ALL the following are on the Windows XP System
Avast scan logs boot-time scan found 100 infections. All sais move to chest but only a fes said action successful
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 04:42:10
-----------------------------
04:42:10.796 OS Version: Windows 5.1.2600 Service Pack 3
04:42:10.796 Number of processors: 1 586 0x207
04:42:10.796 ComputerName: YOUR-6JNHHU0520 UserName: Owner
04:42:12.671 Initialize success
04:45:03.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
04:45:03.500 Disk 0 Vendor: WDC_WD800AB-22CBA1 04.07B04 Size: 76319MB BusType: 3
04:45:03.531 Disk 0 MBR read successfully
04:45:03.531 Disk 0 MBR scan
04:45:03.531 Disk 0 unknown MBR code
04:45:03.531 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5404 MB offset 63
04:45:03.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68357 MB offset 11067840
04:45:03.546 Disk 0 Partition - 00 05 Extended 2554 MB offset 151063920
04:45:03.578 Disk 0 Partition 3 00 83 Linux 2384 MB offset 151063983
04:45:03.578 Disk 0 Partition - 00 05 Extended 169 MB offset 155947680
04:45:03.593 Disk 0 scanning sectors +156295440
04:45:03.687 Disk 0 scanning C:\WINDOWS\system32\drivers
04:45:22.437 Service scanning
04:45:41.312 Modules scanning
04:46:08.296 Scan finished successfully
04:51:59.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
04:51:59.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
ComboFix 12-07-27.03 - Owner 07/27/2012 5:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1453 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\00269AEF.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\0027E5CE
c:\program files\MyWebSearch\bar\Cache\0027ECF2
c:\program files\MyWebSearch\bar\Cache\0027EFE0.bin
c:\program files\MyWebSearch\bar\Cache\0027F426.bin
c:\program files\MyWebSearch\bar\Cache\0027F5DB.bin
c:\program files\MyWebSearch\bar\Cache\0027F781.bin
c:\program files\MyWebSearch\bar\Cache\0027F966.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\ps2.bat
c:\windows\system32\spool\prtprocs\w32x86\dleadrpp.dll
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\lxprint2000.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 09:37 . 2012-07-27 09:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-07-27 09:35 . 2012-07-27 09:35 -------- d-----w- c:\program files\Common Files\Java
2012-07-27 09:33 . 2012-07-27 09:33 -------- d-----w- c:\program files\Oracle
2012-07-27 09:33 . 2012-07-27 09:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle
2012-07-27 09:33 . 2012-07-06 03:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 09:33 . 2012-07-06 03:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-27 09:33 . 2012-07-06 03:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 09:32 . 2012-07-27 09:32 -------- d-----w- c:\program files\Java
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedMaxPc
2012-07-21 18:40 . 2012-07-21 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-07-21 18:12 . 2012-07-21 18:12 596480 ----a-w- c:\documents and settings\OTL.exe
2012-07-21 14:29 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-21 13:57 . 2012-07-21 14:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2010-12-23 01:08 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 23:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2010-12-23 01:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-08-07 01:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-07-31 10:57 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-07-31 10:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2009-07-31 10:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2002-11-13 17:42 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2002-11-13 17:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-07-31 10:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2002-11-13 17:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-11-23 19:47 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-11-23 19:47 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2009-08-07 01:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2010-12-23 01:08 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 22:13 . 2012-02-26 18:40 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-05-16 15:08 . 2010-12-23 01:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2010-12-23 01:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2010-12-23 01:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2010-12-23 01:08 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2010-12-23 01:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-12-23 01:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 548933]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"nwiz"="nwiz.exe" [2002-10-01 372736]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-15 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-17 202256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Owner\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [N/A]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-15 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/26/2012 2:00 PM 89792]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2012 2:00 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2012 2:00 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2012 2:00 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/26/2012 2:01 PM 161664]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/26/2012 1:40 PM 151912]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/26/2012 2:00 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/26/2012 2:00 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/26/2012 2:00 PM 83856]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/26/2012 2:00 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/26/2012 2:00 PM 87656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:38]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:38]
.
2012-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-255153477-86716838-4261351219-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2012-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2636856054-1950875026-1641720859-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2012-02-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-255153477-86716838-4261351219-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-07-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2636856054-1950875026-1641720859-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2012-04-29 c:\windows\Tasks\RegSERVO.job
- c:\program files\RegSERVO\RegSERVO.exe [2010-06-10 08:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
mSearch Bar = hxxp://srch-us7.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us7.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-RegTask - c:\program files\RegTask\RegTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-07-27 05:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\ALCXMNTR.EXE
c:\windows\System32\dlbxcoms.exe
c:\progra~1\mcafee\msc\mcupdmgr.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
.
**************************************************************************
.
Completion time: 2012-07-27 05:38:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 10:37
.
Pre-Run: 20,835,864,576 bytes free
Post-Run: 21,772,423,168 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 56820F0D21B6D97FE08B8D6D82F490D1
08:20:01.0671 0176 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:20:02.0140 0176 ============================================================
08:20:02.0140 0176 Current date / time: 2012/07/27 08:20:02.0140
08:20:02.0140 0176 SystemInfo:
08:20:02.0140 0176
08:20:02.0140 0176 OS Version: 5.1.2600 ServicePack: 3.0
08:20:02.0140 0176 Product type: Workstation
08:20:02.0140 0176 ComputerName: YOUR-6JNHHU0520
08:20:02.0140 0176 UserName: Owner
08:20:02.0140 0176 Windows directory: C:\WINDOWS
08:20:02.0140 0176 System windows directory: C:\WINDOWS
08:20:02.0140 0176 Processor architecture: Intel x86
08:20:02.0140 0176 Number of processors: 1
08:20:02.0140 0176 Page size: 0x1000
08:20:02.0140 0176 Boot type: Normal boot
08:20:02.0140 0176 ============================================================
08:20:05.0593 0176 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
08:20:05.0593 0176 ============================================================
08:20:05.0593 0176 \Device\Harddisk0\DR0:
08:20:05.0593 0176 MBR partitions:
08:20:05.0593 0176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xA8E181
08:20:05.0593 0176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA8E1C0, BlocksNum 0x8582BB0
08:20:05.0625 0176 ============================================================
08:20:05.0687 0176 C: <-> \Device\Harddisk0\DR0\Partition1
08:20:05.0687 0176 D: <-> \Device\Harddisk0\DR0\Partition0
08:20:05.0687 0176 ============================================================
08:20:05.0687 0176 Initialize success
08:20:05.0687 0176 ============================================================
08:20:22.0218 2144 ============================================================
08:20:22.0218 2144 Scan started
08:20:22.0218 2144 Mode: Manual;
08:20:22.0218 2144 ============================================================
08:20:23.0359 2144 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:20:23.0359 2144 Aavmker4 - ok
08:20:23.0390 2144 Abiosdsk - ok
08:20:23.0406 2144 abp480n5 - ok
08:20:23.0453 2144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:20:23.0453 2144 ACPI - ok
08:20:23.0562 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:20:23.0562 2144 ACPIEC - ok
08:20:23.0578 2144 adpu160m - ok
08:20:23.0609 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:20:23.0625 2144 aec - ok
08:20:23.0687 2144 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:20:23.0703 2144 AegisP - ok
08:20:23.0828 2144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:20:23.0859 2144 AFD - ok
08:20:23.0921 2144 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
08:20:23.0953 2144 AFS2K - ok
08:20:23.0968 2144 Aha154x - ok
08:20:23.0984 2144 aic78u2 - ok
08:20:24.0031 2144 aic78xx - ok
08:20:24.0984 2144 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:20:25.0109 2144 ALCXWDM - ok
08:20:25.0296 2144 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:20:25.0296 2144 Alerter - ok
08:20:25.0343 2144 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:20:25.0343 2144 ALG - ok
08:20:25.0406 2144 AliIde - ok
08:20:25.0484 2144 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
08:20:25.0484 2144 AmdK7 - ok
08:20:25.0500 2144 amsint - ok
08:20:25.0531 2144 AppMgmt - ok
08:20:25.0609 2144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:20:25.0609 2144 Arp1394 - ok
08:20:25.0625 2144 asc - ok
08:20:25.0656 2144 asc3350p - ok
08:20:25.0671 2144 asc3550 - ok
08:20:25.0828 2144 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:20:25.0890 2144 aspnet_state - ok
08:20:25.0937 2144 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:20:25.0937 2144 aswFsBlk - ok
08:20:26.0000 2144 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
08:20:26.0000 2144 aswMon2 - ok
08:20:26.0031 2144 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
08:20:26.0031 2144 AswRdr - ok
08:20:26.0140 2144 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
08:20:26.0171 2144 aswSnx - ok
