
DRV - [2011/07/21 08:42:46 | 000,030,016 | ---- | M] (Jaksta Technologies Pty Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jakndis.sys -- (jakndis)
DRV - [2010/11/06 23:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/07/04 13:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/06 15:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 16:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/10/01 12:06:38 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MWP54XP.sys -- (RT73) (Windy31)
DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/15 09:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 12:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 13:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/19 03:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2060923
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2060923
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...039&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/home
IE - HKCU\..\SearchScopes,DefaultScope = {76E9350E-0392-9C19-F83A-99BC015260AF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKCU\..\SearchScopes\{1651B310-4F50-47F2-B93A-F7E3970ECF27}: "URL" = http://www.google.co...&rlz=1I7DMUS_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{839AC267-A314-461F-A550-A5DBC1ECE7FD}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Documents and Settings\Jake\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/05/17 15:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/05/17 15:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/15 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/15 17:03:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{28A5279E-2864-47A0-9044-45F8610C7780}: C:\Documents and Settings\Jake\Local Settings\Application Data\{28A5279E-2864-47A0-9044-45F8610C7780}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/17 15:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 15:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/17 15:21:11 | 000,000,000 | ---D | M]

[2008/10/28 17:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Extensions
[2012/02/09 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions
[2009/06/19 11:05:21 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/06/19 11:05:21 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/05 13:16:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/09 12:43:12 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/01/14 18:00:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/19 11:05:22 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/17 11:06:57 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011/01/12 11:50:09 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/06/19 11:05:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/19 11:05:29 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/06/19 11:05:23 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{d07a4843-111f-4699-8551-8ce2afa075cd}
[2009/06/19 11:05:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/19 11:05:23 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/06/19 11:05:35 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2008/10/31 17:10:33 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/06/19 11:05:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]
[2009/04/16 10:45:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]
[2011/05/07 12:11:31 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]
[2011/01/12 11:50:57 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]
[2012/04/24 19:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/12 18:38:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 16:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 12:03:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/19 10:54:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009/01/24 14:35:59 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/01/24 14:35:59 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/01/24 14:36:00 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2012/03/19 10:53:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/17 15:18:49 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/01/12 11:50:00 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - homepage: http://my.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://my.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Documents and Settings\Jake\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: WOT = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AutocompletePro plugin for chrome = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/01/12 14:53:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Foxit Toolbar) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (myBabylon EnglishBB Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (myBabylon EnglishBB Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {73C7D5B0-7B03-444A-84C7-CE1BA03B5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {73C7D5B0-7B03-444A-84C7-CE1BA03B5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon EnglishBB Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TuneRanger] C:\Program Files\Acertant\TuneRanger\TuneRangerHelper.exe (Acertant)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Jake\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe (Intrigue Technologies Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jake\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jake\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FCCF9AB-3149-4F2F-AC90-D73CFECC5E3D}: DhcpNameServer = 10.0.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/22 12:33:05 | 000,000,000 | ---D | M] - C:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 11:27:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jake\Recent
[2012/06/14 10:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/06/14 10:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Application Data\SystemRequirementsLab
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 10:56:16 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/13 10:22:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/13 10:14:10 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/07/13 10:12:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/13 10:12:03 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 18:47:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1589004260-2341141940-3578749746-1007.job
[2012/07/12 18:47:29 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1589004260-2341141940-3578749746-1007.job
[2012/07/11 10:11:19 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 19:14:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 10:12:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 19:38:33 | 000,504,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 19:38:33 | 000,089,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 19:09:07 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 05:59:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/10 13:53:08 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/07/09 17:24:25 | 000,001,844 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/07/09 17:24:20 | 000,001,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/07/09 17:24:17 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/07/09 17:24:14 | 000,011,473 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/07/09 17:23:53 | 000,001,206 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/07/09 17:23:49 | 000,003,008 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/07/09 17:23:40 | 000,003,065 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/07/09 17:23:31 | 000,003,153 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/07/09 17:23:23 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/07/09 17:23:14 | 000,002,987 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/07/09 17:22:40 | 000,012,496 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/09 17:22:19 | 000,018,032 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/07/09 17:21:49 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/07/09 17:18:13 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/07/09 17:17:45 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/07/09 17:17:15 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/07/09 17:16:45 | 000,002,897 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/07/09 17:16:17 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/07/09 17:15:40 | 000,002,843 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/07/09 17:15:19 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/07/09 17:14:52 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/07/09 17:13:17 | 000,510,840 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/07/09 17:13:17 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/06/07 19:16:14 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2011/06/07 19:16:13 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2011/06/07 19:16:12 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2011/06/07 19:16:12 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2008/09/10 13:09:55 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Jake\Application Data\wklnhst.dat
[2008/07/02 14:05:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\fusioncache.dat
[2008/05/09 17:36:38 | 000,204,800 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/02/08 12:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2009/02/26 21:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/03/24 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/09 11:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/12/24 13:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2012/04/24 13:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2008/08/05 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/07/10 11:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 10:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/01/11 15:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/03/13 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 10:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/09 14:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/23 16:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Acertant
[2008/12/20 12:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Amazon
[2008/05/08 18:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\AT&T
[2012/07/10 11:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Azureus
[2012/03/22 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\calibre
[2008/08/12 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\CheckPoint
[2011/07/09 17:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\dBpoweramp
[2008/05/08 18:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\DBUpdater
[2012/07/13 10:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Dropbox
[2009/01/24 14:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\eMusic
[2011/10/18 13:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\FreeVideoConverter
[2009/06/03 05:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\FrostWire
[2009/06/27 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\GetRightToGo
[2012/03/07 14:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\HandBrake
[2011/12/09 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\IObit
[2012/03/28 11:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Jaksta Streaming Media Recorder
[2012/04/24 13:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Media Get LLC
[2012/05/18 11:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\MPEG Streamclip
[2008/08/05 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\NCH Swift Sound
[2008/05/08 17:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Sierra Wireless
[2012/05/19 17:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Spotify
[2012/06/14 10:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\SystemRequirementsLab
[2008/09/10 13:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Template
[2012/07/05 19:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\TeraCopy
[2010/08/21 12:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\TuneUpMedia
[2012/07/13 11:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\uTorrent
[2011/01/14 19:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Western Digital
[2012/03/24 14:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >






OTL Extras


OTL Extras logfile created on: 7/13/2012 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Jake\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 249.71 Mb Available Physical Memory | 26.05% Memory free
2.26 Gb Paging File | 0.88 Gb Available in Paging File | 38.71% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 2.51 Gb Free Space | 3.52% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Jake\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour
"1110:TCP" = 1110:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windy31_Manager\Common\Windy31DHCP.exe" = C:\Program Files\Windy31_Manager\Common\Windy31DHCP.exe:*:Enabled:Windy31 DHCP -- (maverick systems Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Acertant\TuneRanger\TuneRangerHelper.exe" = C:\Program Files\Acertant\TuneRanger\TuneRangerHelper.exe:*:Enabled:TuneRangerHelper -- (Acertant)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe" = C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe:*:Enabled:eBook Library -- (Sony Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Jake\My Documents\Downloads\FLVPlayerSetup.exe" = C:\Documents and Settings\Jake\My Documents\Downloads\FLVPlayerSetup.exe:*:Enabled:InstallCore™
"C:\Program Files\AirPort\APUtil.exe" = C:\Program Files\AirPort\APUtil.exe:*:Enabled:AirPort Utility -- (Apple Inc.)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Documents and Settings\Jake\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jake\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"C:\Documents and Settings\Jake\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Jake\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Documents and Settings\Jake\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Jake\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Jake\Local Settings\Application Data\MediaGet2\mediaget.exe" = C:\Documents and Settings\Jake\Local Settings\Application Data\MediaGet2\mediaget.exe:*:Enabled:MediaGet -- (MediaGet LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{243E9065-1DA0-4786-B3BD-B8030277F214}" = Logitech Harmony Remote Software 7
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E4763D3-A605-44ED-82D6-5908B4E027EE}" = Adobe Photoshop Lightroom 3.5 RC
"{3E56BE35-E61F-48B1-AF09-7099ABA91CD0}" = TuneRanger
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F3DFFAB-6DDA-42DA-A22C-F45C697B7812}" = calibre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F4DD5FF-4921-4943-8BDD-DAB11DB91583}_is1" = Diablo 2: Lord of Destruction version 1.13c
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C239BCD7-882A-478F-A5CF-DDEB074A4291}" = eBook Library by Sony
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Akamai" = Akamai NetSession Interface Service
"Alamoon Watermark_is1" = Alamoon Watermark v1.4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AutocompletePro3_is1" = AutocompletePro
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp CD Writer" = dBpoweramp CD Writer
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"eMusic Download Manager" = eMusic Download Manager 4.0.0.5
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Foxit Toolbar" = Foxit Toolbar
"Free Video Converter_is1" = Free Video Converter V 2.9
"Google Desktop" = Google Desktop
"HandBrake" = HandBrake 0.9.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Jaksta Streaming Media Recorder" = Jaksta Streaming Media Recorder (4.3.2)
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Search Toolbar" = Search Toolbar
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TeraCopy_is1" = TeraCopy 1.1
"TuneUpMedia" = TuneUp Companion 1.7.1
"UMPlayer" = UMPlayer 0.98 [Athlon]
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Windy31_is1" = Windy31
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.302
"MediaGet" = MediaGet
"Spotify" = Spotify
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 12:12:21 PM | Computer Name = MAIN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/19/2012 12:23:19 PM | Computer Name = MAIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.0.1526.0, P3 timeout, P4 1.1.8403.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 7/10/2012 1:32:13 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 7/10/2012 2:36:24 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Akamai service.

Error - 7/10/2012 2:56:42 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 7/10/2012 2:56:42 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 7/11/2012 12:13:25 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 7/11/2012 12:13:25 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 7/12/2012 12:11:07 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 7/12/2012 12:11:07 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 7/13/2012 12:14:00 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 7/13/2012 12:14:00 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid


< End of report >
  • 0

Advertisements

#2
maliprog
Posted 16 July 2012 - 11:48 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Lucas Buck and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    [2011/05/07 12:11:31 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Foxit Toolbar) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {73C7D5B0-7B03-444A-84C7-CE1BA03B5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {73C7D5B0-7B03-444A-84C7-CE1BA03B5573} - C:\Program Files\Foxit\prxtbFox0.dll (Conduit Ltd.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{28A5279E-2864-47A0-9044-45F8610C7780}: C:\Documents and Settings\Jake\Local Settings\Application Data\{28A5279E-2864-47A0-9044-45F8610C7780}
    [2011/05/07 12:11:31 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Lucas Buck
Posted 17 July 2012 - 11:33 AM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}\ deleted successfully.
C:\Program Files\Foxit\prxtbFox0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}\ not found.
File C:\Program Files\Foxit\prxtbFox0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}\ not found.
File C:\Program Files\Foxit\prxtbFox0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}\ not found.
File C:\Program Files\Foxit\prxtbFox0.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{28A5279E-2864-47A0-9044-45F8610C7780}: C:\Documents and Settings\Jake\Local Settings\Application Data\{28A5279E-2864-47A0-9044-45F8610C7780} not found.
Folder C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\extensions\[email protected]\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jake\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Jake\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jake
->Temp folder emptied: 2477810 bytes
->Temporary Internet Files folder emptied: 505472 bytes
->Java cache emptied: 290404 bytes
->FireFox cache emptied: 56409725 bytes
->Google Chrome cache emptied: 222371069 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2299 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33259 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2488886 bytes
->Temporary Internet Files folder emptied: 249238326 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3836746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 265860587 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 766.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07172012_111708

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!
File\Folder C:\WINDOWS\temp\TMP00000001705CE5B2C6356051 not found!

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!
File C:\WINDOWS\temp\TMP00000001705CE5B2C6356051 not found!