08:20:26.0234 2144 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
08:20:26.0265 2144 aswSP - ok
08:20:26.0312 2144 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
08:20:26.0312 2144 aswTdi - ok
08:20:26.0359 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:20:26.0375 2144 AsyncMac - ok
08:20:26.0406 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:20:26.0421 2144 atapi - ok
08:20:26.0437 2144 Atdisk - ok
08:20:26.0468 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:20:26.0484 2144 Atmarpc - ok
08:20:26.0531 2144 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:20:26.0546 2144 AudioSrv - ok
08:20:26.0593 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:20:26.0593 2144 audstub - ok
08:20:26.0687 2144 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:20:26.0703 2144 avast! Antivirus - ok
08:20:26.0750 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:20:26.0750 2144 Beep - ok
08:20:26.0812 2144 Belkin Wireless USB Network Adapter Service (ee684c735b6d1d07498a1ec2ea1ae483) C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
08:20:26.0812 2144 Belkin Wireless USB Network Adapter Service - ok
08:20:26.0906 2144 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:20:27.0062 2144 BITS - ok
08:20:27.0125 2144 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:20:27.0140 2144 Browser - ok
08:20:27.0234 2144 catchme - ok
08:20:27.0281 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:20:27.0281 2144 cbidf2k - ok
08:20:27.0312 2144 cd20xrnt - ok
08:20:27.0343 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:20:27.0343 2144 Cdaudio - ok
08:20:27.0390 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:20:27.0406 2144 Cdfs - ok
08:20:27.0437 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:20:27.0437 2144 Cdrom - ok
08:20:27.0468 2144 Changer - ok
08:20:27.0500 2144 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:20:27.0500 2144 CiSvc - ok
08:20:27.0546 2144 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:20:27.0546 2144 ClipSrv - ok
08:20:27.0687 2144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:27.0765 2144 clr_optimization_v2.0.50727_32 - ok
08:20:27.0843 2144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:20:27.0843 2144 clr_optimization_v4.0.30319_32 - ok
08:20:27.0875 2144 CmdIde - ok
08:20:27.0890 2144 COMSysApp - ok
08:20:27.0937 2144 Cpqarray - ok
08:20:28.0000 2144 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:20:28.0000 2144 CryptSvc - ok
08:20:28.0031 2144 dac2w2k - ok
08:20:28.0046 2144 dac960nt - ok
08:20:28.0156 2144 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:20:28.0171 2144 DcomLaunch - ok
08:20:28.0250 2144 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:20:28.0250 2144 Dhcp - ok
08:20:28.0328 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:20:28.0328 2144 Disk - ok
08:20:28.0343 2144 dlbx_device - ok
08:20:28.0359 2144 dmadmin - ok
08:20:28.0468 2144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:20:28.0500 2144 dmboot - ok
08:20:28.0546 2144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:20:28.0546 2144 dmio - ok
08:20:28.0609 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:20:28.0609 2144 dmload - ok
08:20:28.0656 2144 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:20:28.0656 2144 dmserver - ok
08:20:28.0703 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:20:28.0703 2144 DMusic - ok
08:20:28.0750 2144 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:20:28.0750 2144 Dnscache - ok
08:20:28.0812 2144 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:20:28.0812 2144 Dot3svc - ok
08:20:28.0843 2144 dpti2o - ok
08:20:28.0875 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:20:28.0875 2144 drmkaud - ok
08:20:28.0937 2144 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
08:20:28.0937 2144 drvmcdb - ok
08:20:28.0968 2144 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:20:28.0968 2144 EapHost - ok
08:20:29.0031 2144 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:20:29.0031 2144 ERSvc - ok
08:20:29.0078 2144 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:29.0078 2144 Eventlog - ok
08:20:29.0140 2144 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
08:20:29.0156 2144 EventSystem - ok
08:20:29.0218 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:20:29.0234 2144 Fastfat - ok
08:20:29.0281 2144 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:29.0281 2144 FastUserSwitchingCompatibility - ok
08:20:29.0359 2144 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:20:29.0375 2144 Fax - ok
08:20:29.0406 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:20:29.0406 2144 Fdc - ok
08:20:29.0437 2144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:20:29.0437 2144 Fips - ok
08:20:29.0500 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:20:29.0500 2144 Flpydisk - ok
08:20:29.0562 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:20:29.0578 2144 FltMgr - ok
08:20:29.0656 2144 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:20:29.0656 2144 FontCache3.0.0.0 - ok
08:20:29.0718 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:20:29.0718 2144 Fs_Rec - ok
08:20:29.0750 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:20:29.0750 2144 Ftdisk - ok
08:20:29.0796 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:20:29.0796 2144 Gpc - ok
08:20:29.0859 2144 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:20:29.0859 2144 helpsvc - ok
08:20:29.0890 2144 HidServ - ok
08:20:29.0921 2144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:20:29.0921 2144 HidUsb - ok
08:20:29.0968 2144 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:20:29.0968 2144 hkmsvc - ok
08:20:30.0000 2144 hpn - ok
08:20:30.0078 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:20:30.0093 2144 HTTP - ok
08:20:30.0156 2144 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:20:30.0171 2144 HTTPFilter - ok
08:20:30.0203 2144 i2omgmt - ok
08:20:30.0218 2144 i2omp - ok
08:20:30.0265 2144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:20:30.0265 2144 i8042prt - ok
08:20:30.0375 2144 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:20:30.0375 2144 ialm - ok
08:20:30.0593 2144 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:20:30.0625 2144 idsvc - ok
08:20:30.0828 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:20:30.0828 2144 Imapi - ok
08:20:30.0937 2144 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:20:30.0937 2144 ImapiService - ok
08:20:30.0968 2144 ini910u - ok
08:20:31.0015 2144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:20:31.0062 2144 IntelIde - ok
08:20:31.0203 2144 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:20:31.0234 2144 IntuitUpdateService - ok
08:20:31.0343 2144 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:20:31.0343 2144 IntuitUpdateServiceV4 - ok
08:20:31.0437 2144 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:20:31.0437 2144 ip6fw - ok
08:20:31.0484 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:20:31.0500 2144 IpFilterDriver - ok
08:20:31.0562 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:20:31.0562 2144 IpInIp - ok
08:20:31.0656 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:20:31.0656 2144 IpNat - ok
08:20:31.0734 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:20:31.0765 2144 IPSec - ok
08:20:31.0796 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:20:31.0796 2144 IRENUM - ok
08:20:31.0890 2144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:20:31.0890 2144 isapnp - ok
08:20:32.0000 2144 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:20:32.0000 2144 JavaQuickStarterService - ok
08:20:32.0062 2144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:20:32.0062 2144 Kbdclass - ok
08:20:32.0140 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:20:32.0156 2144 kmixer - ok
08:20:32.0203 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:20:32.0203 2144 KSecDD - ok
08:20:32.0250 2144 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:20:32.0265 2144 lanmanserver - ok
08:20:32.0312 2144 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:20:32.0359 2144 lanmanworkstation - ok
08:20:32.0390 2144 lbrtfdc - ok
08:20:32.0453 2144 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:20:32.0453 2144 LmHosts - ok
08:20:32.0578 2144 ltmodem5 (6f9ed0bf94350f51dd73b96ecf7843c3) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
08:20:32.0609 2144 ltmodem5 - ok
08:20:32.0656 2144 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:20:32.0656 2144 Messenger - ok
08:20:32.0703 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:20:32.0718 2144 mnmdd - ok
08:20:32.0765 2144 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
08:20:32.0765 2144 mnmsrvc - ok
08:20:32.0812 2144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:20:32.0812 2144 Modem - ok
08:20:32.0828 2144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:20:32.0828 2144 Mouclass - ok
08:20:32.0859 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:20:32.0875 2144 MountMgr - ok
08:20:32.0875 2144 mraid35x - ok
08:20:32.0937 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:20:32.0937 2144 MRxDAV - ok
08:20:33.0015 2144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:20:33.0046 2144 MRxSmb - ok
08:20:33.0093 2144 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
08:20:33.0093 2144 MSDTC - ok
08:20:33.0140 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:20:33.0156 2144 Msfs - ok
08:20:33.0171 2144 MSIServer - ok
08:20:33.0218 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:20:33.0218 2144 MSKSSRV - ok
08:20:33.0250 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:20:33.0250 2144 MSPCLOCK - ok
08:20:33.0281 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:20:33.0281 2144 MSPQM - ok
08:20:33.0328 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:20:33.0343 2144 mssmbios - ok
08:20:33.0390 2144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:20:33.0390 2144 Mup - ok
08:20:33.0453 2144 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
08:20:33.0453 2144 MxlW2k - ok
08:20:33.0515 2144 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:20:33.0546 2144 napagent - ok
08:20:33.0593 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:20:33.0609 2144 NDIS - ok
08:20:33.0656 2144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:20:33.0671 2144 NdisTapi - ok
08:20:33.0703 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:20:33.0703 2144 Ndisuio - ok
08:20:33.0734 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:20:33.0734 2144 NdisWan - ok
08:20:33.0781 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:20:33.0781 2144 NDProxy - ok
08:20:33.0812 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:20:33.0828 2144 NetBIOS - ok
08:20:33.0859 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:20:33.0859 2144 NetBT - ok
08:20:33.0921 2144 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:33.0921 2144 NetDDE - ok
08:20:33.0953 2144 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:33.0953 2144 NetDDEdsdm - ok
08:20:34.0000 2144 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:34.0000 2144 Netlogon - ok
08:20:34.0046 2144 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:20:34.0046 2144 Netman - ok
08:20:34.0156 2144 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:20:34.0171 2144 NetTcpPortSharing - ok
08:20:34.0203 2144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:20:34.0218 2144 NIC1394 - ok
08:20:34.0281 2144 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:20:34.0296 2144 Nla - ok
08:20:34.0343 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:20:34.0343 2144 Npfs - ok
08:20:34.0421 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:20:34.0437 2144 Ntfs - ok
08:20:34.0500 2144 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:20:34.0500 2144 NtLmSsp - ok
08:20:34.0609 2144 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:20:34.0640 2144 NtmsSvc - ok
08:20:34.0703 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:20:34.0703 2144 Null - ok
08:20:34.0906 2144 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:20:35.0000 2144 nv - ok
08:20:35.0171 2144 NVSvc (ff73ccf924226c1e4d4af8f34cf2d1f3) C:\WINDOWS\System32\nvsvc32.exe
08:20:35.0171 2144 NVSvc - ok
08:20:35.0250 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:20:35.0250 2144 NwlnkFlt - ok
08:20:35.0296 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:20:35.0312 2144 NwlnkFwd - ok
08:20:35.0375 2144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:20:35.0375 2144 ohci1394 - ok
08:20:35.0437 2144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:20:35.0437 2144 Parport - ok
08:20:35.0453 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:20:35.0468 2144 PartMgr - ok
08:20:35.0515 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:20:35.0515 2144 ParVdm - ok
08:20:35.0562 2144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:20:35.0562 2144 PCI - ok
08:20:35.0578 2144 PCIDump - ok
08:20:35.0640 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
08:20:35.0640 2144 PCIIde - ok
08:20:35.0687 2144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:20:35.0687 2144 Pcmcia - ok
08:20:35.0718 2144 PDCOMP - ok
08:20:35.0734 2144 PDFRAME - ok
08:20:35.0750 2144 PDRELI - ok
08:20:35.0781 2144 PDRFRAME - ok
08:20:35.0812 2144 perc2 - ok
08:20:35.0828 2144 perc2hib - ok
08:20:35.0921 2144 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
08:20:35.0921 2144 pfc - ok
08:20:35.0968 2144 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:35.0968 2144 PlugPlay - ok
08:20:36.0015 2144 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:36.0015 2144 PolicyAgent - ok
08:20:36.0062 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:20:36.0062 2144 PptpMiniport - ok
08:20:36.0093 2144 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:20:36.0109 2144 Processor - ok
08:20:36.0125 2144 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:36.0125 2144 ProtectedStorage - ok
08:20:36.0187 2144 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
08:20:36.0187 2144 Ps2 - ok
08:20:36.0234 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:20:36.0234 2144 PSched - ok
08:20:36.0281 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:20:36.0281 2144 Ptilink - ok
08:20:36.0343 2144 PxHelp20 (73590a3732035a09b125d208a72be73a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
08:20:36.0343 2144 PxHelp20 - ok
08:20:36.0359 2144 ql1080 - ok
08:20:36.0390 2144 Ql10wnt - ok
08:20:36.0421 2144 ql12160 - ok
08:20:36.0437 2144 ql1240 - ok
08:20:36.0468 2144 ql1280 - ok
08:20:36.0500 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:20:36.0500 2144 RasAcd - ok
08:20:36.0562 2144 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:20:36.0562 2144 RasAuto - ok
08:20:36.0593 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:20:36.0609 2144 Rasl2tp - ok
08:20:36.0656 2144 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:20:36.0671 2144 RasMan - ok
08:20:36.0703 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:20:36.0703 2144 RasPppoe - ok
08:20:36.0750 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:20:36.0750 2144 Raspti - ok
08:20:36.0781 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:20:36.0796 2144 Rdbss - ok
08:20:36.0828 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:20:36.0828 2144 RDPCDD - ok
08:20:36.0906 2144 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:20:36.0921 2144 RDPWD - ok
08:20:36.0968 2144 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:20:36.0968 2144 RDSessMgr - ok
08:20:37.0031 2144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:20:37.0031 2144 redbook - ok
08:20:37.0093 2144 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:20:37.0093 2144 RemoteAccess - ok
08:20:37.0125 2144 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
08:20:37.0140 2144 RpcLocator - ok
08:20:37.0234 2144 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:20:37.0250 2144 RpcSs - ok
08:20:37.0296 2144 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
08:20:37.0312 2144 RSVP - ok
08:20:37.0390 2144 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
08:20:37.0406 2144 RT73 - ok
08:20:37.0468 2144 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:20:37.0468 2144 rtl8139 - ok
08:20:37.0531 2144 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
08:20:37.0531 2144 S3Psddr - ok
08:20:37.0593 2144 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:37.0593 2144 SamSs - ok
08:20:37.0656 2144 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:20:37.0671 2144 SCardSvr - ok
08:20:37.0718 2144 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:20:37.0734 2144 Schedule - ok
08:20:37.0796 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:20:37.0796 2144 Secdrv - ok
08:20:37.0843 2144 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:20:37.0859 2144 seclogon - ok
08:20:37.0890 2144 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:20:37.0890 2144 SENS - ok
08:20:37.0937 2144 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:20:37.0937 2144 Serenum - ok
08:20:38.0031 2144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:20:38.0031 2144 Serial - ok
08:20:38.0156 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:20:38.0156 2144 Sfloppy - ok
08:20:38.0359 2144 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:20:38.0375 2144 SharedAccess - ok
08:20:38.0484 2144 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:38.0484 2144 ShellHWDetection - ok
08:20:38.0500 2144 Simbad - ok
08:20:38.0578 2144 SISAGP (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
08:20:38.0578 2144 SISAGP - ok
08:20:38.0671 2144 Sparrow - ok
08:20:38.0765 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:20:38.0812 2144 splitter - ok
08:20:38.0890 2144 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:20:38.0890 2144 Spooler - ok
08:20:38.0968 2144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:20:38.0968 2144 sr - ok
08:20:39.0078 2144 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:20:39.0078 2144 srservice - ok
08:20:39.0187 2144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:20:39.0218 2144 Srv - ok
08:20:39.0281 2144 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:20:39.0296 2144 SSDPSRV - ok
08:20:39.0375 2144 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:20:39.0390 2144 stisvc - ok
08:20:39.0421 2144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:20:39.0421 2144 swenum - ok
08:20:39.0468 2144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:20:39.0468 2144 swmidi - ok
08:20:39.0500 2144 SwPrv - ok
08:20:39.0546 2144 symc810 - ok
08:20:39.0562 2144 symc8xx - ok
08:20:39.0593 2144 sym_hi - ok
08:20:39.0609 2144 sym_u3 - ok
08:20:39.0656 2144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:20:39.0656 2144 sysaudio - ok
08:20:39.0703 2144 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:20:39.0718 2144 SysmonLog - ok
08:20:39.0796 2144 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:20:39.0812 2144 TapiSrv - ok
08:20:39.0890 2144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:20:39.0906 2144 Tcpip - ok
08:20:39.0953 2144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:20:39.0953 2144 TDPIPE - ok
08:20:39.0984 2144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:20:39.0984 2144 TDTCP - ok
08:20:40.0015 2144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:20:40.0015 2144 TermDD - ok
08:20:40.0093 2144 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:20:40.0109 2144 TermService - ok
08:20:40.0156 2144 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:40.0171 2144 Themes - ok
08:20:40.0203 2144 TosIde - ok
08:20:40.0250 2144 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:20:40.0265 2144 TrkWks - ok
08:20:40.0312 2144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:20:40.0312 2144 Udfs - ok
08:20:40.0343 2144 ultra - ok
08:20:40.0421 2144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:20:40.0437 2144 Update - ok
08:20:40.0500 2144 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:20:40.0515 2144 upnphost - ok
08:20:40.0546 2144 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:20:40.0546 2144 UPS - ok
08:20:40.0609 2144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:20:40.0625 2144 usbccgp - ok
08:20:40.0656 2144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:20:40.0656 2144 usbehci - ok
08:20:40.0687 2144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:20:40.0687 2144 usbhub - ok
08:20:40.0734 2144 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:20:40.0734 2144 usbohci - ok
08:20:40.0765 2144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:20:40.0765 2144 usbprint - ok
08:20:40.0828 2144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:20:40.0828 2144 usbscan - ok
08:20:40.0859 2144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:20:40.0859 2144 USBSTOR - ok
08:20:40.0890 2144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:20:40.0890 2144 usbuhci - ok
08:20:40.0921 2144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:20:40.0921 2144 VgaSave - ok
08:20:40.0968 2144 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
08:20:40.0984 2144 viaagp1 - ok
08:20:41.0031 2144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
08:20:41.0031 2144 ViaIde - ok
08:20:41.0062 2144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:20:41.0062 2144 VolSnap - ok
08:20:41.0171 2144 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:20:41.0203 2144 VSS - ok
08:20:41.0281 2144 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:20:41.0296 2144 W32Time - ok
08:20:41.0328 2144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:20:41.0328 2144 Wanarp - ok
08:20:41.0359 2144 WDICA - ok
08:20:41.0390 2144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:20:41.0390 2144 wdmaud - ok
08:20:41.0421 2144 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:20:41.0437 2144 WebClient - ok
08:20:41.0515 2144 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:20:41.0515 2144 winmgmt - ok
08:20:41.0593 2144 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
08:20:41.0609 2144 WmdmPmSN - ok
08:20:41.0671 2144 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:20:41.0671 2144 WmiApSrv - ok
08:20:41.0843 2144 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:20:41.0875 2144 WMPNetworkSvc - ok
08:20:42.0093 2144 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:20:42.0125 2144 WPFFontCache_v0400 - ok
08:20:42.0328 2144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:20:42.0328 2144 WS2IFSL - ok
08:20:42.0421 2144 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:20:42.0421 2144 wscsvc - ok
08:20:42.0453 2144 WSearch - ok