Registry entries deleted on Reboot...
  • 0

#4
Lucas Buck
Posted 17 July 2012 - 11:54 AM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
11:54:31.0593 1592 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:54:33.0609 1592 ============================================================
11:54:33.0609 1592 Current date / time: 2012/07/17 11:54:33.0609
11:54:33.0609 1592 SystemInfo:
11:54:33.0609 1592
11:54:33.0609 1592 OS Version: 5.1.2600 ServicePack: 3.0
11:54:33.0609 1592 Product type: Workstation
11:54:33.0609 1592 ComputerName: MAIN
11:54:33.0750 1592 UserName: Jake
11:54:33.0750 1592 Windows directory: C:\WINDOWS
11:54:33.0750 1592 System windows directory: C:\WINDOWS
11:54:33.0750 1592 Processor architecture: Intel x86
11:54:33.0750 1592 Number of processors: 1
11:54:33.0750 1592 Page size: 0x1000
11:54:33.0750 1592 Boot type: Normal boot
11:54:33.0750 1592 ============================================================
11:54:51.0906 1592 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:54:53.0015 1592 ============================================================
11:54:53.0015 1592 \Device\Harddisk0\DR0:
11:54:53.0453 1592 MBR partitions:
11:54:53.0453 1592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EB68A3
11:54:53.0453 1592 ============================================================
11:54:56.0656 1592 C: <-> \Device\Harddisk0\DR0\Partition0
11:54:56.0656 1592 ============================================================
11:54:56.0656 1592 Initialize success
11:54:56.0656 1592 ============================================================
11:55:42.0437 1940 ============================================================
11:55:42.0437 1940 Scan started
11:55:42.0437 1940 Mode: Manual; SigCheck; TDLFS;
11:55:42.0437 1940 ============================================================
11:55:50.0515 1940 Abiosdsk - ok
11:55:50.0593 1940 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:55:59.0437 1940 abp480n5 - ok
11:55:59.0843 1940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:56:00.0000 1940 ACPI - ok
11:56:00.0109 1940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:56:00.0343 1940 ACPIEC - ok
11:56:00.0765 1940 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:56:00.0828 1940 AdobeFlashPlayerUpdateSvc - ok
11:56:00.0984 1940 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:56:01.0203 1940 adpu160m - ok
11:56:02.0328 1940 AdvancedSystemCareService5 (1d8d19a29e695bdc07f1d4e7c90d1cac) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
11:56:02.0500 1940 AdvancedSystemCareService5 - ok
11:56:02.0687 1940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:56:02.0890 1940 aec - ok
11:56:03.0265 1940 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:56:03.0484 1940 AFD - ok
11:56:03.0703 1940 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:56:04.0078 1940 agp440 - ok
11:56:04.0109 1940 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:56:04.0375 1940 agpCPQ - ok
11:56:04.0484 1940 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:56:04.0781 1940 Aha154x - ok
11:56:05.0125 1940 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:56:05.0546 1940 aic78u2 - ok
11:56:05.0671 1940 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:56:05.0937 1940 aic78xx - ok
11:56:12.0890 1940 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
11:56:12.0890 1940 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
11:56:12.0906 1940 Akamai ( HiddenFile.Multi.Generic ) - warning
11:56:12.0906 1940 Akamai - detected HiddenFile.Multi.Generic (1)
11:56:16.0156 1940 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:56:16.0328 1940 Alerter - ok
11:56:16.0359 1940 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:56:16.0562 1940 ALG - ok
11:56:16.0718 1940 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:56:16.0937 1940 AliIde - ok
11:56:17.0296 1940 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:56:17.0484 1940 alim1541 - ok
11:56:17.0687 1940 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:56:17.0890 1940 amdagp - ok
11:56:18.0062 1940 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:56:18.0234 1940 AmdK8 - ok
11:56:18.0515 1940 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:56:18.0609 1940 amsint - ok
11:56:18.0625 1940 AppMgmt - ok
11:56:18.0906 1940 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:56:19.0109 1940 asc - ok
11:56:19.0234 1940 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:56:19.0421 1940 asc3350p - ok
11:56:19.0937 1940 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:56:20.0218 1940 asc3550 - ok
11:56:20.0921 1940 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:56:20.0984 1940 aspnet_state - ok
11:56:21.0062 1940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:56:21.0234 1940 AsyncMac - ok
11:56:21.0296 1940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:56:21.0484 1940 atapi - ok
11:56:21.0500 1940 Atdisk - ok
11:56:21.0656 1940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:56:21.0875 1940 Atmarpc - ok
11:56:22.0031 1940 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:56:22.0218 1940 AudioSrv - ok
11:56:22.0281 1940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:56:22.0500 1940 audstub - ok
11:56:22.0703 1940 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:56:22.0890 1940 bcm4sbxp - ok
11:56:23.0046 1940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:56:23.0250 1940 Beep - ok
11:56:24.0406 1940 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:56:24.0703 1940 BITS - ok
11:56:25.0671 1940 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:56:26.0000 1940 Bonjour Service - ok
11:56:26.0171 1940 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:56:26.0375 1940 Browser - ok
11:56:26.0687 1940 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:56:26.0937 1940 cbidf - ok
11:56:26.0953 1940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:56:27.0125 1940 cbidf2k - ok
11:56:27.0468 1940 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:56:27.0578 1940 cd20xrnt - ok
11:56:27.0640 1940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:56:27.0875 1940 Cdaudio - ok
11:56:28.0031 1940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:56:28.0203 1940 Cdfs - ok
11:56:28.0640 1940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:56:28.0828 1940 Cdrom - ok
11:56:28.0828 1940 Changer - ok
11:56:28.0968 1940 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:56:29.0125 1940 CiSvc - ok
11:56:29.0468 1940 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:56:29.0671 1940 ClipSrv - ok
11:56:30.0046 1940 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:56:30.0546 1940 clr_optimization_v2.0.50727_32 - ok
11:56:32.0031 1940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:56:32.0265 1940 clr_optimization_v4.0.30319_32 - ok
11:56:32.0328 1940 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:56:32.0546 1940 CmdIde - ok
11:56:32.0562 1940 COMSysApp - ok
11:56:32.0640 1940 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:56:32.0906 1940 Cpqarray - ok
11:56:33.0093 1940 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:56:33.0281 1940 CryptSvc - ok
11:56:33.0375 1940 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:56:33.0625 1940 dac2w2k - ok
11:56:33.0703 1940 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:56:34.0078 1940 dac960nt - ok
11:56:34.0390 1940 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:56:34.0781 1940 DcomLaunch - ok
11:56:35.0203 1940 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:56:35.0406 1940 Dhcp - ok
11:56:35.0531 1940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:56:35.0703 1940 Disk - ok
11:56:35.0703 1940 dmadmin - ok
11:56:37.0218 1940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:56:37.0562 1940 dmboot - ok
11:56:37.0921 1940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:56:38.0328 1940 dmio - ok
11:56:38.0453 1940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:56:38.0718 1940 dmload - ok
11:56:38.0796 1940 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:56:39.0078 1940 dmserver - ok
11:56:39.0187 1940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:56:39.0390 1940 DMusic - ok
11:56:39.0484 1940 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:56:39.0656 1940 Dnscache - ok
11:56:39.0765 1940 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:56:40.0000 1940 Dot3svc - ok
11:56:40.0109 1940 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:56:40.0328 1940 dpti2o - ok
11:56:40.0375 1940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:56:40.0531 1940 drmkaud - ok
11:56:40.0625 1940 DSproct - ok
11:56:40.0906 1940 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:56:41.0109 1940 E100B - ok
11:56:41.0203 1940 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:56:41.0375 1940 EapHost - ok
11:56:41.0453 1940 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:56:41.0640 1940 ERSvc - ok
11:56:41.0750 1940 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:56:41.0859 1940 Eventlog - ok
11:56:42.0093 1940 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:56:42.0281 1940 EventSystem - ok
11:56:42.0421 1940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:56:42.0687 1940 Fastfat - ok
11:56:42.0828 1940 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:56:43.0078 1940 FastUserSwitchingCompatibility - ok
11:56:43.0406 1940 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:56:43.0609 1940 Fax - ok
11:56:43.0656 1940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:56:43.0937 1940 Fdc - ok
11:56:44.0031 1940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:56:44.0296 1940 Fips - ok
11:56:44.0406 1940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:56:44.0953 1940 Flpydisk - ok
11:56:45.0156 1940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:56:45.0656 1940 FltMgr - ok
11:56:46.0265 1940 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:46.0343 1940 FontCache3.0.0.0 - ok
11:56:46.0406 1940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:56:46.0671 1940 Fs_Rec - ok
11:56:47.0015 1940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:56:47.0328 1940 Ftdisk - ok
11:56:47.0453 1940 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:56:47.0453 1940 GEARAspiWDM - ok
11:56:47.0546 1940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:56:47.0703 1940 Gpc - ok
11:56:47.0812 1940 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
11:56:47.0890 1940 grmnusb ( UnsignedFile.Multi.Generic ) - warning
11:56:47.0890 1940 grmnusb - detected UnsignedFile.Multi.Generic (1)
11:56:48.0250 1940 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:48.0281 1940 gupdate - ok
11:56:48.0281 1940 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:48.0343 1940 gupdatem - ok
11:56:48.0578 1940 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:56:48.0593 1940 gusvc - ok
11:56:48.0703 1940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:56:48.0890 1940 HDAudBus - ok
11:56:49.0000 1940 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:56:49.0171 1940 helpsvc - ok
11:56:49.0187 1940 HidServ - ok
11:56:49.0218 1940 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:56:49.0406 1940 HidUsb - ok
11:56:49.0812 1940 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:56:49.0984 1940 hkmsvc - ok
11:56:50.0093 1940 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:56:50.0343 1940 hpn - ok
11:56:50.0515 1940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:56:50.0687 1940 HTTP - ok
11:56:50.0781 1940 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:56:51.0718 1940 HTTPFilter - ok
11:56:51.0781 1940 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:56:52.0218 1940 i2omgmt - ok
11:56:52.0250 1940 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:56:52.0437 1940 i2omp - ok
11:56:52.0546 1940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:56:52.0703 1940 i8042prt - ok
11:56:53.0062 1940 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:53.0171 1940 idsvc - ok
11:56:53.0203 1940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:56:53.0468 1940 Imapi - ok
11:56:53.0937 1940 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:56:54.0156 1940 ImapiService - ok
11:56:54.0187 1940 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:56:54.0531 1940 ini910u - ok
11:56:54.0609 1940 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:56:54.0781 1940 IntelIde - ok
11:56:54.0937 1940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:56:55.0125 1940 intelppm - ok
11:56:55.0187 1940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:56:55.0359 1940 Ip6Fw - ok
11:56:55.0500 1940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:56:55.0843 1940 IpFilterDriver - ok
11:56:55.0875 1940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:56:56.0031 1940 IpInIp - ok
11:56:56.0218 1940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:56:56.0390 1940 IpNat - ok
11:56:57.0046 1940 iPod Service (3c30491045dbbd44a42876b3d6f3917d) C:\Program Files\iPod\bin\iPodService.exe
11:56:57.0109 1940 iPod Service - ok
11:56:57.0156 1940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:56:57.0390 1940 IPSec - ok
11:56:57.0515 1940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:56:57.0703 1940 IRENUM - ok
11:56:57.0875 1940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:56:58.0140 1940 isapnp - ok
11:56:58.0265 1940 jakndis (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
11:56:59.0140 1940 jakndis - ok
11:56:59.0156 1940 jakndisMP (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
11:56:59.0171 1940 jakndisMP - ok
11:56:59.0687 1940 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:56:59.0843 1940 JavaQuickStarterService - ok
11:56:59.0937 1940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:57:00.0093 1940 Kbdclass - ok
11:57:00.0125 1940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:57:00.0265 1940 kbdhid - ok
11:57:00.0406 1940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:57:00.0609 1940 kmixer - ok
11:57:00.0734 1940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:57:00.0984 1940 KSecDD - ok
11:57:01.0078 1940 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:57:01.0296 1940 lanmanserver - ok
11:57:01.0390 1940 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:57:01.0562 1940 lanmanworkstation - ok
11:57:01.0578 1940 lbrtfdc - ok
11:57:01.0703 1940 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:57:01.0921 1940 LmHosts - ok
11:57:02.0328 1940 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:57:02.0375 1940 MDM - ok
11:57:02.0515 1940 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:57:02.0718 1940 Messenger - ok
11:57:02.0765 1940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:57:03.0046 1940 mnmdd - ok
11:57:03.0187 1940 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:57:03.0390 1940 mnmsrvc - ok
11:57:03.0437 1940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:57:03.0578 1940 Modem - ok
11:57:03.0640 1940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:57:03.0843 1940 Mouclass - ok
11:57:03.0890 1940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:57:04.0109 1940 mouhid - ok
11:57:04.0125 1940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:57:04.0296 1940 MountMgr - ok
11:57:04.0609 1940 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:57:04.0687 1940 MpFilter - ok
11:57:05.0046 1940 MpKsled52aaa9 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\MpKsled52aaa9.sys
11:57:05.0062 1940 MpKsled52aaa9 - ok
11:57:05.0109 1940 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:57:05.0484 1940 mraid35x - ok
11:57:05.0562 1940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:57:05.0890 1940 MRxDAV - ok
11:57:06.0171 1940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:57:06.0468 1940 MRxSmb - ok
11:57:06.0531 1940 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:57:06.0671 1940 MSDTC - ok
11:57:06.0750 1940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:57:06.0906 1940 Msfs - ok
11:57:06.0921 1940 MSIServer - ok
11:57:06.0953 1940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:57:07.0156 1940 MSKSSRV - ok
11:57:07.0281 1940 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:57:07.0312 1940 MsMpSvc - ok
11:57:07.0421 1940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:57:07.0656 1940 MSPCLOCK - ok
11:57:07.0703 1940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:57:07.0890 1940 MSPQM - ok
11:57:07.0968 1940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:57:08.0187 1940 mssmbios - ok
11:57:08.0343 1940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:57:08.0468 1940 Mup - ok
11:57:09.0375 1940 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:57:09.0562 1940 napagent - ok
11:57:09.0656 1940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:57:09.0843 1940 NDIS - ok
11:57:09.0921 1940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:57:10.0078 1940 NdisTapi - ok
11:57:10.0125 1940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:57:10.0265 1940 Ndisuio - ok
11:57:10.0437 1940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:57:10.0640 1940 NdisWan - ok
11:57:10.0703 1940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:57:10.0859 1940 NDProxy - ok