08:20:42.0500 2144 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:20:42.0515 2144 wuauserv - ok
08:20:42.0546 2144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:20:42.0562 2144 WudfPf - ok
08:20:42.0593 2144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:20:42.0593 2144 WudfRd - ok
08:20:42.0640 2144 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:20:42.0656 2144 WudfSvc - ok
08:20:42.0750 2144 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:20:42.0781 2144 WZCSVC - ok
08:20:42.0828 2144 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:20:42.0843 2144 xmlprov - ok
08:20:42.0906 2144 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
08:20:42.0906 2144 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
08:20:42.0968 2144 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
08:20:42.0968 2144 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
08:20:43.0000 2144 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
08:20:43.0062 2144 \Device\Harddisk0\DR0 - ok
08:20:43.0078 2144 Boot (0x1200) (7aaf026735f53ec5a6474b482232e8a5) \Device\Harddisk0\DR0\Partition0
08:20:43.0078 2144 \Device\Harddisk0\DR0\Partition0 - ok
08:20:43.0093 2144 Boot (0x1200) (9cdd1c346ee4ff4e5a4c3be867bb3d4a) \Device\Harddisk0\DR0\Partition1
08:20:43.0093 2144 \Device\Harddisk0\DR0\Partition1 - ok
08:20:43.0109 2144 ============================================================
08:20:43.0109 2144 Scan finished
08:20:43.0109 2144 ============================================================
08:20:43.0125 4076 Detected object count: 0
08:20:43.0125 4076 Actual detected object count: 0
08:21:19.0140 0392 ============================================================
08:21:19.0140 0392 Scan started
08:21:19.0140 0392 Mode: Manual; SigCheck; TDLFS;
08:21:19.0140 0392 ============================================================
08:21:19.0484 0392 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:21:19.0796 0392 Aavmker4 - ok
08:21:19.0812 0392 Abiosdsk - ok
08:21:19.0828 0392 abp480n5 - ok
08:21:19.0875 0392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:21:21.0921 0392 ACPI - ok
08:21:21.0968 0392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:21:22.0187 0392 ACPIEC - ok
08:21:22.0218 0392 adpu160m - ok
08:21:22.0265 0392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:21:22.0531 0392 aec - ok
08:21:22.0593 0392 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:21:22.0609 0392 AegisP ( UnsignedFile.Multi.Generic ) - warning
08:21:22.0609 0392 AegisP - detected UnsignedFile.Multi.Generic (1)
08:21:22.0656 0392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:21:22.0718 0392 AFD - ok
08:21:22.0781 0392 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
08:21:22.0828 0392 AFS2K - ok
08:21:22.0843 0392 Aha154x - ok
08:21:22.0859 0392 aic78u2 - ok
08:21:22.0890 0392 aic78xx - ok
08:21:23.0140 0392 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:21:23.0328 0392 ALCXWDM - ok
08:21:23.0531 0392 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:21:23.0796 0392 Alerter - ok
08:21:23.0828 0392 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:21:23.0953 0392 ALG - ok
08:21:24.0000 0392 AliIde - ok
08:21:24.0046 0392 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
08:21:24.0328 0392 AmdK7 - ok
08:21:24.0343 0392 amsint - ok
08:21:24.0375 0392 AppMgmt - ok
08:21:24.0421 0392 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:21:24.0703 0392 Arp1394 - ok
08:21:24.0718 0392 asc - ok
08:21:24.0734 0392 asc3350p - ok
08:21:24.0765 0392 asc3550 - ok
08:21:24.0890 0392 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:21:24.0921 0392 aspnet_state - ok
08:21:24.0968 0392 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:21:24.0984 0392 aswFsBlk - ok
08:21:25.0046 0392 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
08:21:25.0078 0392 aswMon2 - ok
08:21:25.0125 0392 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
08:21:25.0140 0392 AswRdr - ok
08:21:25.0250 0392 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
08:21:25.0296 0392 aswSnx - ok
08:21:25.0375 0392 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
08:21:25.0421 0392 aswSP - ok
08:21:25.0468 0392 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
08:21:25.0500 0392 aswTdi - ok
08:21:25.0562 0392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:21:25.0828 0392 AsyncMac - ok
08:21:25.0875 0392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:21:26.0171 0392 atapi - ok
08:21:26.0203 0392 Atdisk - ok
08:21:26.0234 0392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:21:26.0515 0392 Atmarpc - ok
08:21:26.0562 0392 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:21:26.0859 0392 AudioSrv - ok
08:21:26.0906 0392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:21:27.0156 0392 audstub - ok
08:21:27.0281 0392 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:21:27.0515 0392 avast! Antivirus - ok
08:21:27.0593 0392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:21:28.0562 0392 Beep - ok
08:21:28.0625 0392 Belkin Wireless USB Network Adapter Service (ee684c735b6d1d07498a1ec2ea1ae483) C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
08:21:28.0640 0392 Belkin Wireless USB Network Adapter Service ( UnsignedFile.Multi.Generic ) - warning
08:21:28.0640 0392 Belkin Wireless USB Network Adapter Service - detected UnsignedFile.Multi.Generic (1)
08:21:28.0718 0392 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:21:29.0062 0392 BITS - ok
08:21:29.0109 0392 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:21:29.0375 0392 Browser - ok
08:21:29.0515 0392 catchme - ok
08:21:29.0562 0392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:21:29.0843 0392 cbidf2k - ok
08:21:29.0859 0392 cd20xrnt - ok
08:21:29.0906 0392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:21:30.0203 0392 Cdaudio - ok
08:21:30.0250 0392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:21:30.0593 0392 Cdfs - ok
08:21:30.0625 0392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:21:30.0921 0392 Cdrom - ok
08:21:30.0937 0392 Changer - ok
08:21:30.0984 0392 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:21:31.0281 0392 CiSvc - ok
08:21:31.0312 0392 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:21:31.0656 0392 ClipSrv - ok
08:21:31.0765 0392 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:21:31.0796 0392 clr_optimization_v2.0.50727_32 - ok
08:21:31.0890 0392 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:21:31.0921 0392 clr_optimization_v4.0.30319_32 - ok
08:21:31.0937 0392 CmdIde - ok
08:21:31.0953 0392 COMSysApp - ok
08:21:32.0000 0392 Cpqarray - ok
08:21:32.0031 0392 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:21:32.0343 0392 CryptSvc - ok
08:21:32.0375 0392 dac2w2k - ok
08:21:32.0390 0392 dac960nt - ok
08:21:32.0468 0392 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:21:32.0593 0392 DcomLaunch - ok
08:21:32.0640 0392 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:21:32.0906 0392 Dhcp - ok
08:21:32.0937 0392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:21:33.0234 0392 Disk - ok
08:21:33.0250 0392 dlbx_device - ok
08:21:33.0296 0392 dmadmin - ok
08:21:33.0390 0392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:21:33.0718 0392 dmboot - ok
08:21:33.0765 0392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:21:34.0093 0392 dmio - ok
08:21:34.0140 0392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:21:34.0406 0392 dmload - ok
08:21:34.0453 0392 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:21:35.0375 0392 dmserver - ok
08:21:35.0421 0392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:21:35.0984 0392 DMusic - ok
08:21:36.0015 0392 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:21:36.0156 0392 Dnscache - ok
08:21:36.0187 0392 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:21:36.0484 0392 Dot3svc - ok
08:21:36.0500 0392 dpti2o - ok
08:21:36.0531 0392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:21:36.0812 0392 drmkaud - ok
08:21:36.0859 0392 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
08:21:36.0875 0392 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
08:21:36.0875 0392 drvmcdb - detected UnsignedFile.Multi.Generic (1)
08:21:36.0921 0392 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:21:37.0234 0392 EapHost - ok
08:21:37.0265 0392 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:21:37.0531 0392 ERSvc - ok
08:21:37.0609 0392 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:21:37.0687 0392 Eventlog - ok
08:21:37.0750 0392 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
08:21:37.0796 0392 EventSystem - ok
08:21:37.0843 0392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:21:38.0171 0392 Fastfat - ok
08:21:38.0218 0392 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:21:38.0281 0392 FastUserSwitchingCompatibility - ok
08:21:38.0343 0392 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:21:38.0656 0392 Fax - ok
08:21:38.0687 0392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:21:38.0968 0392 Fdc - ok
08:21:39.0000 0392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:21:39.0281 0392 Fips - ok
08:21:39.0328 0392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:21:39.0593 0392 Flpydisk - ok
08:21:39.0656 0392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:21:39.0968 0392 FltMgr - ok
08:21:40.0078 0392 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:21:40.0109 0392 FontCache3.0.0.0 - ok
08:21:40.0140 0392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:21:40.0421 0392 Fs_Rec - ok
08:21:40.0468 0392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:21:40.0781 0392 Ftdisk - ok
08:21:40.0843 0392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:21:41.0109 0392 Gpc - ok
08:21:41.0171 0392 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:21:41.0453 0392 helpsvc - ok
08:21:41.0484 0392 HidServ - ok
08:21:41.0515 0392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:21:42.0015 0392 HidUsb - ok
08:21:42.0046 0392 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:21:43.0015 0392 hkmsvc - ok
08:21:43.0062 0392 hpn - ok
08:21:43.0109 0392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:21:43.0156 0392 HTTP - ok
08:21:43.0203 0392 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:21:43.0484 0392 HTTPFilter - ok
08:21:43.0500 0392 i2omgmt - ok
08:21:43.0531 0392 i2omp - ok
08:21:43.0578 0392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:21:43.0890 0392 i8042prt - ok
08:21:43.0968 0392 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:21:44.0062 0392 ialm - ok
08:21:44.0234 0392 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:21:44.0296 0392 idsvc - ok
08:21:44.0453 0392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:21:44.0734 0392 Imapi - ok
08:21:44.0781 0392 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:21:45.0109 0392 ImapiService - ok
08:21:45.0140 0392 ini910u - ok
08:21:45.0187 0392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:21:45.0453 0392 IntelIde - ok
08:21:45.0546 0392 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:21:45.0578 0392 IntuitUpdateService - ok
08:21:45.0640 0392 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:21:45.0656 0392 IntuitUpdateServiceV4 - ok
08:21:45.0703 0392 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:21:45.0984 0392 ip6fw - ok
08:21:46.0031 0392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:21:46.0343 0392 IpFilterDriver - ok
08:21:46.0375 0392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:21:46.0640 0392 IpInIp - ok
08:21:46.0687 0392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:21:47.0000 0392 IpNat - ok
08:21:47.0031 0392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:21:47.0312 0392 IPSec - ok
08:21:47.0343 0392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:21:47.0437 0392 IRENUM - ok
08:21:47.0484 0392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:21:47.0750 0392 isapnp - ok
08:21:47.0828 0392 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:21:47.0875 0392 JavaQuickStarterService - ok
08:21:47.0890 0392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:21:48.0171 0392 Kbdclass - ok
08:21:48.0234 0392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:21:48.0531 0392 kmixer - ok
08:21:48.0578 0392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:21:48.0640 0392 KSecDD - ok
08:21:48.0671 0392 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:21:48.0875 0392 lanmanserver - ok
08:21:48.0953 0392 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:21:49.0390 0392 lanmanworkstation - ok
08:21:49.0390 0392 lbrtfdc - ok
08:21:49.0531 0392 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:21:50.0203 0392 LmHosts - ok
08:21:50.0296 0392 ltmodem5 (6f9ed0bf94350f51dd73b96ecf7843c3) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
08:21:50.0359 0392 ltmodem5 ( UnsignedFile.Multi.Generic ) - warning
08:21:50.0359 0392 ltmodem5 - detected UnsignedFile.Multi.Generic (1)
08:21:50.0406 0392 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:21:50.0718 0392 Messenger - ok
08:21:50.0750 0392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:21:51.0000 0392 mnmdd - ok
08:21:51.0031 0392 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
08:21:51.0328 0392 mnmsrvc - ok
08:21:51.0359 0392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:21:51.0718 0392 Modem - ok
08:21:51.0734 0392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:21:52.0031 0392 Mouclass - ok
08:21:52.0062 0392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:21:52.0343 0392 MountMgr - ok
08:21:52.0359 0392 mraid35x - ok
08:21:52.0390 0392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:21:52.0703 0392 MRxDAV - ok
08:21:52.0781 0392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:21:52.0859 0392 MRxSmb - ok
08:21:52.0906 0392 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
08:21:53.0140 0392 MSDTC - ok
08:21:53.0187 0392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:21:53.0484 0392 Msfs - ok
08:21:53.0515 0392 MSIServer - ok
08:21:53.0546 0392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:21:53.0828 0392 MSKSSRV - ok
08:21:53.0859 0392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:21:54.0140 0392 MSPCLOCK - ok
08:21:54.0171 0392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:21:54.0453 0392 MSPQM - ok
08:21:54.0500 0392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:21:54.0781 0392 mssmbios - ok
08:21:54.0828 0392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:21:54.0890 0392 Mup - ok
08:21:54.0921 0392 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
08:21:54.0953 0392 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
08:21:54.0953 0392 MxlW2k - detected UnsignedFile.Multi.Generic (1)
08:21:55.0000 0392 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:21:55.0281 0392 napagent - ok
08:21:55.0343 0392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:21:55.0671 0392 NDIS - ok
08:21:55.0734 0392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:21:55.0906 0392 NdisTapi - ok
08:21:55.0937 0392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:21:56.0796 0392 Ndisuio - ok
08:21:56.0875 0392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:21:57.0296 0392 NdisWan - ok
08:21:57.0328 0392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:21:57.0390 0392 NDProxy - ok
08:21:57.0421 0392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:21:57.0671 0392 NetBIOS - ok
08:21:57.0718 0392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:21:58.0046 0392 NetBT - ok
08:21:58.0109 0392 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:21:58.0406 0392 NetDDE - ok
08:21:58.0421 0392 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:21:58.0734 0392 NetDDEdsdm - ok
08:21:58.0765 0392 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:21:59.0015 0392 Netlogon - ok
08:21:59.0062 0392 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:21:59.0390 0392 Netman - ok
08:21:59.0468 0392 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:21:59.0500 0392 NetTcpPortSharing - ok
08:21:59.0531 0392 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:21:59.0812 0392 NIC1394 - ok
08:21:59.0890 0392 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:21:59.0968 0392 Nla - ok
08:22:00.0031 0392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:22:00.0281 0392 Npfs - ok
08:22:00.0359 0392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:22:00.0656 0392 Ntfs - ok
08:22:00.0703 0392 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:22:00.0968 0392 NtLmSsp - ok
08:22:01.0078 0392 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:22:01.0406 0392 NtmsSvc - ok
08:22:01.0453 0392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:22:01.0765 0392 Null - ok
08:22:01.0968 0392 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:22:02.0218 0392 nv - ok
08:22:02.0390 0392 NVSvc (ff73ccf924226c1e4d4af8f34cf2d1f3) C:\WINDOWS\System32\nvsvc32.exe
08:22:02.0421 0392 NVSvc ( UnsignedFile.Multi.Generic ) - warning
08:22:02.0421 0392 NVSvc - detected UnsignedFile.Multi.Generic (1)
08:22:02.0484 0392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:22:02.0765 0392 NwlnkFlt - ok
08:22:02.0796 0392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:22:03.0625 0392 NwlnkFwd - ok
08:22:03.0734 0392 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:22:04.0390 0392 ohci1394 - ok
08:22:04.0437 0392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:22:04.0703 0392 Parport - ok
08:22:04.0734 0392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:22:05.0000 0392 PartMgr - ok
08:22:05.0046 0392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:22:05.0312 0392 ParVdm - ok
08:22:05.0359 0392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:22:05.0687 0392 PCI - ok
08:22:05.0703 0392 PCIDump - ok
08:22:05.0750 0392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
08:22:06.0062 0392 PCIIde - ok
08:22:06.0125 0392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:22:06.0468 0392 Pcmcia - ok
08:22:06.0484 0392 PDCOMP - ok
08:22:06.0515 0392 PDFRAME - ok
08:22:06.0531 0392 PDRELI - ok
08:22:06.0562 0392 PDRFRAME - ok
08:22:06.0578 0392 perc2 - ok
08:22:06.0609 0392 perc2hib - ok
08:22:06.0671 0392 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
08:22:06.0703 0392 pfc ( UnsignedFile.Multi.Generic ) - warning
08:22:06.0703 0392 pfc - detected UnsignedFile.Multi.Generic (1)
08:22:06.0765 0392 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:22:06.0890 0392 PlugPlay - ok
08:22:06.0921 0392 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:22:07.0156 0392 PolicyAgent - ok
08:22:07.0218 0392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:22:07.0500 0392 PptpMiniport - ok
08:22:07.0531 0392 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:22:07.0812 0392 Processor - ok
08:22:07.0828 0392 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:22:08.0093 0392 ProtectedStorage - ok
08:22:08.0140 0392 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
08:22:08.0187 0392 Ps2 - ok
08:22:08.0218 0392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:22:08.0484 0392 PSched - ok
08:22:08.0515 0392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:22:08.0781 0392 Ptilink - ok
08:22:08.0828 0392 PxHelp20 (73590a3732035a09b125d208a72be73a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
08:22:08.0843 0392 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
08:22:08.0843 0392 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
08:22:08.0859 0392 ql1080 - ok
08:22:08.0890 0392 Ql10wnt - ok
08:22:08.0921 0392 ql12160 - ok
08:22:08.0953 0392 ql1240 - ok
08:22:08.0968 0392 ql1280 - ok
08:22:09.0000 0392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:22:09.0250 0392 RasAcd - ok
08:22:09.0312 0392 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:22:09.0609 0392 RasAuto - ok
08:22:09.0656 0392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:22:09.0937 0392 Rasl2tp - ok
08:22:10.0078 0392 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:22:11.0031 0392 RasMan - ok
08:22:11.0078 0392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:22:11.0531 0392 RasPppoe - ok
08:22:11.0578 0392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:22:12.0062 0392 Raspti - ok
08:22:12.0109 0392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:22:12.0359 0392 Rdbss - ok
08:22:12.0390 0392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:22:12.0640 0392 RDPCDD - ok
08:22:12.0718 0392 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:22:12.0781 0392 RDPWD - ok
08:22:12.0859 0392 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:22:13.0140 0392 RDSessMgr - ok
08:22:13.0187 0392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:22:13.0453 0392 redbook - ok
08:22:13.0484 0392 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:22:13.0796 0392 RemoteAccess - ok
08:22:13.0843 0392 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
08:22:14.0109 0392 RpcLocator - ok
08:22:14.0171 0392 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:22:14.0296 0392 RpcSs - ok
08:22:14.0343 0392 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
08:22:14.0609 0392 RSVP - ok
08:22:14.0687 0392 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
08:22:14.0703 0392 RT73 ( UnsignedFile.Multi.Generic ) - warning
08:22:14.0703 0392 RT73 - detected UnsignedFile.Multi.Generic (1)
08:22:14.0750 0392 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:22:14.0937 0392 rtl8139 - ok
08:22:14.0984 0392 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
08:22:15.0156 0392 S3Psddr - ok
08:22:15.0218 0392 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:22:15.0468 0392 SamSs - ok
08:22:15.0515 0392 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:22:15.0781 0392 SCardSvr - ok
08:22:15.0828 0392 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:22:16.0109 0392 Schedule - ok
08:22:16.0156 0392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:22:16.0265 0392 Secdrv - ok
08:22:16.0312 0392 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:22:16.0531 0392 seclogon - ok
08:22:16.0578 0392 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:22:16.0906 0392 SENS - ok
08:22:16.0953 0392 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:22:17.0203 0392 Serenum - ok
08:22:17.0281 0392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:22:18.0109 0392 Serial - ok
08:22:18.0250 0392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:22:18.0750 0392 Sfloppy - ok
08:22:18.0843 0392 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:22:19.0125 0392 SharedAccess - ok
08:22:19.0171 0392 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:22:19.0218 0392 ShellHWDetection - ok