11:57:10.0937 1940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:57:11.0187 1940 NetBIOS - ok
11:57:11.0328 1940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:57:11.0562 1940 NetBT - ok
11:57:11.0609 1940 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:57:11.0796 1940 NetDDE - ok
11:57:11.0796 1940 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:57:11.0984 1940 NetDDEdsdm - ok
11:57:12.0093 1940 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:57:12.0312 1940 Netlogon - ok
11:57:12.0437 1940 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:57:12.0640 1940 Netman - ok
11:57:13.0093 1940 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:57:13.0125 1940 NetTcpPortSharing - ok
11:57:13.0281 1940 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:57:13.0359 1940 Nla - ok
11:57:13.0453 1940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:57:13.0625 1940 Npfs - ok
11:57:13.0953 1940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:57:14.0187 1940 Ntfs - ok
11:57:14.0203 1940 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:57:14.0453 1940 NtLmSsp - ok
11:57:14.0687 1940 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:57:14.0937 1940 NtmsSvc - ok
11:57:15.0000 1940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:57:15.0250 1940 Null - ok
11:57:16.0421 1940 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:57:17.0484 1940 nv - ok
11:57:18.0218 1940 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
11:57:18.0562 1940 nvatabus ( UnsignedFile.Multi.Generic ) - warning
11:57:18.0562 1940 nvatabus - detected UnsignedFile.Multi.Generic (1)
11:57:18.0625 1940 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
11:57:18.0750 1940 nvraid ( UnsignedFile.Multi.Generic ) - warning
11:57:18.0750 1940 nvraid - detected UnsignedFile.Multi.Generic (1)
11:57:19.0031 1940 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
11:57:19.0078 1940 NVSvc - ok
11:57:19.0140 1940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:57:19.0437 1940 NwlnkFlt - ok
11:57:19.0906 1940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:57:20.0250 1940 NwlnkFwd - ok
11:57:21.0359 1940 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:57:21.0390 1940 ose - ok
11:57:21.0640 1940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:57:21.0828 1940 Parport - ok
11:57:21.0968 1940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:57:22.0156 1940 PartMgr - ok
11:57:22.0468 1940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:57:22.0671 1940 ParVdm - ok
11:57:22.0953 1940 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
11:57:23.0046 1940 pbfilter - ok
11:57:23.0140 1940 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
11:57:23.0171 1940 PCASp50 - ok
11:57:23.0546 1940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:57:23.0718 1940 PCI - ok
11:57:23.0734 1940 PCIDump - ok
11:57:23.0781 1940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:57:24.0031 1940 PCIIde - ok
11:57:24.0390 1940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:57:24.0687 1940 Pcmcia - ok
11:57:24.0687 1940 PCTINDIS5 - ok
11:57:24.0703 1940 PDCOMP - ok
11:57:24.0703 1940 PDFRAME - ok
11:57:24.0718 1940 PDRELI - ok
11:57:24.0718 1940 PDRFRAME - ok
11:57:25.0000 1940 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:57:25.0218 1940 perc2 - ok
11:57:25.0390 1940 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:57:25.0609 1940 perc2hib - ok
11:57:26.0531 1940 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:57:26.0593 1940 PlugPlay - ok
11:57:26.0828 1940 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:57:26.0953 1940 PolicyAgent - ok
11:57:27.0109 1940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:57:27.0296 1940 PptpMiniport - ok
11:57:27.0468 1940 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:57:27.0656 1940 Processor - ok
11:57:27.0656 1940 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:57:27.0812 1940 ProtectedStorage - ok
11:57:28.0062 1940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:57:28.0265 1940 PSched - ok
11:57:28.0421 1940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:57:28.0687 1940 Ptilink - ok
11:57:29.0000 1940 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:57:29.0093 1940 PxHelp20 - ok
11:57:29.0171 1940 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:57:29.0375 1940 ql1080 - ok
11:57:30.0234 1940 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:57:30.0500 1940 Ql10wnt - ok
11:57:31.0140 1940 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:57:31.0343 1940 ql12160 - ok
11:57:31.0390 1940 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:57:31.0593 1940 ql1240 - ok
11:57:31.0687 1940 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:57:31.0906 1940 ql1280 - ok
11:57:32.0593 1940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:57:32.0812 1940 RasAcd - ok
11:57:33.0093 1940 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:57:33.0265 1940 RasAuto - ok
11:57:33.0734 1940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:57:33.0906 1940 Rasl2tp - ok
11:57:35.0062 1940 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:57:35.0250 1940 RasMan - ok
11:57:35.0421 1940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:57:35.0812 1940 RasPppoe - ok
11:57:35.0875 1940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:57:36.0093 1940 Raspti - ok
11:57:37.0031 1940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:57:37.0250 1940 Rdbss - ok
11:57:37.0453 1940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:57:37.0640 1940 RDPCDD - ok
11:57:38.0921 1940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:57:39.0281 1940 rdpdr - ok
11:57:39.0890 1940 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:57:40.0062 1940 RDPWD - ok
11:57:41.0546 1940 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:57:41.0843 1940 RDSessMgr - ok
11:57:42.0031 1940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:57:42.0218 1940 redbook - ok
11:57:42.0562 1940 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:57:42.0750 1940 RemoteAccess - ok
11:57:42.0921 1940 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:57:43.0093 1940 RimVSerPort - ok
11:57:44.0078 1940 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:57:44.0296 1940 ROOTMODEM - ok
11:57:44.0609 1940 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:57:44.0796 1940 RpcLocator - ok
11:57:46.0453 1940 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:57:46.0625 1940 RpcSs - ok
11:57:46.0968 1940 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:57:47.0234 1940 RSVP - ok
11:57:51.0718 1940 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\MWP54XP.sys
11:57:52.0234 1940 RT73 - ok
11:57:52.0312 1940 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:57:52.0437 1940 SamSs - ok
11:57:54.0062 1940 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\WINDOWS\system32\SUPDSvc.exe
11:57:54.0109 1940 Samsung UPD Service - ok
11:57:54.0468 1940 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:57:54.0671 1940 SCardSvr - ok
11:57:56.0078 1940 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:57:56.0312 1940 Schedule - ok
11:57:57.0515 1940 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:57:57.0609 1940 SeaPort - ok
11:57:57.0718 1940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:57:57.0890 1940 Secdrv - ok
11:57:58.0031 1940 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:57:58.0203 1940 seclogon - ok
11:57:58.0250 1940 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:57:58.0406 1940 SENS - ok
11:57:58.0953 1940 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:57:59.0140 1940 serenum - ok
11:57:59.0421 1940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:57:59.0640 1940 Serial - ok
11:58:00.0015 1940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:58:00.0203 1940 Sfloppy - ok
11:58:01.0640 1940 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:58:02.0078 1940 SharedAccess - ok
11:58:02.0937 1940 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:58:02.0984 1940 ShellHWDetection - ok
11:58:03.0000 1940 Simbad - ok
11:58:03.0109 1940 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:58:03.0296 1940 sisagp - ok
11:58:04.0406 1940 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
11:58:04.0578 1940 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
11:58:04.0578 1940 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
11:58:04.0843 1940 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:58:05.0015 1940 Sparrow - ok
11:58:05.0343 1940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:58:05.0515 1940 splitter - ok
11:58:06.0531 1940 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:58:06.0656 1940 Spooler - ok
11:58:07.0156 1940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:58:07.0343 1940 sr - ok
11:58:08.0187 1940 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:58:08.0406 1940 srservice - ok
11:58:10.0687 1940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:58:11.0093 1940 Srv - ok
11:58:12.0171 1940 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:58:12.0328 1940 SSDPSRV - ok
11:58:20.0671 1940 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
11:58:21.0656 1940 STHDA - ok
11:58:23.0656 1940 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:58:24.0031 1940 stisvc - ok
11:58:24.0453 1940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:58:24.0796 1940 swenum - ok
11:58:25.0343 1940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:58:25.0562 1940 swmidi - ok
11:58:25.0656 1940 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\WINDOWS\System32\drivers\swmsflt.sys
11:58:25.0734 1940 swmsflt - ok
11:58:26.0875 1940 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
11:58:27.0156 1940 SWNC8U56 - ok
11:58:27.0171 1940 SwPrv - ok
11:58:27.0390 1940 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx56.sys
11:58:27.0718 1940 SWUMX56 - ok
11:58:27.0968 1940 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:58:28.0234 1940 symc810 - ok
11:58:28.0765 1940 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:58:29.0000 1940 symc8xx - ok
11:58:30.0203 1940 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:58:30.0421 1940 sym_hi - ok
11:58:30.0593 1940 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:58:30.0859 1940 sym_u3 - ok
11:58:31.0531 1940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:58:31.0734 1940 sysaudio - ok
11:58:32.0125 1940 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:58:32.0390 1940 SysmonLog - ok
11:58:33.0984 1940 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:58:34.0265 1940 TapiSrv - ok
11:58:38.0296 1940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:58:38.0796 1940 Tcpip - ok
11:58:39.0187 1940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:58:39.0656 1940 TDPIPE - ok
11:58:39.0812 1940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:58:41.0890 1940 TDTCP - ok
11:58:42.0171 1940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:58:47.0312 1940 TermDD - ok
11:58:51.0500 1940 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:58:52.0781 1940 TermService - ok
11:58:52.0968 1940 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:58:53.0171 1940 Themes - ok
11:58:53.0234 1940 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:58:53.0406 1940 TosIde - ok
11:58:53.0468 1940 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:58:53.0625 1940 TrkWks - ok
11:58:53.0640 1940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:58:53.0796 1940 Udfs - ok
11:58:53.0921 1940 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:58:54.0015 1940 ultra - ok
11:58:54.0125 1940 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:58:54.0156 1940 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
11:58:54.0156 1940 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
11:58:54.0218 1940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:58:54.0406 1940 Update - ok
11:58:54.0453 1940 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:58:54.0625 1940 upnphost - ok
11:58:54.0671 1940 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:58:54.0812 1940 UPS - ok
11:58:54.0828 1940 USBAAPL - ok
11:58:54.0875 1940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:58:55.0031 1940 usbccgp - ok
11:58:55.0046 1940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:58:55.0218 1940 usbehci - ok
11:58:55.0265 1940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:58:55.0406 1940 usbhub - ok
11:58:55.0453 1940 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:58:55.0609 1940 usbohci - ok
11:58:55.0656 1940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:58:55.0812 1940 usbprint - ok
11:58:55.0921 1940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:58:56.0031 1940 usbscan - ok
11:58:56.0062 1940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:58:56.0234 1940 USBSTOR - ok
11:58:56.0296 1940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:58:56.0406 1940 usbuhci - ok
11:58:56.0453 1940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:58:56.0609 1940 VgaSave - ok
11:58:56.0656 1940 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:58:57.0015 1940 viaagp - ok
11:58:57.0062 1940 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:58:57.0203 1940 ViaIde - ok
11:58:57.0265 1940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:58:57.0406 1940 VolSnap - ok
11:58:57.0468 1940 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:58:57.0656 1940 VSS - ok
11:58:57.0703 1940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:58:57.0859 1940 Wanarp - ok
11:58:57.0968 1940 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:58:58.0109 1940 WDC_SAM - ok
11:58:58.0250 1940 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:58:58.0312 1940 WDDMService ( UnsignedFile.Multi.Generic ) - warning
11:58:58.0312 1940 WDDMService - detected UnsignedFile.Multi.Generic (1)
11:58:58.0421 1940 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:58:58.0484 1940 Wdf01000 - ok
11:58:58.0500 1940 WDICA - ok
11:58:58.0546 1940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:58:58.0718 1940 wdmaud - ok
11:58:58.0750 1940 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
11:58:58.0781 1940 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
11:58:58.0781 1940 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
11:58:58.0890 1940 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:58:59.0062 1940 WebClient - ok
11:58:59.0125 1940 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:58:59.0281 1940 winmgmt - ok
11:58:59.0343 1940 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:58:59.0359 1940 WinUSB - ok
11:58:59.0390 1940 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:58:59.0484 1940 WmdmPmSN - ok
11:58:59.0546 1940 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:58:59.0703 1940 WmiApSrv - ok
11:58:59.0812 1940 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:58:59.0859 1940 WMPNetworkSvc - ok
11:59:00.0531 1940 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:59:00.0625 1940 WPFFontCache_v0400 - ok
11:59:00.0750 1940 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:59:00.0984 1940 WS2IFSL - ok
11:59:01.0015 1940 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:59:01.0171 1940 wscsvc - ok
11:59:01.0218 1940 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:59:01.0390 1940 wuauserv - ok
11:59:01.0421 1940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:59:01.0484 1940 WudfPf - ok
11:59:01.0515 1940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:59:01.0578 1940 WudfRd - ok
11:59:01.0609 1940 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:59:01.0625 1940 WudfSvc - ok
11:59:01.0687 1940 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:59:01.0859 1940 WZCSVC - ok
11:59:01.0890 1940 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:59:02.0109 1940 xmlprov - ok
11:59:02.0156 1940 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
11:59:02.0625 1940 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:59:02.0625 1940 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:59:02.0625 1940 Boot (0x1200) (52b2c51c6daee5404cce272d1e0b0d5e) \Device\Harddisk0\DR0\Partition0
11:59:02.0625 1940 \Device\Harddisk0\DR0\Partition0 - ok
11:59:02.0640 1940 ============================================================
11:59:02.0640 1940 Scan finished
11:59:02.0640 1940 ============================================================
11:59:02.0781 3616 Detected object count: 9
11:59:02.0796 3616 Actual detected object count: 9
12:01:05.0718 3616 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:01:05.0718 3616 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
12:01:05.0718 3616 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0718 3616 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
12:01:05.0734 3616 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:01:05.0734 3616 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:01:05.0734 3616 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#5
maliprog
Posted 17 July 2012 - 02:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. I see something...

Step 1

Please run TDSSKiller scan again. For this line:

\Device\Harddisk0\DR0 ( TDSS File System )

Select Delete option and remove it. Post log after the scan as you did last time.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
Lucas Buck
Posted 17 July 2012 - 04:09 PM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
16:14:43.0531 2376 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
16:14:44.0000 2376 ============================================================
16:14:44.0000 2376 Current date / time: 2012/07/17 16:14:44.0000
16:14:44.0000 2376 SystemInfo:
16:14:44.0000 2376
16:14:44.0000 2376 OS Version: 5.1.2600 ServicePack: 3.0
16:14:44.0000 2376 Product type: Workstation
16:14:44.0000 2376 ComputerName: MAIN
16:14:44.0000 2376 UserName: Jake
16:14:44.0000 2376 Windows directory: C:\WINDOWS
16:14:44.0000 2376 System windows directory: C:\WINDOWS
16:14:44.0000 2376 Processor architecture: Intel x86
16:14:44.0000 2376 Number of processors: 1
16:14:44.0000 2376 Page size: 0x1000
16:14:44.0000 2376 Boot type: Normal boot
16:14:44.0000 2376 ============================================================
16:14:46.0468 2376 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:14:52.0593 2376 Drive \Device\Harddisk1\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 \Device\Harddisk0\DR0:
16:14:52.0609 2376 MBR partitions:
16:14:52.0609 2376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EB68A3
16:14:52.0609 2376 \Device\Harddisk1\DR4:
16:14:52.0609 2376 MBR partitions:
16:14:52.0609 2376 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 C: <-> \Device\Harddisk0\DR0\Partition0
16:14:52.0609 2376 F: <-> \Device\Harddisk1\DR4\Partition0
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 Initialize success
16:14:52.0609 2376 ============================================================
16:15:13.0890 0792 ============================================================
16:15:13.0890 0792 Scan started
16:15:13.0890 0792 Mode: Manual; SigCheck; TDLFS;
16:15:13.0890 0792 ============================================================
16:15:14.0109 0792 Abiosdsk - ok
16:15:14.0171 0792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:15:16.0796 0792 abp480n5 - ok
16:15:16.0875 0792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:15:17.0140 0792 ACPI - ok
16:15:17.0171 0792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:15:17.0343 0792 ACPIEC - ok
16:15:17.0484 0792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:17.0500 0792 AdobeFlashPlayerUpdateSvc - ok
16:15:17.0531 0792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:15:17.0718 0792 adpu160m - ok
16:15:17.0875 0792 AdvancedSystemCareService5 (1d8d19a29e695bdc07f1d4e7c90d1cac) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:15:17.0890 0792 AdvancedSystemCareService5 - ok
16:15:17.0937 0792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:15:18.0093 0792 aec - ok
16:15:18.0156 0792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:15:18.0281 0792 AFD - ok
16:15:18.0343 0792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:15:18.0531 0792 agp440 - ok
16:15:18.0562 0792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:15:18.0734 0792 agpCPQ - ok
16:15:18.0750 0792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:15:18.0843 0792 Aha154x - ok
16:15:18.0859 0792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:15:19.0140 0792 aic78u2 - ok
16:15:19.0171 0792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:15:19.0375 0792 aic78xx - ok
16:15:19.0640 0792 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
16:15:19.0640 0792 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
16:15:19.0656 0792 Akamai ( HiddenFile.Multi.Generic ) - warning
16:15:19.0656 0792 Akamai - detected HiddenFile.Multi.Generic (1)
16:15:19.0828 0792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:15:19.0984 0792 Alerter - ok
16:15:20.0015 0792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:15:20.0187 0792 ALG - ok
16:15:20.0296 0792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:15:20.0546 0792 AliIde - ok
16:15:20.0562 0792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:15:20.0906 0792 alim1541 - ok
16:15:20.0937 0792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:15:21.0109 0792 amdagp - ok
16:15:21.0156 0792 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:15:21.0265 0792 AmdK8 - ok
16:15:21.0296 0792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:15:21.0406 0792 amsint - ok
16:15:21.0421 0792 AppMgmt - ok
16:15:21.0437 0792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:15:21.0625 0792 asc - ok
16:15:21.0656 0792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:15:21.0734 0792 asc3350p - ok
16:15:21.0781 0792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:15:22.0062 0792 asc3550 - ok
16:15:22.0562 0792 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:15:22.0578 0792 aspnet_state - ok
16:15:22.0640 0792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:15:22.0859 0792 AsyncMac - ok
16:15:22.0953 0792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:15:23.0109 0792 atapi - ok
16:15:23.0109 0792 Atdisk - ok
16:15:23.0156 0792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:15:23.0343 0792 Atmarpc - ok
16:15:23.0406 0792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:15:23.0734 0792 AudioSrv - ok
16:15:23.0765 0792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:15:23.0968 0792 audstub - ok
16:15:24.0000 0792 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:15:24.0125 0792 bcm4sbxp - ok
16:15:24.0140 0792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:15:24.0359 0792 Beep - ok
16:15:24.0437 0792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:15:24.0671 0792 BITS - ok
16:15:24.0812 0792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:15:24.0843 0792 Bonjour Service - ok
16:15:24.0890 0792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:15:25.0109 0792 Browser - ok
16:15:25.0140 0792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:15:25.0359 0792 cbidf - ok
16:15:25.0375 0792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:15:25.0546 0792 cbidf2k - ok
16:15:25.0578 0792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:15:25.0656 0792 cd20xrnt - ok
16:15:25.0718 0792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:15:25.0953 0792 Cdaudio - ok
16:15:25.0968 0792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:15:26.0125 0792 Cdfs - ok
16:15:26.0156 0792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:15:26.0281 0792 Cdrom - ok
16:15:26.0281 0792 Changer - ok
16:15:26.0328 0792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:15:26.0578 0792 CiSvc - ok
16:15:26.0625 0792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:15:26.0828 0792 ClipSrv - ok
16:15:26.0984 0792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:27.0000 0792 clr_optimization_v2.0.50727_32 - ok
16:15:27.0421 0792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:27.0453 0792 clr_optimization_v4.0.30319_32 - ok
16:15:27.0484 0792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:15:27.0687 0792 CmdIde - ok
16:15:27.0703 0792 COMSysApp - ok
16:15:27.0734 0792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:15:27.0937 0792 Cpqarray - ok
16:15:27.0984 0792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:15:28.0125 0792 CryptSvc - ok
16:15:28.0171 0792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:15:28.0375 0792 dac2w2k - ok
16:15:28.0406 0792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:15:28.0609 0792 dac960nt - ok
16:15:28.0687 0792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:15:28.0796 0792 DcomLaunch - ok
16:15:28.0843 0792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:15:29.0000 0792 Dhcp - ok
16:15:29.0046 0792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:15:29.0171 0792 Disk - ok
16:15:29.0171 0792 dmadmin - ok
16:15:29.0250 0792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:15:29.0453 0792 dmboot - ok
16:15:29.0484 0792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:15:29.0640 0792 dmio - ok
16:15:29.0671 0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:15:29.0906 0792 dmload - ok
16:15:29.0953 0792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:15:30.0109 0792 dmserver - ok
16:15:30.0140 0792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:15:30.0296 0792 DMusic - ok
16:15:30.0343 0792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:15:30.0500 0792 Dnscache - ok
16:15:30.0562 0792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:15:30.0703 0792 Dot3svc - ok
16:15:30.0718 0792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:15:30.0953 0792 dpti2o - ok
16:15:31.0000 0792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:15:31.0109 0792 drmkaud - ok
16:15:31.0156 0792 DSproct - ok
16:15:31.0187 0792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:15:31.0375 0792 E100B - ok
16:15:31.0406 0792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:15:31.0562 0792 EapHost - ok
16:15:31.0609 0792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:15:31.0765 0792 ERSvc - ok
16:15:31.0828 0792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:15:31.0875 0792 Eventlog - ok
16:15:31.0921 0792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:15:32.0015 0792 EventSystem - ok
16:15:32.0031 0792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:15:32.0187 0792 Fastfat - ok
16:15:32.0234 0792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:32.0312 0792 FastUserSwitchingCompatibility - ok
16:15:32.0375 0792 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:15:32.0531 0792 Fax - ok
16:15:32.0578 0792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:15:32.0718 0792 Fdc - ok
16:15:32.0796 0792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:15:32.0937 0792 Fips - ok
16:15:32.0984 0792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:15:33.0140 0792 Flpydisk - ok
16:15:33.0187 0792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:15:33.0312 0792 FltMgr - ok
16:15:33.0484 0792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:33.0500 0792 FontCache3.0.0.0 - ok
16:15:33.0546 0792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:15:33.0750 0792 Fs_Rec - ok
16:15:33.0765 0792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:15:33.0968 0792 Ftdisk - ok
16:15:34.0000 0792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:15:34.0015 0792 GEARAspiWDM - ok
16:15:34.0062 0792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:15:34.0203 0792 Gpc - ok
16:15:34.0250 0792 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
16:15:34.0296 0792 grmnusb ( UnsignedFile.Multi.Generic ) - warning
16:15:34.0296 0792 grmnusb - detected UnsignedFile.Multi.Generic (1)
16:15:34.0421 0792 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:34.0453 0792 gupdate - ok
16:15:34.0453 0792 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:34.0468 0792 gupdatem - ok
16:15:34.0515 0792 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:15:34.0546 0792 gusvc - ok
16:15:34.0562 0792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:15:34.0734 0792 HDAudBus - ok
16:15:34.0828 0792 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:15:34.0984 0792 helpsvc - ok
16:15:35.0000 0792 HidServ - ok
16:15:35.0031 0792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:15:35.0187 0792 HidUsb - ok
16:15:35.0234 0792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:15:35.0359 0792 hkmsvc - ok
16:15:35.0406 0792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:15:35.0562 0792 hpn - ok
16:15:35.0625 0792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:15:35.0703 0792 HTTP - ok
16:15:35.0750 0792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:15:35.0921 0792 HTTPFilter - ok
16:15:35.0953 0792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:15:36.0109 0792 i2omgmt - ok
16:15:36.0140 0792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:15:36.0281 0792 i2omp - ok
16:15:36.0296 0792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:15:36.0453 0792 i8042prt - ok
16:15:36.0578 0792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:36.0625 0792 idsvc - ok
16:15:36.0656 0792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:15:36.0828 0792 Imapi - ok
16:15:37.0015 0792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:15:37.0171 0792 ImapiService - ok
16:15:37.0218 0792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:15:37.0437 0792 ini910u - ok
16:15:37.0484 0792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:15:37.0640 0792 IntelIde - ok
16:15:37.0703 0792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:15:37.0875 0792 intelppm - ok
16:15:37.0921 0792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:15:38.0125 0792 Ip6Fw - ok
16:15:38.0156 0792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:15:38.0359 0792 IpFilterDriver - ok
16:15:38.0375 0792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:15:38.0500 0792 IpInIp - ok
16:15:38.0531 0792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:15:38.0687 0792 IpNat - ok
16:15:38.0812 0792 iPod Service (3c30491045dbbd44a42876b3d6f3917d) C:\Program Files\iPod\bin\iPodService.exe
16:15:38.0843 0792 iPod Service - ok
16:15:38.0875 0792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:15:39.0015 0792 IPSec - ok
16:15:39.0062 0792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:15:39.0218 0792 IRENUM - ok
16:15:39.0250 0792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:15:39.0406 0792 isapnp - ok
16:15:39.0453 0792 jakndis (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:15:39.0515 0792 jakndis - ok
16:15:39.0515 0792 jakndisMP (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:15:39.0531 0792 jakndisMP - ok
16:15:39.0671 0792 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:15:39.0703 0792 JavaQuickStarterService - ok
16:15:39.0718 0792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:15:39.0906 0792 Kbdclass - ok
16:15:39.0937 0792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:15:40.0062 0792 kbdhid - ok
16:15:40.0109 0792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:15:40.0281 0792 kmixer - ok
16:15:40.0312 0792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:15:40.0406 0792 KSecDD - ok
16:15:40.0468 0792 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:15:40.0546 0792 lanmanserver - ok
16:15:40.0812 0792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:15:40.0859 0792 lanmanworkstation - ok
16:15:40.0875 0792 lbrtfdc - ok
16:15:40.0921 0792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:15:41.0062 0792 LmHosts - ok
16:15:41.0171 0792 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:15:41.0187 0792 MDM - ok
16:15:41.0234 0792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:15:41.0406 0792 Messenger - ok
16:15:41.0437 0792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:15:41.0609 0792 mnmdd - ok
16:15:41.0640 0792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:15:41.0812 0792 mnmsrvc - ok
16:15:41.0859 0792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:15:42.0015 0792 Modem - ok
16:15:42.0046 0792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:15:42.0203 0792 Mouclass - ok
16:15:42.0250 0792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:15:42.0468 0792 mouhid - ok
16:15:42.0500 0792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:15:42.0640 0792 MountMgr - ok
16:15:42.0765 0792 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:15:42.0812 0792 MpFilter - ok
16:15:42.0984 0792 MpKsled52aaa9 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\MpKsled52aaa9.sys
16:15:43.0000 0792 MpKsled52aaa9 - ok
16:15:43.0046 0792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:15:43.0234 0792 mraid35x - ok
16:15:43.0265 0792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:15:43.0437 0792 MRxDAV - ok
16:15:43.0500 0792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:15:43.0640 0792 MRxSmb - ok
16:15:43.0687 0792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:15:43.0859 0792 MSDTC - ok
16:15:43.0906 0792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:15:44.0046 0792 Msfs - ok
16:15:44.0062 0792 MSIServer - ok
16:15:44.0109 0792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:15:44.0234 0792 MSKSSRV - ok
16:15:44.0312 0792 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:44.0343 0792 MsMpSvc - ok
16:15:44.0406 0792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:15:44.0562 0792 MSPCLOCK - ok
16:15:44.0578 0792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:15:44.0718 0792 MSPQM - ok
16:15:44.0781 0792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:15:44.0906 0792 mssmbios - ok
16:15:44.0937 0792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:15:45.0015 0792 Mup - ok
16:15:45.0078 0792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:15:45.0234 0792 napagent - ok
16:15:45.0250 0792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:15:45.0390 0792 NDIS - ok
16:15:45.0437 0792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:15:45.0468 0792 NdisTapi - ok
16:15:45.0531 0792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:15:45.0687 0792 Ndisuio - ok
16:15:45.0703 0792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:15:45.0890 0792 NdisWan - ok