08:22:19.0234 0392 Simbad - ok
08:22:19.0281 0392 SISAGP (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
08:22:19.0296 0392 SISAGP ( UnsignedFile.Multi.Generic ) - warning
08:22:19.0296 0392 SISAGP - detected UnsignedFile.Multi.Generic (1)
08:22:19.0328 0392 Sparrow - ok
08:22:19.0375 0392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:22:19.0609 0392 splitter - ok
08:22:19.0656 0392 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:22:19.0703 0392 Spooler - ok
08:22:19.0718 0392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:22:19.0828 0392 sr - ok
08:22:19.0890 0392 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:22:20.0015 0392 srservice - ok
08:22:20.0093 0392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:22:20.0171 0392 Srv - ok
08:22:20.0218 0392 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:22:20.0328 0392 SSDPSRV - ok
08:22:20.0390 0392 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:22:20.0671 0392 stisvc - ok
08:22:20.0703 0392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:22:20.0968 0392 swenum - ok
08:22:21.0015 0392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:22:21.0296 0392 swmidi - ok
08:22:21.0312 0392 SwPrv - ok
08:22:21.0343 0392 symc810 - ok
08:22:21.0375 0392 symc8xx - ok
08:22:21.0390 0392 sym_hi - ok
08:22:21.0421 0392 sym_u3 - ok
08:22:21.0453 0392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:22:21.0781 0392 sysaudio - ok
08:22:21.0875 0392 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:22:22.0140 0392 SysmonLog - ok
08:22:22.0203 0392 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:22:22.0515 0392 TapiSrv - ok
08:22:22.0593 0392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:22:22.0687 0392 Tcpip - ok
08:22:22.0750 0392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:22:23.0046 0392 TDPIPE - ok
08:22:23.0078 0392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:22:23.0375 0392 TDTCP - ok
08:22:23.0406 0392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:22:23.0671 0392 TermDD - ok
08:22:23.0750 0392 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:22:24.0046 0392 TermService - ok
08:22:24.0109 0392 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:22:24.0156 0392 Themes - ok
08:22:24.0187 0392 TosIde - ok
08:22:24.0281 0392 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:22:25.0156 0392 TrkWks - ok
08:22:25.0218 0392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:22:25.0875 0392 Udfs - ok
08:22:25.0921 0392 ultra - ok
08:22:26.0015 0392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:22:26.0296 0392 Update - ok
08:22:26.0359 0392 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:22:26.0500 0392 upnphost - ok
08:22:26.0531 0392 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:22:26.0843 0392 UPS - ok
08:22:26.0906 0392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:22:27.0203 0392 usbccgp - ok
08:22:27.0234 0392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:22:27.0531 0392 usbehci - ok
08:22:27.0593 0392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:22:27.0859 0392 usbhub - ok
08:22:27.0890 0392 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:22:28.0156 0392 usbohci - ok
08:22:28.0218 0392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:22:28.0484 0392 usbprint - ok
08:22:28.0546 0392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:22:28.0812 0392 usbscan - ok
08:22:28.0859 0392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:22:29.0125 0392 USBSTOR - ok
08:22:29.0156 0392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:22:29.0421 0392 usbuhci - ok
08:22:29.0468 0392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:22:29.0812 0392 VgaSave - ok
08:22:29.0859 0392 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
08:22:29.0890 0392 viaagp1 ( UnsignedFile.Multi.Generic ) - warning
08:22:29.0890 0392 viaagp1 - detected UnsignedFile.Multi.Generic (1)
08:22:29.0968 0392 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
08:22:30.0234 0392 ViaIde - ok
08:22:30.0265 0392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:22:30.0531 0392 VolSnap - ok
08:22:30.0593 0392 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:22:30.0718 0392 VSS - ok
08:22:30.0750 0392 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:22:30.0984 0392 W32Time - ok
08:22:31.0031 0392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:22:31.0296 0392 Wanarp - ok
08:22:31.0312 0392 WDICA - ok
08:22:31.0359 0392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:22:32.0234 0392 wdmaud - ok
08:22:32.0328 0392 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:22:32.0875 0392 WebClient - ok
08:22:32.0953 0392 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:22:33.0218 0392 winmgmt - ok
08:22:33.0296 0392 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
08:22:33.0343 0392 WmdmPmSN - ok
08:22:33.0421 0392 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:22:33.0703 0392 WmiApSrv - ok
08:22:33.0859 0392 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:22:33.0953 0392 WMPNetworkSvc - ok
08:22:34.0171 0392 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:22:34.0234 0392 WPFFontCache_v0400 - ok
08:22:34.0406 0392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:22:34.0671 0392 WS2IFSL - ok
08:22:34.0703 0392 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:22:34.0984 0392 wscsvc - ok
08:22:35.0000 0392 WSearch - ok
08:22:35.0062 0392 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:22:35.0343 0392 wuauserv - ok
08:22:35.0390 0392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:22:35.0437 0392 WudfPf - ok
08:22:35.0468 0392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:22:35.0515 0392 WudfRd - ok
08:22:35.0562 0392 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:22:35.0593 0392 WudfSvc - ok
08:22:35.0687 0392 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:22:35.0968 0392 WZCSVC - ok
08:22:36.0015 0392 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:22:36.0281 0392 xmlprov - ok
08:22:36.0343 0392 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
08:22:36.0343 0392 {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - warning
08:22:36.0343 0392 {6080A529-897E-4629-A488-ABA0C29B635E} - detected UnsignedFile.Multi.Generic (1)
08:22:36.0421 0392 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
08:22:36.0437 0392 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - warning
08:22:36.0437 0392 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - detected UnsignedFile.Multi.Generic (1)
08:22:36.0468 0392 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
08:22:36.0593 0392 \Device\Harddisk0\DR0 - ok
08:22:36.0609 0392 Boot (0x1200) (7aaf026735f53ec5a6474b482232e8a5) \Device\Harddisk0\DR0\Partition0
08:22:36.0609 0392 \Device\Harddisk0\DR0\Partition0 - ok
08:22:36.0625 0392 Boot (0x1200) (9cdd1c346ee4ff4e5a4c3be867bb3d4a) \Device\Harddisk0\DR0\Partition1
08:22:36.0625 0392 \Device\Harddisk0\DR0\Partition1 - ok
08:22:36.0640 0392 ============================================================
08:22:36.0640 0392 Scan finished
08:22:36.0640 0392 ============================================================
08:22:36.0781 0572 Detected object count: 13
08:22:36.0781 0572 Actual detected object count: 13
08:25:00.0406 0572 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0406 0572 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0406 0572 Belkin Wireless USB Network Adapter Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0406 0572 Belkin Wireless USB Network Adapter Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0406 0572 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0406 0572 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0437 0572 ltmodem5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0437 0572 ltmodem5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0437 0572 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0437 0572 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0437 0572 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0437 0572 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0468 0572 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0468 0572 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0484 0572 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0484 0572 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0484 0572 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0484 0572 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0484 0572 SISAGP ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0484 0572 SISAGP ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0500 0572 viaagp1 ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0531 0572 viaagp1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0531 0572 {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0531 0572 {6080A529-897E-4629-A488-ABA0C29B635E} ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:00.0531 0572 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - skipped by user
08:25:00.0531 0572 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:25.0968 2312 Deinitialize success
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.27.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-6JNHHU0520 [administrator]
Protection: Enabled
7/27/2012 3:55:19 PM
mbam-log-2012-07-27 (15-55-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180613
Time elapsed: 20 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
OTL logfile created on: 7/27/2012 4:45:42 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.84% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.76 Gb Total Space | 20.63 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.38% Space Free | Partition Type: FAT32
Computer Name: YOUR-6JNHHU0520 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/07/27 07:37:15 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/21 13:12:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OTL.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2005/01/18 09:57:22 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE
PRC - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) -- C:\WINDOWS\system32\dlbxcoms.exe
PRC - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
PRC - [2002/06/18 02:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 20:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 20:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
========== Modules (No Company Name) ========== MOD - [2012/07/27 14:21:09 | 001,789,440 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12072701\algo.dll