16:15:45.0937 0792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:15:46.0031 0792 NDProxy - ok
16:15:46.0062 0792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:15:46.0203 0792 NetBIOS - ok
16:15:46.0265 0792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:15:46.0421 0792 NetBT - ok
16:15:46.0468 0792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:46.0609 0792 NetDDE - ok
16:15:46.0625 0792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:46.0750 0792 NetDDEdsdm - ok
16:15:46.0812 0792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:46.0953 0792 Netlogon - ok
16:15:46.0984 0792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:15:47.0109 0792 Netman - ok
16:15:47.0250 0792 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:47.0265 0792 NetTcpPortSharing - ok
16:15:47.0312 0792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:15:47.0390 0792 Nla - ok
16:15:47.0437 0792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:15:47.0562 0792 Npfs - ok
16:15:47.0609 0792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:15:47.0750 0792 Ntfs - ok
16:15:47.0765 0792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:47.0906 0792 NtLmSsp - ok
16:15:47.0968 0792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:15:48.0109 0792 NtmsSvc - ok
16:15:48.0140 0792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:15:48.0359 0792 Null - ok
16:15:48.0546 0792 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:15:48.0687 0792 nv - ok
16:15:48.0843 0792 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
16:15:48.0875 0792 nvatabus ( UnsignedFile.Multi.Generic ) - warning
16:15:48.0875 0792 nvatabus - detected UnsignedFile.Multi.Generic (1)
16:15:48.0890 0792 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
16:15:48.0953 0792 nvraid ( UnsignedFile.Multi.Generic ) - warning
16:15:48.0953 0792 nvraid - detected UnsignedFile.Multi.Generic (1)
16:15:49.0000 0792 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
16:15:49.0062 0792 NVSvc - ok
16:15:49.0140 0792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:15:49.0359 0792 NwlnkFlt - ok
16:15:49.0359 0792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:15:49.0593 0792 NwlnkFwd - ok
16:15:49.0671 0792 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:49.0687 0792 ose - ok
16:15:49.0734 0792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:15:49.0906 0792 Parport - ok
16:15:49.0921 0792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:15:50.0062 0792 PartMgr - ok
16:15:50.0093 0792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:15:50.0281 0792 ParVdm - ok
16:15:50.0421 0792 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
16:15:50.0484 0792 pbfilter - ok
16:15:50.0531 0792 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:15:50.0546 0792 PCASp50 - ok
16:15:50.0562 0792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:15:50.0703 0792 PCI - ok
16:15:50.0718 0792 PCIDump - ok
16:15:50.0750 0792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:15:50.0953 0792 PCIIde - ok
16:15:51.0000 0792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:15:51.0125 0792 Pcmcia - ok
16:15:51.0140 0792 PCTINDIS5 - ok
16:15:51.0140 0792 PDCOMP - ok
16:15:51.0156 0792 PDFRAME - ok
16:15:51.0171 0792 PDRELI - ok
16:15:51.0171 0792 PDRFRAME - ok
16:15:51.0187 0792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:15:51.0343 0792 perc2 - ok
16:15:51.0390 0792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:15:51.0578 0792 perc2hib - ok
16:15:51.0656 0792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:15:51.0671 0792 PlugPlay - ok
16:15:51.0718 0792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:51.0859 0792 PolicyAgent - ok
16:15:51.0906 0792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:15:52.0046 0792 PptpMiniport - ok
16:15:52.0078 0792 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:15:52.0218 0792 Processor - ok
16:15:52.0218 0792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:52.0343 0792 ProtectedStorage - ok
16:15:52.0375 0792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:15:52.0531 0792 PSched - ok
16:15:52.0562 0792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:15:52.0796 0792 Ptilink - ok
16:15:52.0921 0792 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:15:52.0953 0792 PxHelp20 - ok
16:15:53.0000 0792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:15:53.0234 0792 ql1080 - ok
16:15:53.0250 0792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:15:53.0421 0792 Ql10wnt - ok
16:15:53.0453 0792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:15:53.0609 0792 ql12160 - ok
16:15:53.0609 0792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:15:53.0843 0792 ql1240 - ok
16:15:53.0875 0792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:15:54.0046 0792 ql1280 - ok
16:15:54.0062 0792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:15:54.0265 0792 RasAcd - ok
16:15:54.0296 0792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:15:54.0437 0792 RasAuto - ok
16:15:54.0453 0792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:15:54.0593 0792 Rasl2tp - ok
16:15:54.0640 0792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:15:54.0812 0792 RasMan - ok
16:15:54.0828 0792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:15:54.0953 0792 RasPppoe - ok
16:15:54.0968 0792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:15:55.0125 0792 Raspti - ok
16:15:55.0156 0792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:15:55.0312 0792 Rdbss - ok
16:15:55.0343 0792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:15:55.0531 0792 RDPCDD - ok
16:15:55.0593 0792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:15:55.0718 0792 rdpdr - ok
16:15:55.0765 0792 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:15:55.0906 0792 RDPWD - ok
16:15:55.0968 0792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:15:56.0093 0792 RDSessMgr - ok
16:15:56.0109 0792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:15:56.0250 0792 redbook - ok
16:15:56.0312 0792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:15:56.0468 0792 RemoteAccess - ok
16:15:56.0515 0792 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:15:56.0578 0792 RimVSerPort - ok
16:15:56.0609 0792 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:15:56.0828 0792 ROOTMODEM - ok
16:15:56.0859 0792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:15:56.0984 0792 RpcLocator - ok
16:15:57.0046 0792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:15:57.0078 0792 RpcSs - ok
16:15:57.0125 0792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:15:57.0296 0792 RSVP - ok
16:15:57.0359 0792 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\MWP54XP.sys
16:15:57.0453 0792 RT73 - ok
16:15:57.0484 0792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:57.0609 0792 SamSs - ok
16:15:57.0656 0792 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\WINDOWS\system32\SUPDSvc.exe
16:15:57.0703 0792 Samsung UPD Service - ok
16:15:57.0750 0792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:15:57.0890 0792 SCardSvr - ok
16:15:57.0953 0792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:15:58.0093 0792 Schedule - ok
16:15:58.0218 0792 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:15:58.0234 0792 SeaPort - ok
16:15:58.0296 0792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:58.0437 0792 Secdrv - ok
16:15:58.0484 0792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:15:58.0609 0792 seclogon - ok
16:15:58.0656 0792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:15:58.0812 0792 SENS - ok
16:15:58.0859 0792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:15:58.0984 0792 serenum - ok
16:15:59.0031 0792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:15:59.0171 0792 Serial - ok
16:15:59.0234 0792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:59.0375 0792 Sfloppy - ok
16:15:59.0421 0792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:15:59.0578 0792 SharedAccess - ok
16:15:59.0640 0792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:59.0671 0792 ShellHWDetection - ok
16:15:59.0687 0792 Simbad - ok
16:15:59.0750 0792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:15:59.0890 0792 sisagp - ok
16:16:00.0000 0792 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
16:16:00.0015 0792 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
16:16:00.0015 0792 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
16:16:00.0062 0792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:16:00.0140 0792 Sparrow - ok
16:16:00.0156 0792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:16:00.0281 0792 splitter - ok
16:16:00.0328 0792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:16:00.0421 0792 Spooler - ok
16:16:00.0484 0792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:16:00.0625 0792 sr - ok
16:16:00.0671 0792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:16:00.0843 0792 srservice - ok
16:16:00.0906 0792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:16:00.0953 0792 Srv - ok
16:16:01.0015 0792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:16:01.0171 0792 SSDPSRV - ok
16:16:01.0265 0792 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
16:16:01.0453 0792 STHDA - ok
16:16:01.0515 0792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:16:01.0671 0792 stisvc - ok
16:16:01.0750 0792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:16:01.0906 0792 swenum - ok
16:16:01.0953 0792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:16:02.0093 0792 swmidi - ok
16:16:02.0140 0792 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\WINDOWS\System32\drivers\swmsflt.sys
16:16:02.0140 0792 swmsflt - ok
16:16:02.0203 0792 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
16:16:02.0281 0792 SWNC8U56 - ok
16:16:02.0296 0792 SwPrv - ok
16:16:02.0343 0792 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx56.sys
16:16:02.0437 0792 SWUMX56 - ok
16:16:02.0484 0792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:16:02.0656 0792 symc810 - ok
16:16:02.0671 0792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:16:02.0890 0792 symc8xx - ok
16:16:02.0921 0792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:16:03.0140 0792 sym_hi - ok
16:16:03.0156 0792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:16:03.0296 0792 sym_u3 - ok
16:16:03.0328 0792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:16:03.0468 0792 sysaudio - ok
16:16:03.0531 0792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:16:03.0656 0792 SysmonLog - ok
16:16:03.0687 0792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:16:03.0828 0792 TapiSrv - ok
16:16:03.0890 0792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:16:03.0953 0792 Tcpip - ok
16:16:04.0015 0792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:16:04.0156 0792 TDPIPE - ok
16:16:04.0187 0792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:16:04.0328 0792 TDTCP - ok
16:16:04.0375 0792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:16:04.0500 0792 TermDD - ok
16:16:04.0578 0792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:16:04.0734 0792 TermService - ok
16:16:04.0812 0792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:16:04.0828 0792 Themes - ok
16:16:04.0859 0792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:16:05.0062 0792 TosIde - ok
16:16:05.0109 0792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:16:05.0250 0792 TrkWks - ok
16:16:05.0281 0792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:16:05.0437 0792 Udfs - ok
16:16:05.0453 0792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:16:05.0500 0792 ultra - ok
16:16:05.0593 0792 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:16:05.0625 0792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:16:05.0625 0792 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:16:05.0687 0792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:16:05.0859 0792 Update - ok
16:16:05.0906 0792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:16:06.0062 0792 upnphost - ok
16:16:06.0109 0792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:16:06.0250 0792 UPS - ok
16:16:06.0265 0792 USBAAPL - ok
16:16:06.0312 0792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:16:06.0453 0792 usbccgp - ok
16:16:06.0484 0792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:16:06.0656 0792 usbehci - ok
16:16:06.0687 0792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:16:06.0859 0792 usbhub - ok
16:16:06.0906 0792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:16:07.0046 0792 usbohci - ok
16:16:07.0093 0792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:16:07.0234 0792 usbprint - ok
16:16:07.0265 0792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:16:07.0390 0792 usbscan - ok
16:16:07.0437 0792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:16:07.0562 0792 USBSTOR - ok
16:16:07.0640 0792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:16:07.0765 0792 usbuhci - ok
16:16:07.0843 0792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:16:08.0046 0792 VgaSave - ok
16:16:08.0156 0792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:16:08.0281 0792 viaagp - ok
16:16:08.0328 0792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:16:08.0484 0792 ViaIde - ok
16:16:08.0531 0792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:16:08.0671 0792 VolSnap - ok
16:16:08.0734 0792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:16:08.0875 0792 VSS - ok
16:16:08.0921 0792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:16:09.0062 0792 Wanarp - ok
16:16:09.0109 0792 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:16:09.0187 0792 WDC_SAM - ok
16:16:09.0281 0792 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:16:09.0328 0792 WDDMService ( UnsignedFile.Multi.Generic ) - warning
16:16:09.0328 0792 WDDMService - detected UnsignedFile.Multi.Generic (1)
16:16:09.0390 0792 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:16:09.0421 0792 Wdf01000 - ok
16:16:09.0437 0792 WDICA - ok
16:16:09.0484 0792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:16:09.0640 0792 wdmaud - ok
16:16:09.0640 0792 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
16:16:09.0687 0792 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
16:16:09.0687 0792 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
16:16:09.0750 0792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:16:09.0906 0792 WebClient - ok
16:16:10.0000 0792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:16:10.0156 0792 winmgmt - ok
16:16:10.0203 0792 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:16:10.0218 0792 WinUSB - ok
16:16:10.0250 0792 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:16:10.0375 0792 WmdmPmSN - ok
16:16:10.0421 0792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:16:10.0609 0792 WmiApSrv - ok
16:16:10.0671 0792 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:16:10.0796 0792 WMPNetworkSvc - ok
16:16:11.0421 0792 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:16:11.0468 0792 WPFFontCache_v0400 - ok
16:16:11.0609 0792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:16:11.0843 0792 WS2IFSL - ok
16:16:11.0890 0792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:16:12.0078 0792 wscsvc - ok
16:16:12.0109 0792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:16:12.0250 0792 wuauserv - ok
16:16:12.0312 0792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:16:12.0390 0792 WudfPf - ok
16:16:12.0390 0792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:16:12.0453 0792 WudfRd - ok
16:16:12.0515 0792 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:16:12.0546 0792 WudfSvc - ok
16:16:12.0593 0792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:16:12.0796 0792 WZCSVC - ok
16:16:12.0796 0792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:16:12.0968 0792 xmlprov - ok
16:16:13.0046 0792 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
16:16:13.0515 0792 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:16:13.0515 0792 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:16:13.0531 0792 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR4
16:16:13.0734 0792 \Device\Harddisk1\DR4 - ok
16:16:13.0750 0792 Boot (0x1200) (52b2c51c6daee5404cce272d1e0b0d5e) \Device\Harddisk0\DR0\Partition0
16:16:13.0750 0792 \Device\Harddisk0\DR0\Partition0 - ok
16:16:13.0750 0792 Boot (0x1200) (dc07722757bc7e090a750d29b8d2355c) \Device\Harddisk1\DR4\Partition0
16:16:13.0750 0792 \Device\Harddisk1\DR4\Partition0 - ok
16:16:13.0765 0792 ============================================================
16:16:13.0765 0792 Scan finished
16:16:13.0765 0792 ============================================================
16:16:13.0875 3240 Detected object count: 9
16:16:13.0875 3240 Actual detected object count: 9
16:19:24.0828 3240 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0921 3240 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:19:24.0937 3240 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
16:19:24.0937 3240 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
16:19:25.0031 3240 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
16:19:28.0140 3240 \Device\Harddisk0\DR0\TDLFS - deleted
16:19:28.0140 3240 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#7
Lucas Buck
Posted 17 July 2012 - 04:52 PM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
16:14:43.0531 2376 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
16:14:44.0000 2376 ============================================================
16:14:44.0000 2376 Current date / time: 2012/07/17 16:14:44.0000
16:14:44.0000 2376 SystemInfo:
16:14:44.0000 2376
16:14:44.0000 2376 OS Version: 5.1.2600 ServicePack: 3.0
16:14:44.0000 2376 Product type: Workstation
16:14:44.0000 2376 ComputerName: MAIN
16:14:44.0000 2376 UserName: Jake
16:14:44.0000 2376 Windows directory: C:\WINDOWS
16:14:44.0000 2376 System windows directory: C:\WINDOWS
16:14:44.0000 2376 Processor architecture: Intel x86
16:14:44.0000 2376 Number of processors: 1
16:14:44.0000 2376 Page size: 0x1000
16:14:44.0000 2376 Boot type: Normal boot
16:14:44.0000 2376 ============================================================
16:14:46.0468 2376 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:14:52.0593 2376 Drive \Device\Harddisk1\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 \Device\Harddisk0\DR0:
16:14:52.0609 2376 MBR partitions:
16:14:52.0609 2376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EB68A3
16:14:52.0609 2376 \Device\Harddisk1\DR4:
16:14:52.0609 2376 MBR partitions:
16:14:52.0609 2376 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 C: <-> \Device\Harddisk0\DR0\Partition0
16:14:52.0609 2376 F: <-> \Device\Harddisk1\DR4\Partition0
16:14:52.0609 2376 ============================================================
16:14:52.0609 2376 Initialize success
16:14:52.0609 2376 ============================================================
16:15:13.0890 0792 ============================================================
16:15:13.0890 0792 Scan started
16:15:13.0890 0792 Mode: Manual; SigCheck; TDLFS;
16:15:13.0890 0792 ============================================================
16:15:14.0109 0792 Abiosdsk - ok
16:15:14.0171 0792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:15:16.0796 0792 abp480n5 - ok
16:15:16.0875 0792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:15:17.0140 0792 ACPI - ok
16:15:17.0171 0792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:15:17.0343 0792 ACPIEC - ok
16:15:17.0484 0792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:17.0500 0792 AdobeFlashPlayerUpdateSvc - ok
16:15:17.0531 0792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:15:17.0718 0792 adpu160m - ok
16:15:17.0875 0792 AdvancedSystemCareService5 (1d8d19a29e695bdc07f1d4e7c90d1cac) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:15:17.0890 0792 AdvancedSystemCareService5 - ok
16:15:17.0937 0792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:15:18.0093 0792 aec - ok
16:15:18.0156 0792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:15:18.0281 0792 AFD - ok
16:15:18.0343 0792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:15:18.0531 0792 agp440 - ok
16:15:18.0562 0792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:15:18.0734 0792 agpCPQ - ok
16:15:18.0750 0792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:15:18.0843 0792 Aha154x - ok
16:15:18.0859 0792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:15:19.0140 0792 aic78u2 - ok
16:15:19.0171 0792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:15:19.0375 0792 aic78xx - ok
16:15:19.0640 0792 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
16:15:19.0640 0792 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
16:15:19.0656 0792 Akamai ( HiddenFile.Multi.Generic ) - warning
16:15:19.0656 0792 Akamai - detected HiddenFile.Multi.Generic (1)
16:15:19.0828 0792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:15:19.0984 0792 Alerter - ok
16:15:20.0015 0792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:15:20.0187 0792 ALG - ok
16:15:20.0296 0792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:15:20.0546 0792 AliIde - ok
16:15:20.0562 0792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:15:20.0906 0792 alim1541 - ok
16:15:20.0937 0792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:15:21.0109 0792 amdagp - ok
16:15:21.0156 0792 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:15:21.0265 0792 AmdK8 - ok
16:15:21.0296 0792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:15:21.0406 0792 amsint - ok
16:15:21.0421 0792 AppMgmt - ok
16:15:21.0437 0792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:15:21.0625 0792 asc - ok
16:15:21.0656 0792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:15:21.0734 0792 asc3350p - ok
16:15:21.0781 0792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:15:22.0062 0792 asc3550 - ok
16:15:22.0562 0792 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:15:22.0578 0792 aspnet_state - ok
16:15:22.0640 0792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:15:22.0859 0792 AsyncMac - ok
16:15:22.0953 0792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:15:23.0109 0792 atapi - ok
16:15:23.0109 0792 Atdisk - ok
16:15:23.0156 0792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:15:23.0343 0792 Atmarpc - ok
16:15:23.0406 0792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:15:23.0734 0792 AudioSrv - ok
16:15:23.0765 0792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:15:23.0968 0792 audstub - ok
16:15:24.0000 0792 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:15:24.0125 0792 bcm4sbxp - ok
16:15:24.0140 0792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:15:24.0359 0792 Beep - ok
16:15:24.0437 0792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:15:24.0671 0792 BITS - ok
16:15:24.0812 0792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:15:24.0843 0792 Bonjour Service - ok
16:15:24.0890 0792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:15:25.0109 0792 Browser - ok
16:15:25.0140 0792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:15:25.0359 0792 cbidf - ok
16:15:25.0375 0792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:15:25.0546 0792 cbidf2k - ok
16:15:25.0578 0792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:15:25.0656 0792 cd20xrnt - ok
16:15:25.0718 0792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:15:25.0953 0792 Cdaudio - ok
16:15:25.0968 0792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:15:26.0125 0792 Cdfs - ok
16:15:26.0156 0792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:15:26.0281 0792 Cdrom - ok
16:15:26.0281 0792 Changer - ok
16:15:26.0328 0792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:15:26.0578 0792 CiSvc - ok
16:15:26.0625 0792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:15:26.0828 0792 ClipSrv - ok
16:15:26.0984 0792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:27.0000 0792 clr_optimization_v2.0.50727_32 - ok
16:15:27.0421 0792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:27.0453 0792 clr_optimization_v4.0.30319_32 - ok
16:15:27.0484 0792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:15:27.0687 0792 CmdIde - ok
16:15:27.0703 0792 COMSysApp - ok
16:15:27.0734 0792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:15:27.0937 0792 Cpqarray - ok
16:15:27.0984 0792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:15:28.0125 0792 CryptSvc - ok
16:15:28.0171 0792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:15:28.0375 0792 dac2w2k - ok
16:15:28.0406 0792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:15:28.0609 0792 dac960nt - ok
16:15:28.0687 0792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:15:28.0796 0792 DcomLaunch - ok
16:15:28.0843 0792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:15:29.0000 0792 Dhcp - ok
16:15:29.0046 0792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:15:29.0171 0792 Disk - ok
16:15:29.0171 0792 dmadmin - ok
16:15:29.0250 0792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:15:29.0453 0792 dmboot - ok
16:15:29.0484 0792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:15:29.0640 0792 dmio - ok
16:15:29.0671 0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:15:29.0906 0792 dmload - ok
16:15:29.0953 0792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:15:30.0109 0792 dmserver - ok
16:15:30.0140 0792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:15:30.0296 0792 DMusic - ok
16:15:30.0343 0792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:15:30.0500 0792 Dnscache - ok
16:15:30.0562 0792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:15:30.0703 0792 Dot3svc - ok
16:15:30.0718 0792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:15:30.0953 0792 dpti2o - ok
16:15:31.0000 0792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:15:31.0109 0792 drmkaud - ok
16:15:31.0156 0792 DSproct - ok
16:15:31.0187 0792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:15:31.0375 0792 E100B - ok
16:15:31.0406 0792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:15:31.0562 0792 EapHost - ok
16:15:31.0609 0792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:15:31.0765 0792 ERSvc - ok
16:15:31.0828 0792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:15:31.0875 0792 Eventlog - ok
16:15:31.0921 0792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:15:32.0015 0792 EventSystem - ok
16:15:32.0031 0792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:15:32.0187 0792 Fastfat - ok
16:15:32.0234 0792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:32.0312 0792 FastUserSwitchingCompatibility - ok
16:15:32.0375 0792 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:15:32.0531 0792 Fax - ok
16:15:32.0578 0792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:15:32.0718 0792 Fdc - ok
16:15:32.0796 0792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:15:32.0937 0792 Fips - ok
16:15:32.0984 0792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:15:33.0140 0792 Flpydisk - ok
16:15:33.0187 0792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:15:33.0312 0792 FltMgr - ok
16:15:33.0484 0792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:33.0500 0792 FontCache3.0.0.0 - ok
16:15:33.0546 0792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:15:33.0750 0792 Fs_Rec - ok
16:15:33.0765 0792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:15:33.0968 0792 Ftdisk - ok
16:15:34.0000 0792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:15:34.0015 0792 GEARAspiWDM - ok
16:15:34.0062 0792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:15:34.0203 0792 Gpc - ok
16:15:34.0250 0792 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
16:15:34.0296 0792 grmnusb ( UnsignedFile.Multi.Generic ) - warning
16:15:34.0296 0792 grmnusb - detected UnsignedFile.Multi.Generic (1)
16:15:34.0421 0792 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:34.0453 0792 gupdate - ok
16:15:34.0453 0792 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:34.0468 0792 gupdatem - ok
16:15:34.0515 0792 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:15:34.0546 0792 gusvc - ok
16:15:34.0562 0792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:15:34.0734 0792 HDAudBus - ok
16:15:34.0828 0792 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:15:34.0984 0792 helpsvc - ok
16:15:35.0000 0792 HidServ - ok
16:15:35.0031 0792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:15:35.0187 0792 HidUsb - ok
16:15:35.0234 0792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:15:35.0359 0792 hkmsvc - ok
16:15:35.0406 0792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:15:35.0562 0792 hpn - ok
16:15:35.0625 0792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:15:35.0703 0792 HTTP - ok
16:15:35.0750 0792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:15:35.0921 0792 HTTPFilter - ok
16:15:35.0953 0792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:15:36.0109 0792 i2omgmt - ok
16:15:36.0140 0792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:15:36.0281 0792 i2omp - ok
16:15:36.0296 0792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:15:36.0453 0792 i8042prt - ok
16:15:36.0578 0792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:36.0625 0792 idsvc - ok
16:15:36.0656 0792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:15:36.0828 0792 Imapi - ok
16:15:37.0015 0792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:15:37.0171 0792 ImapiService - ok
16:15:37.0218 0792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:15:37.0437 0792 ini910u - ok
16:15:37.0484 0792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:15:37.0640 0792 IntelIde - ok
16:15:37.0703 0792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:15:37.0875 0792 intelppm - ok
16:15:37.0921 0792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:15:38.0125 0792 Ip6Fw - ok
16:15:38.0156 0792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:15:38.0359 0792 IpFilterDriver - ok
16:15:38.0375 0792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:15:38.0500 0792 IpInIp - ok
16:15:38.0531 0792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:15:38.0687 0792 IpNat - ok
16:15:38.0812 0792 iPod Service (3c30491045dbbd44a42876b3d6f3917d) C:\Program Files\iPod\bin\iPodService.exe
16:15:38.0843 0792 iPod Service - ok
16:15:38.0875 0792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:15:39.0015 0792 IPSec - ok
16:15:39.0062 0792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:15:39.0218 0792 IRENUM - ok
16:15:39.0250 0792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:15:39.0406 0792 isapnp - ok
16:15:39.0453 0792 jakndis (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:15:39.0515 0792 jakndis - ok
16:15:39.0515 0792 jakndisMP (49b94ea1d51ce04570a565e49aeac138) C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:15:39.0531 0792 jakndisMP - ok
16:15:39.0671 0792 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:15:39.0703 0792 JavaQuickStarterService - ok
16:15:39.0718 0792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:15:39.0906 0792 Kbdclass - ok
16:15:39.0937 0792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:15:40.0062 0792 kbdhid - ok
16:15:40.0109 0792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:15:40.0281 0792 kmixer - ok
16:15:40.0312 0792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:15:40.0406 0792 KSecDD - ok
16:15:40.0468 0792 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:15:40.0546 0792 lanmanserver - ok
16:15:40.0812 0792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:15:40.0859 0792 lanmanworkstation - ok
16:15:40.0875 0792 lbrtfdc - ok
16:15:40.0921 0792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:15:41.0062 0792 LmHosts - ok
16:15:41.0171 0792 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:15:41.0187 0792 MDM - ok
16:15:41.0234 0792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:15:41.0406 0792 Messenger - ok
16:15:41.0437 0792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:15:41.0609 0792 mnmdd - ok
16:15:41.0640 0792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:15:41.0812 0792 mnmsrvc - ok
16:15:41.0859 0792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:15:42.0015 0792 Modem - ok
16:15:42.0046 0792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:15:42.0203 0792 Mouclass - ok
16:15:42.0250 0792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:15:42.0468 0792 mouhid - ok
16:15:42.0500 0792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:15:42.0640 0792 MountMgr - ok
16:15:42.0765 0792 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:15:42.0812 0792 MpFilter - ok
16:15:42.0984 0792 MpKsled52aaa9 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\MpKsled52aaa9.sys
16:15:43.0000 0792 MpKsled52aaa9 - ok
16:15:43.0046 0792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:15:43.0234 0792 mraid35x - ok
16:15:43.0265 0792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:15:43.0437 0792 MRxDAV - ok
16:15:43.0500 0792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:15:43.0640 0792 MRxSmb - ok
16:15:43.0687 0792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:15:43.0859 0792 MSDTC - ok
16:15:43.0906 0792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:15:44.0046 0792 Msfs - ok
16:15:44.0062 0792 MSIServer - ok
16:15:44.0109 0792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:15:44.0234 0792 MSKSSRV - ok
16:15:44.0312 0792 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:44.0343 0792 MsMpSvc - ok
16:15:44.0406 0792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:15:44.0562 0792 MSPCLOCK - ok
16:15:44.0578 0792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:15:44.0718 0792 MSPQM - ok
16:15:44.0781 0792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:15:44.0906 0792 mssmbios - ok
16:15:44.0937 0792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:15:45.0015 0792 Mup - ok
16:15:45.0078 0792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:15:45.0234 0792 napagent - ok
16:15:45.0250 0792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:15:45.0390 0792 NDIS - ok
16:15:45.0437 0792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:15:45.0468 0792 NdisTapi - ok
16:15:45.0531 0792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:15:45.0687 0792 Ndisuio - ok
16:15:45.0703 0792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:15:45.0890 0792 NdisWan - ok
16:15:45.0937 0792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:15:46.0031 0792 NDProxy - ok
16:15:46.0062 0792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:15:46.0203 0792 NetBIOS - ok
16:15:46.0265 0792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:15:46.0421 0792 NetBT - ok