MOD - [2012/07/26 17:28:38 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/07/26 17:22:42 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/07/26 17:22:38 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/07/26 17:22:35 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/07/26 17:20:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/07/21 21:46:41 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/07/21 21:46:40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/21 21:46:40 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/07/21 21:46:38 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/07/21 21:46:37 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/07/21 21:46:37 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/07/21 21:46:27 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/07/21 21:46:24 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/07/21 21:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/21 21:46:21 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/07/21 21:40:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/07/21 21:40:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/07/21 21:40:31 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/07/21 21:25:51 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/07/21 21:15:57 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/07/21 21:12:32 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/07/21 21:12:18 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/07/21 21:12:08 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/07/21 21:11:50 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/07/21 21:11:36 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/04/03 09:17:39 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/03 09:17:38 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/03 09:17:34 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/03 09:17:34 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/03 09:17:34 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/03 09:17:34 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/03 09:17:34 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/03 09:17:33 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/03 09:17:32 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/03 09:17:32 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/03 09:17:32 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/03/22 19:58:23 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/03/22 19:58:18 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/12/16 10:15:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL
MOD - [2004/10/07 14:49:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll
MOD - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 12:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 16:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 12:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/06/18 02:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
MOD - [2002/05/24 23:02:36 | 000,106,496 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2002/04/17 20:49:22 | 000,024,576 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 20:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
MOD - [2002/04/09 08:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\system32\dlbxcoms.exe -- (dlbx_device)
SRV - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/08/03 00:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/10/28 13:59:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/10/28 02:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/16 19:41:16 | 000,625,121 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/04 14:10:00 | 000,027,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us7.hpwis.com/IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://att.my.yahoo.com/IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFC0C432-B2EE-432B-A325-4D0B1A609693}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...Box&Form=IE8SRCIE - HKCU\..\SearchScopes\{CFC0C432-B2EE-432B-A325-4D0B1A609693}: "URL" =
http://search.yahoo....p={SearchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/27 07:39:04 | 000,000,000 | ---D | M]
[2010/03/16 20:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
O1 HOSTS File: ([2012/07/27 05:20:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled [2010/06/22 07:44:29 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1293035391453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1293035665187 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C73671E7-FFF0-445D-B3E6-E499CF6654A8}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HP R3 10x7.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HP R3 10x7.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 12:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk - - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/07/27 08:30:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/27 08:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 08:27:31 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/27 08:19:40 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/27 08:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SparkPDF
[2012/07/27 08:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SparkPDF
[2012/07/27 07:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\SparkPDF
[2012/07/27 07:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/07/27 07:19:44 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/27 07:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/27 07:19:43 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/27 07:19:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/27 07:19:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/27 07:19:36 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/27 07:19:34 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/27 07:19:34 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/27 07:19:33 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/27 07:18:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/27 07:18:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/27 07:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/27 07:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/07/27 05:23:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/27 05:04:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/27 05:00:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/27 05:00:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/27 05:00:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/27 05:00:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/27 05:00:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/27 04:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/27 04:59:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/07/27 04:56:39 | 004,719,842 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/27 04:41:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/27 04:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2012/07/27 04:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/07/27 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/27 04:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/27 04:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/07/27 04:33:37 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/27 04:33:37 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/27 04:33:37 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/27 04:33:36 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/27 04:33:27 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 04:33:27 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/27 04:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/27 04:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2012/07/26 15:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VA Final Decision
[2012/07/26 15:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VA Prelim Decision
[2012/07/21 13:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2012/07/21 13:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SpeedMaxPc
[2012/07/21 13:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/07/21 09:29:39 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/07/21 08:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
========== Files - Modified Within 30 Days ========== [2012/07/27 16:40:15 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/27 16:39:24 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3488582410-4034776416-3878855230-1003.job
[2012/07/27 16:37:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/27 16:37:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2636856054-1950875026-1641720859-1003.job
[2012/07/27 16:37:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-255153477-86716838-4261351219-1003.job
[2012/07/27 16:37:37 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/07/27 16:37:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/27 16:37:29 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 16:31:47 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk
[2012/07/27 16:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 08:30:56 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 08:27:31 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/27 08:19:59 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/27 08:00:01 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SparkPDF.lnk
[2012/07/27 07:58:59 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3488582410-4034776416-3878855230-1003.job
[2012/07/27 07:41:00 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/27 07:38:38 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/27 07:37:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/27 07:37:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/27 07:19:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/27 07:19:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/27 07:16:46 | 089,340,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avast_free_antivirus_setup.exe
[2012/07/27 05:20:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/27 05:04:46 | 000,000,316 | RHS- | M] () -- C:\boot.ini
[2012/07/27 04:59:07 | 004,719,842 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/27 04:51:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/27 04:42:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/27 04:32:20 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 04:32:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/26 16:04:11 | 000,000,798 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/07/26 15:23:45 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;23;35PM.rtf
[2012/07/26 15:21:44 | 000,006,951 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;21;32PM.rtf
[2012/07/26 15:18:17 | 000,005,923 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;18;06PM.rtf
[2012/07/26 15:14:15 | 000,234,250 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;14;03PM.rtf
[2012/07/26 15:08:40 | 000,002,626 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;08;29PM.rtf
[2012/07/26 15:06:46 | 000,006,567 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;06;34PM.rtf
[2012/07/26 15:04:32 | 000,006,397 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;04;21PM.rtf
[2012/07/26 14:58:28 | 000,005,738 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 02;58;13PM.rtf
[2012/07/26 14:54:10 | 000,235,681 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 02;53;51PM.rtf
[2012/07/26 14:28:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 14:28:54 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/21 21:48:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/21 21:46:55 | 000,496,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/21 21:46:55 | 000,084,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/05 22:07:08 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 11:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
========== Files Created - No Company Name ========== [2012/07/27 16:31:47 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk
[2012/07/27 08:30:56 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 08:00:01 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SparkPDF.lnk
[2012/07/27 07:42:58 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3488582410-4034776416-3878855230-1003.job
[2012/07/27 07:42:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3488582410-4034776416-3878855230-1003.job
[2012/07/27 07:41:00 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/27 07:19:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/27 07:19:34 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/27 07:13:51 | 089,340,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avast_free_antivirus_setup.exe
[2012/07/27 05:04:46 | 000,000,199 | ---- | C] () -- C:\Boot.bak
[2012/07/27 05:04:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/27 05:00:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/27 05:00:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/27 05:00:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/27 05:00:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/27 05:00:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/27 04:51:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/26 15:23:45 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;23;35PM.rtf
[2012/07/26 15:21:43 | 000,006,951 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;21;32PM.rtf
[2012/07/26 15:18:17 | 000,005,923 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;18;06PM.rtf
[2012/07/26 15:14:14 | 000,234,250 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;14;03PM.rtf
[2012/07/26 15:08:40 | 000,002,626 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;08;29PM.rtf
[2012/07/26 15:06:45 | 000,006,567 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;06;34PM.rtf
[2012/07/26 15:04:32 | 000,006,397 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 03;04;21PM.rtf
[2012/07/26 14:58:27 | 000,005,738 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 02;58;13PM.rtf
[2012/07/26 14:54:09 | 000,235,681 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\07-26-2012 02;53;51PM.rtf
[2012/01/28 21:11:37 | 000,699,121 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3488582410-4034776416-3878855230-1003-0.dat
[2012/01/28 21:11:31 | 000,155,170 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/28 12:56:11 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2010/12/28 16:18:33 | 000,000,070 | ---- | C] () -- C:\WINDOWS\8D1AB55B.ini
[2010/12/22 12:42:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2010/12/22 12:42:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/02/25 19:49:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Keychains
[2010/02/25 19:49:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Jazz Kit
[2010/02/25 19:49:56 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/09/06 16:23:54 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/28 13:19:49 | 000,008,550 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2002/10/28 13:19:49 | 000,008,029 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2012/07/27 08:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/12/19 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/03/26 19:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2010/05/17 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/05/17 07:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2010/06/17 14:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2010/03/23 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2012/07/21 13:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2009/08/06 18:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2010/01/07 09:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/09/16 07:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2012/04/28 14:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/03/15 05:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/12/11 08:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/03/22 09:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2010/05/07 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
[2009/07/31 06:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/04/04 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/07/21 13:43:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/08/03 21:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2011/02/12 20:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2010/03/16 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/06/27 09:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2010/02/25 20:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2012/07/27 04:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2010/03/28 09:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2002/10/28 14:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/01/08 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2002/10/28 13:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
[2010/03/15 05:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2010/04/17 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Southwest Airlines
[2012/07/27 08:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SparkPDF
[2012/07/21 13:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpeedMaxPc
[2012/07/27 04:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/07/31 06:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2010/06/01 02:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2002/10/28 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2011/02/13 13:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/04/03 06:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
< MD5 for: ATAPI.SYS >[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2010/06/14 23:46:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/28 15:07:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/12/28 15:07:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
< MD5 for: EXPLORER.EXE >[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 06:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < >< End of report >
OTL Extras logfile created on: 7/27/2012 4:45:42 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.84% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.76 Gb Total Space | 20.63 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.38% Space Free | Partition Type: FAT32
Computer Name: YOUR-6JNHHU0520 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}" = Blasterball Wild
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357ECB62-CD36-4B63-B57E-769D0CA174F4}" = Blasterball 2
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA6838C-5C34-4F9C-A8DA-434D65DD1356}" = Men in Black II CROSSFIRE Trial Version
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0AE1FB-4082-4A27-8363-05D292D92FB0}" = Virtual Warfare
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5415BC25-6D6C-46C4-B34C-EA8470FE56D5}" = Blackhawk Striker
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{63272979-21F0-48EF-9B97-A83DBC05BE39}" = Disney's Lilo and Stitch Pinball
"{6CAEFA23-0C08-4899-A661-29D69228AF6D}" = HP Memories Disc
"{753FE96B-D926-4B6C-BCFB-CC59153D004A}" = Snowboard Extreme
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7841B68B-B7DD-408E-8B45-D5CA39608185}" = Dark Orbit
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9FA01E11-9015-4140-B10A-5C6AA949B2FC}" = Space Rocks
"{A27EAF80-CBFC-4F56-94E1-929A401D7515}" = Betty Bad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}" = PigPen
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E62C706B-1352-4DCA-B4D4-81C24750B70F}" = Detto IntelliMover Demo
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcSoft Software Suite" = ArcSoft Software Suite
"avast" = avast! Free Antivirus
"Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
"ErrorEND" = ErrorEND
"hp instant support" = HP Instant Support
"HPTOOLKIT" = hp toolkit
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Indeo® Software" = Indeo® Software
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PDF Reader" = PDF Reader
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 15.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Premier 2007" = TurboTax Premier 2007
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangentDDC" = WildTangent Channel Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 7/27/2011 10:37:20 PM | Computer Name = YOUR-6JNHHU0520 | Source = Application Error | ID = 1000
Description = Faulting application nwiz.exe, version 6.13.10.3190, faulting module
nview.dll, version 6.13.10.3190, fault address 0x00002429.
Error - 7/27/2011 10:37:58 PM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: A connection with the server could not be established
Error - 7/27/2011 10:38:02 PM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Error - 8/20/2011 6:04:16 PM | Computer Name = YOUR-6JNHHU0520 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 10/20/2011 1:39:17 PM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.
Error - 10/20/2011 1:39:21 PM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Error - 11/20/2011 10:59:14 AM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved
Error - 11/20/2011 10:59:19 AM | Computer Name = YOUR-6JNHHU0520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Error - 11/24/2011 10:21:15 AM | Computer Name = YOUR-6JNHHU0520 | Source = Application Error | ID = 1000
Description = Faulting application nwiz.exe, version 6.13.10.3190, faulting module
nview.dll, version 6.13.10.3190, fault address 0x00002429.
Error - 11/25/2011 12:26:26 PM | Computer Name = YOUR-6JNHHU0520 | Source = ESENT | ID = 490
Description = svchost (1752) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 11/25/2011 12:26:26 PM | Computer Name = YOUR-6JNHHU0520 | Source = ESENT | ID = 439
Description = Catalog Database (1752) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.
[ System Events ]
Error - 7/21/2012 2:05:20 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 7/27/2012 6:07:45 AM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The Belkin Wireless USB Network Adapter service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.
Error - 7/27/2012 6:09:21 AM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The Belkin Wireless USB Network Adapter service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.
Error - 7/27/2012 6:13:50 AM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The Belkin Wireless USB Network Adapter service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.
Error - 7/27/2012 6:14:51 AM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The Belkin Wireless USB Network Adapter service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.
Error - 7/27/2012 6:41:35 AM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 7/27/2012 7:49:32 AM | Computer Name = YOUR-6JNHHU0520 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without
first being prepared for removal.
Error - 7/27/2012 7:49:32 AM | Computer Name = YOUR-6JNHHU0520 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without
first being prepared for removal.
Error - 7/27/2012 7:49:32 AM | Computer Name = YOUR-6JNHHU0520 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without
first being prepared for removal.
Error - 7/27/2012 5:27:06 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SISAGP viaagp1
< End of report >
THIS IS AS FAR AS I"VE GOTTEN