16:15:46.0468 0792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:46.0609 0792 NetDDE - ok
16:15:46.0625 0792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:46.0750 0792 NetDDEdsdm - ok
16:15:46.0812 0792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:46.0953 0792 Netlogon - ok
16:15:46.0984 0792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:15:47.0109 0792 Netman - ok
16:15:47.0250 0792 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:47.0265 0792 NetTcpPortSharing - ok
16:15:47.0312 0792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:15:47.0390 0792 Nla - ok
16:15:47.0437 0792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:15:47.0562 0792 Npfs - ok
16:15:47.0609 0792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:15:47.0750 0792 Ntfs - ok
16:15:47.0765 0792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:47.0906 0792 NtLmSsp - ok
16:15:47.0968 0792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:15:48.0109 0792 NtmsSvc - ok
16:15:48.0140 0792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:15:48.0359 0792 Null - ok
16:15:48.0546 0792 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:15:48.0687 0792 nv - ok
16:15:48.0843 0792 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
16:15:48.0875 0792 nvatabus ( UnsignedFile.Multi.Generic ) - warning
16:15:48.0875 0792 nvatabus - detected UnsignedFile.Multi.Generic (1)
16:15:48.0890 0792 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
16:15:48.0953 0792 nvraid ( UnsignedFile.Multi.Generic ) - warning
16:15:48.0953 0792 nvraid - detected UnsignedFile.Multi.Generic (1)
16:15:49.0000 0792 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
16:15:49.0062 0792 NVSvc - ok
16:15:49.0140 0792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:15:49.0359 0792 NwlnkFlt - ok
16:15:49.0359 0792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:15:49.0593 0792 NwlnkFwd - ok
16:15:49.0671 0792 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:49.0687 0792 ose - ok
16:15:49.0734 0792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:15:49.0906 0792 Parport - ok
16:15:49.0921 0792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:15:50.0062 0792 PartMgr - ok
16:15:50.0093 0792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:15:50.0281 0792 ParVdm - ok
16:15:50.0421 0792 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
16:15:50.0484 0792 pbfilter - ok
16:15:50.0531 0792 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:15:50.0546 0792 PCASp50 - ok
16:15:50.0562 0792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:15:50.0703 0792 PCI - ok
16:15:50.0718 0792 PCIDump - ok
16:15:50.0750 0792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:15:50.0953 0792 PCIIde - ok
16:15:51.0000 0792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:15:51.0125 0792 Pcmcia - ok
16:15:51.0140 0792 PCTINDIS5 - ok
16:15:51.0140 0792 PDCOMP - ok
16:15:51.0156 0792 PDFRAME - ok
16:15:51.0171 0792 PDRELI - ok
16:15:51.0171 0792 PDRFRAME - ok
16:15:51.0187 0792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:15:51.0343 0792 perc2 - ok
16:15:51.0390 0792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:15:51.0578 0792 perc2hib - ok
16:15:51.0656 0792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:15:51.0671 0792 PlugPlay - ok
16:15:51.0718 0792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:51.0859 0792 PolicyAgent - ok
16:15:51.0906 0792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:15:52.0046 0792 PptpMiniport - ok
16:15:52.0078 0792 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:15:52.0218 0792 Processor - ok
16:15:52.0218 0792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:52.0343 0792 ProtectedStorage - ok
16:15:52.0375 0792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:15:52.0531 0792 PSched - ok
16:15:52.0562 0792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:15:52.0796 0792 Ptilink - ok
16:15:52.0921 0792 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:15:52.0953 0792 PxHelp20 - ok
16:15:53.0000 0792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:15:53.0234 0792 ql1080 - ok
16:15:53.0250 0792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:15:53.0421 0792 Ql10wnt - ok
16:15:53.0453 0792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:15:53.0609 0792 ql12160 - ok
16:15:53.0609 0792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:15:53.0843 0792 ql1240 - ok
16:15:53.0875 0792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:15:54.0046 0792 ql1280 - ok
16:15:54.0062 0792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:15:54.0265 0792 RasAcd - ok
16:15:54.0296 0792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:15:54.0437 0792 RasAuto - ok
16:15:54.0453 0792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:15:54.0593 0792 Rasl2tp - ok
16:15:54.0640 0792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:15:54.0812 0792 RasMan - ok
16:15:54.0828 0792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:15:54.0953 0792 RasPppoe - ok
16:15:54.0968 0792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:15:55.0125 0792 Raspti - ok
16:15:55.0156 0792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:15:55.0312 0792 Rdbss - ok
16:15:55.0343 0792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:15:55.0531 0792 RDPCDD - ok
16:15:55.0593 0792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:15:55.0718 0792 rdpdr - ok
16:15:55.0765 0792 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:15:55.0906 0792 RDPWD - ok
16:15:55.0968 0792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:15:56.0093 0792 RDSessMgr - ok
16:15:56.0109 0792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:15:56.0250 0792 redbook - ok
16:15:56.0312 0792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:15:56.0468 0792 RemoteAccess - ok
16:15:56.0515 0792 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:15:56.0578 0792 RimVSerPort - ok
16:15:56.0609 0792 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:15:56.0828 0792 ROOTMODEM - ok
16:15:56.0859 0792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:15:56.0984 0792 RpcLocator - ok
16:15:57.0046 0792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:15:57.0078 0792 RpcSs - ok
16:15:57.0125 0792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:15:57.0296 0792 RSVP - ok
16:15:57.0359 0792 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\MWP54XP.sys
16:15:57.0453 0792 RT73 - ok
16:15:57.0484 0792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:57.0609 0792 SamSs - ok
16:15:57.0656 0792 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\WINDOWS\system32\SUPDSvc.exe
16:15:57.0703 0792 Samsung UPD Service - ok
16:15:57.0750 0792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:15:57.0890 0792 SCardSvr - ok
16:15:57.0953 0792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:15:58.0093 0792 Schedule - ok
16:15:58.0218 0792 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:15:58.0234 0792 SeaPort - ok
16:15:58.0296 0792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:58.0437 0792 Secdrv - ok
16:15:58.0484 0792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:15:58.0609 0792 seclogon - ok
16:15:58.0656 0792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:15:58.0812 0792 SENS - ok
16:15:58.0859 0792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:15:58.0984 0792 serenum - ok
16:15:59.0031 0792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:15:59.0171 0792 Serial - ok
16:15:59.0234 0792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:59.0375 0792 Sfloppy - ok
16:15:59.0421 0792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:15:59.0578 0792 SharedAccess - ok
16:15:59.0640 0792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:59.0671 0792 ShellHWDetection - ok
16:15:59.0687 0792 Simbad - ok
16:15:59.0750 0792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:15:59.0890 0792 sisagp - ok
16:16:00.0000 0792 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
16:16:00.0015 0792 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
16:16:00.0015 0792 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
16:16:00.0062 0792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:16:00.0140 0792 Sparrow - ok
16:16:00.0156 0792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:16:00.0281 0792 splitter - ok
16:16:00.0328 0792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:16:00.0421 0792 Spooler - ok
16:16:00.0484 0792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:16:00.0625 0792 sr - ok
16:16:00.0671 0792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:16:00.0843 0792 srservice - ok
16:16:00.0906 0792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:16:00.0953 0792 Srv - ok
16:16:01.0015 0792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:16:01.0171 0792 SSDPSRV - ok
16:16:01.0265 0792 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
16:16:01.0453 0792 STHDA - ok
16:16:01.0515 0792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:16:01.0671 0792 stisvc - ok
16:16:01.0750 0792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:16:01.0906 0792 swenum - ok
16:16:01.0953 0792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:16:02.0093 0792 swmidi - ok
16:16:02.0140 0792 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\WINDOWS\System32\drivers\swmsflt.sys
16:16:02.0140 0792 swmsflt - ok
16:16:02.0203 0792 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
16:16:02.0281 0792 SWNC8U56 - ok
16:16:02.0296 0792 SwPrv - ok
16:16:02.0343 0792 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx56.sys
16:16:02.0437 0792 SWUMX56 - ok
16:16:02.0484 0792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:16:02.0656 0792 symc810 - ok
16:16:02.0671 0792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:16:02.0890 0792 symc8xx - ok
16:16:02.0921 0792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:16:03.0140 0792 sym_hi - ok
16:16:03.0156 0792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:16:03.0296 0792 sym_u3 - ok
16:16:03.0328 0792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:16:03.0468 0792 sysaudio - ok
16:16:03.0531 0792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:16:03.0656 0792 SysmonLog - ok
16:16:03.0687 0792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:16:03.0828 0792 TapiSrv - ok
16:16:03.0890 0792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:16:03.0953 0792 Tcpip - ok
16:16:04.0015 0792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:16:04.0156 0792 TDPIPE - ok
16:16:04.0187 0792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:16:04.0328 0792 TDTCP - ok
16:16:04.0375 0792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:16:04.0500 0792 TermDD - ok
16:16:04.0578 0792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:16:04.0734 0792 TermService - ok
16:16:04.0812 0792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:16:04.0828 0792 Themes - ok
16:16:04.0859 0792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:16:05.0062 0792 TosIde - ok
16:16:05.0109 0792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:16:05.0250 0792 TrkWks - ok
16:16:05.0281 0792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:16:05.0437 0792 Udfs - ok
16:16:05.0453 0792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:16:05.0500 0792 ultra - ok
16:16:05.0593 0792 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:16:05.0625 0792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:16:05.0625 0792 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:16:05.0687 0792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:16:05.0859 0792 Update - ok
16:16:05.0906 0792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:16:06.0062 0792 upnphost - ok
16:16:06.0109 0792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:16:06.0250 0792 UPS - ok
16:16:06.0265 0792 USBAAPL - ok
16:16:06.0312 0792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:16:06.0453 0792 usbccgp - ok
16:16:06.0484 0792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:16:06.0656 0792 usbehci - ok
16:16:06.0687 0792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:16:06.0859 0792 usbhub - ok
16:16:06.0906 0792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:16:07.0046 0792 usbohci - ok
16:16:07.0093 0792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:16:07.0234 0792 usbprint - ok
16:16:07.0265 0792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:16:07.0390 0792 usbscan - ok
16:16:07.0437 0792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:16:07.0562 0792 USBSTOR - ok
16:16:07.0640 0792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:16:07.0765 0792 usbuhci - ok
16:16:07.0843 0792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:16:08.0046 0792 VgaSave - ok
16:16:08.0156 0792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:16:08.0281 0792 viaagp - ok
16:16:08.0328 0792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:16:08.0484 0792 ViaIde - ok
16:16:08.0531 0792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:16:08.0671 0792 VolSnap - ok
16:16:08.0734 0792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:16:08.0875 0792 VSS - ok
16:16:08.0921 0792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:16:09.0062 0792 Wanarp - ok
16:16:09.0109 0792 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:16:09.0187 0792 WDC_SAM - ok
16:16:09.0281 0792 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:16:09.0328 0792 WDDMService ( UnsignedFile.Multi.Generic ) - warning
16:16:09.0328 0792 WDDMService - detected UnsignedFile.Multi.Generic (1)
16:16:09.0390 0792 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:16:09.0421 0792 Wdf01000 - ok
16:16:09.0437 0792 WDICA - ok
16:16:09.0484 0792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:16:09.0640 0792 wdmaud - ok
16:16:09.0640 0792 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
16:16:09.0687 0792 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
16:16:09.0687 0792 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
16:16:09.0750 0792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:16:09.0906 0792 WebClient - ok
16:16:10.0000 0792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:16:10.0156 0792 winmgmt - ok
16:16:10.0203 0792 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:16:10.0218 0792 WinUSB - ok
16:16:10.0250 0792 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:16:10.0375 0792 WmdmPmSN - ok
16:16:10.0421 0792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:16:10.0609 0792 WmiApSrv - ok
16:16:10.0671 0792 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:16:10.0796 0792 WMPNetworkSvc - ok
16:16:11.0421 0792 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:16:11.0468 0792 WPFFontCache_v0400 - ok
16:16:11.0609 0792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:16:11.0843 0792 WS2IFSL - ok
16:16:11.0890 0792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:16:12.0078 0792 wscsvc - ok
16:16:12.0109 0792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:16:12.0250 0792 wuauserv - ok
16:16:12.0312 0792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:16:12.0390 0792 WudfPf - ok
16:16:12.0390 0792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:16:12.0453 0792 WudfRd - ok
16:16:12.0515 0792 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:16:12.0546 0792 WudfSvc - ok
16:16:12.0593 0792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:16:12.0796 0792 WZCSVC - ok
16:16:12.0796 0792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:16:12.0968 0792 xmlprov - ok
16:16:13.0046 0792 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
16:16:13.0515 0792 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:16:13.0515 0792 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:16:13.0531 0792 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR4
16:16:13.0734 0792 \Device\Harddisk1\DR4 - ok
16:16:13.0750 0792 Boot (0x1200) (52b2c51c6daee5404cce272d1e0b0d5e) \Device\Harddisk0\DR0\Partition0
16:16:13.0750 0792 \Device\Harddisk0\DR0\Partition0 - ok
16:16:13.0750 0792 Boot (0x1200) (dc07722757bc7e090a750d29b8d2355c) \Device\Harddisk1\DR4\Partition0
16:16:13.0750 0792 \Device\Harddisk1\DR4\Partition0 - ok
16:16:13.0765 0792 ============================================================
16:16:13.0765 0792 Scan finished
16:16:13.0765 0792 ============================================================
16:16:13.0875 3240 Detected object count: 9
16:16:13.0875 3240 Actual detected object count: 9
16:19:24.0828 3240 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0828 3240 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0828 3240 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0843 3240 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:24.0843 3240 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:19:24.0921 3240 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:19:24.0937 3240 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
16:19:24.0937 3240 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
16:19:25.0031 3240 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
16:19:28.0140 3240 \Device\Harddisk0\DR0\TDLFS - deleted
16:19:28.0140 3240 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#8
maliprog
Posted 17 July 2012 - 11:06 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Lucas Buck,

You posted TDSSKiller log twice. Please post Combofix log here for me.
  • 0

#9
Lucas Buck
Posted 18 July 2012 - 11:04 AM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Sorry about that!


ComboFix 12-07-18.04 - Jake 07/18/2012 10:51:33.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.634 [GMT -6:00]
Running from: c:\documents and settings\Jake\My Documents\Downloads\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\searchplugins\bing-zugo.xml
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-17 22:20 . 2012-07-17 22:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\offreg.dll
2012-07-17 22:19 . 2012-07-17 22:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 17:54 . 2012-07-17 17:54 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\MpKsled52aaa9.sys
2012-07-17 17:52 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\mpengine.dll
2012-07-17 17:17 . 2012-07-17 17:17 -------- d-----w- C:\_OTL
2012-07-16 16:29 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2004-08-10 17:51 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-03 16:44 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 17:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 17:51 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19 . 2007-07-31 01:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2004-08-10 18:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2004-08-10 18:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2004-08-10 18:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-07-31 01:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2004-08-10 18:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2004-08-10 18:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2004-08-10 17:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2007-07-31 01:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2004-08-10 18:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2004-08-10 18:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 21:18 . 2010-08-25 11:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18 . 2010-08-25 11:52 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 21:18 . 2010-08-25 11:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 21:18 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_22.41.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 16:14 . 2012-07-18 16:14 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2012-07-18 16:14 . 2012-07-18 16:14 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-05-09 09:49 176936 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Jake\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Jake\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Jake\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Jake\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-13 68856]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"Akamai NetSession Interface"="c:\documents and settings\Jake\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-09 619352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"nwiz"="nwiz.exe" [2006-08-24 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7630848]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-23 169984]
"TuneRanger"="c:\program files\Acertant\TuneRanger\TuneRangerHelper.exe" [2007-12-13 951976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-17 296056]
.
c:\documents and settings\Jake\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jake\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Harmony Monitor.lnk - c:\program files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-1-20 81920]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windy31_Manager\\Common\\Windy31DHCP.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Acertant\\TuneRanger\\TuneRangerHelper.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Reader\\Data\\bin\\eBook Library.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Documents and Settings\\Jake\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Jake\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\Jake\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Jake\\Local Settings\\Application Data\\MediaGet2\\mediaget.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 MpKsled52aaa9;MpKsled52aaa9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC81A2BA-F4AE-473B-9EDF-B20C1DED9AE1}\MpKsled52aaa9.sys [7/17/2012 11:54 AM 29904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/9/2011 11:51 AM 494424]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 11:51 AM 14336]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 jakndisMP;jakndisMP;c:\windows\system32\drivers\jakndis.sys [3/28/2012 11:51 AM 30016]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/30/2010 5:29 PM 19056]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 6:20 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 10:18 AM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 6:20 PM 135664]
S3 jakndis;Jaksta Service;c:\windows\system32\drivers\jakndis.sys [3/28/2012 11:51 AM 30016]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [6/7/2011 7:16 PM 131888]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 10:42 AM 73856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/11/2011 3:53 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 00:20]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589004260-2341141940-3578749746-1007UA.job
- c:\documents and settings\Jake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-06 20:37]
.
2012-07-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1589004260-2341141940-3578749746-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2012-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1589004260-2341141940-3578749746-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/library/app/feedback/?Md5=DB6E909FFCB8081AB75F5308E1DD3916
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\v8qq3bwo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: <?xmlversion=1.0 encoding=UTF-8?><RDF xmlns:em=http://www.mozilla.org/2004/em-rdf# xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns#><Description about=urn:mozilla:install-manifest><em:creator>Jeteye: {d07a4843-111f-4699-8551-8ce2afa075cd} - %profile%\extensions\{d07a4843-111f-4699-8551-8ce2afa075cd}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Fast Video Download: {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AutocompletePro - Your handy search suggestions tool: [email protected] - %profile%\extensions\[email protected]
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
Completion time: 2012-07-18 11:05:57
ComboFix-quarantined-files.txt 2012-07-18 17:05
ComboFix2.txt 2012-07-17 22:46
.
Pre-Run: 429,301,760 bytes free
Post-Run: 407,588,864 bytes free
.
- - End Of File - - 29B50C378471783A674CC6275046FE4B
  • 0

#10
maliprog
Posted 18 July 2012 - 02:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Before we continue can you tell me how is your system now?
  • 0

#11
Lucas Buck
Posted 18 July 2012 - 04:00 PM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Problem solved! So unless you see anything else that needs to be done we can close the book on this one. Thanks!
  • 0

#12
maliprog
Posted 18 July 2012 - 11:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Lucas Buck,

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
Lucas Buck
Posted 19 July 2012 - 10:47 AM

Lucas Buck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Done & Done. Thank you so much for all your help maliprog!!! May your pc's always be trojan free :thumbsup:
  • 0

#14
maliprog
Posted 19 July 2012 - 01:52 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad I could help. Goodbye and stay safe :thumbsup:
  • 0

#15
maliprog
Posted 19 July 2012 - 01:53 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP