Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

help to remove jview.exe and shimgv.exe viruses [Closed]

Started by techgeek37 , Jul 30 2012 09:53 PM

This topic is locked

#1
techgeek37

Posted 30 July 2012 - 09:53 PM

Member

Member
21 posts

hi ! good day guys,

recently my pc have been infected by a viruses. all the picture on my computer has turn to .exe format and the virus use to hidden my original pictures. i already try to scan with avira free but no luck. already try malwarebyte and others free tools but also resulting the same. here i attach an image of the task manager where the said viruses appear. please help me everyone...

Attached Thumbnails

#2
maliprog

Posted 30 July 2012 - 11:19 PM

Trusted Helper

Malware Removal
6,172 posts

Hello techgeek37 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

OTL log
OTL Extras log
GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
techgeek37

Posted 31 July 2012 - 01:14 AM

Member

Topic Starter
Member
21 posts

first of all, thank you for your attention maliprog,

by the way i have already do the scaning of OTL and this the result (OTL & Extras)

#4
techgeek37

Posted 31 July 2012 - 01:20 AM

Member

Topic Starter
Member
21 posts

results of the OTL scanning;

OTL logfile created on: 7/31/2012 3:06:31 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Rony@\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 584.28 Mb Available Physical Memory | 57.68% Memory free
2.37 Gb Paging File | 1.43 Gb Available in Paging File | 60.20% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 11.95 Gb Free Space | 40.80% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 51.21 Gb Free Space | 42.78% Space Free | Partition Type: NTFS

Computer Name: POS40 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 15:05:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\My Documents\Downloads\OTL.exe
PRC - [2012/07/10 12:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/06/23 12:30:07 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/09/29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/09/29 16:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/27 15:40:24 | 000,102,400 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/17 10:48:22 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2012/07/10 12:09:00 | 000,438,296 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 12:08:59 | 003,972,120 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 12:07:22 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 12:07:21 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 12:07:19 | 002,386,984 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 10:17:27 | 009,255,112 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/03 12:10:11 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
MOD - [2012/07/03 12:10:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
MOD - [2012/06/14 08:55:53 | 014,631,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9f9ada0c61de38cc68d1cfea4af0e2b2\PresentationFramework.ni.dll
MOD - [2012/06/14 08:55:29 | 012,597,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\640fdc3675ab17fb1e77f27347d5d9e4\PresentationCore.ni.dll
MOD - [2012/06/14 08:54:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:54:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/05/12 09:15:31 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 08:46:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 08:43:59 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012/05/11 22:03:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 22:02:55 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/11 21:58:45 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/04/16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/05 11:41:31 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2011/09/29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/09/16 11:55:38 | 000,621,480 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/09/16 11:55:38 | 000,463,784 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/09/16 11:55:38 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/09/16 11:55:38 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?shimgvw?.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?Jview?.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2002/02/04 05:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\CWBRXD.EXE -- (Cwbrxd)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mesjeiqp.sys -- (mesjeiqp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/20 01:12:06 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2011/08/25 12:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/08/25 12:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000b8ac6f0df8da
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 12:30:21 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com.my/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000b8ac6f0df8da
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.my/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_2\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_2\
CHR - Extension: Gmail = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/15 10:33:58 | 000,437,990 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15066 more lines...
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [METROJAY-832BEB̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - HKCU..\Run: [POS40̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} http://metrojayasuri.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1317179352906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 09:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 11:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegUtility
[2012/07/31 11:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\RegUtility
[2012/07/29 13:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\MyEgy.Com.Billboard Hot 100
[2012/07/26 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\Pelbagai - Kompilasi Lagu Raya 2
[2012/07/26 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Unrar Extract and Recover 4.5
[2012/07/26 12:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Appnimi
[2012/07/26 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\PA System
[2012/07/26 12:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\Lagu Raya 2012
[2012/07/19 12:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\Photomatix Pro v4.2.3 Port
[2012/07/17 10:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Samsung
[2012/07/17 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\My Documents\samsung
[2012/07/17 10:47:28 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2012/07/17 10:47:27 | 000,077,624 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2012/07/17 10:47:22 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2012/07/17 10:47:22 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2012/07/17 10:47:22 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2012/07/17 10:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/07/17 10:46:35 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/07/17 10:46:22 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/07/17 10:46:22 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/07/17 10:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/07/17 10:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Application Data\Samsung
[2012/07/17 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/07/17 10:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/07/17 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Downloaded Installations
[2012/07/05 13:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/07/05 12:08:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rony@\Recent
[2012/07/04 16:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/07/04 15:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2012/07/04 15:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unattended Soft
[2012/07/04 15:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/07/04 15:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012/07/03 12:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinToFlash Suggestor
[2012/07/03 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\I Want This
[2012/07/03 12:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/07/03 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Babylon
[2012/07/03 12:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/03 12:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Application Data\Babylon
[2010/08/13 00:32:04 | 015,728,768 | ---- | C] (EffectMatrix Inc. ) -- C:\Documents and Settings\Rony@\Application Data\tvc371.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/31 14:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
[2012/07/31 12:17:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2012/07/31 12:17:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2012/07/31 12:17:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/31 12:17:15 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2012/07/31 12:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/31 11:07:15 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegUtility.lnk
[2012/07/31 10:46:52 | 000,132,391 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\viruses.JPG
[2012/07/30 09:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2012/07/26 12:09:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2012/07/22 17:39:00 | 000,967,729 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\01 Track 1.wma
[2012/07/20 11:25:09 | 001,494,982 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MAYBANK CARDMEMBERS mode.jpg
[2012/07/20 10:50:00 | 002,061,722 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MAYBANK CARDMEMBERS.jpg
[2012/07/19 17:42:21 | 010,596,928 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0507_tonemapped.jpg
[2012/07/19 14:08:20 | 011,329,985 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0766_tonemapped.jpg
[2012/07/19 11:32:17 | 007,197,953 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Photomatix_Pro_v4.2.3_Port.rar
[2012/07/18 09:46:55 | 000,062,010 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\birthday-ballon-border-md.png
[2012/07/18 09:28:04 | 000,040,985 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\hearts_border.png
[2012/07/17 18:56:01 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 18:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/17 18:21:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/07/17 12:27:04 | 000,054,472 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\error disable network.JPG
[2012/07/17 10:48:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/07/17 10:47:36 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/07/17 10:46:39 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/14 17:38:54 | 002,221,149 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\raya sale2.jpg
[2012/07/14 17:25:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Copy of raya sale.jpg
[2012/07/14 16:56:00 | 002,770,668 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\raya sale.jpg
[2012/07/12 12:54:39 | 000,023,944 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\facts.jpg
[2012/07/12 09:20:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 08:46:35 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 08:46:34 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Google Chrome.lnk
[2012/07/12 08:42:23 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/12 08:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 17:10:46 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/09 16:14:44 | 001,246,708 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_Front.jpg
[2012/07/09 16:14:40 | 000,928,666 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_C&F.jpg
[2012/07/09 16:14:37 | 001,164,830 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_Back.jpg
[2012/07/09 16:04:53 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/09 15:57:06 | 000,402,881 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Diners Club-Metrojaya .jpg
[2012/07/09 15:54:09 | 000,551,658 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJ tentcard 6x7-25 0712.pdf
[2012/07/09 12:43:21 | 000,043,548 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJ brands.JPG
[2012/07/09 12:10:21 | 000,063,996 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJ Gift Voucher.JPG
[2012/07/09 12:00:50 | 003,038,701 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJPC4.jpg
[2012/07/09 11:44:04 | 000,174,358 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJPC.jpg
[2012/07/09 11:10:06 | 000,061,985 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJPC2.JPG
[2012/07/09 11:09:10 | 000,039,201 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJPCT.JPG
[2012/07/09 10:54:32 | 000,170,806 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MJPC.png
[2012/07/09 10:43:15 | 000,148,687 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Metrojaya Kuching Sarawak OPENING SOON!!!.jpg
[2012/07/04 16:01:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012/07/04 16:01:16 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 16:01:04 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/07/04 15:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 11:07:15 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegUtility.lnk
[2012/07/31 10:46:00 | 000,132,391 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\viruses.JPG
[2012/07/23 11:47:29 | 000,967,729 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\01 Track 1.wma
[2012/07/20 11:24:54 | 001,494,982 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MAYBANK CARDMEMBERS mode.jpg
[2012/07/20 11:12:42 | 002,061,722 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MAYBANK CARDMEMBERS.jpg
[2012/07/19 17:42:13 | 010,596,928 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0507_tonemapped.jpg
[2012/07/19 17:12:00 | 007,003,668 | R--- | C] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0507.JPG
[2012/07/19 14:08:10 | 011,329,985 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0766_tonemapped.jpg
[2012/07/19 13:27:46 | 006,815,423 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\IMG_0766.JPG
[2012/07/19 12:54:58 | 007,197,953 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Photomatix_Pro_v4.2.3_Port.rar
[2012/07/19 11:11:16 | 000,054,472 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\error disable network.JPG
[2012/07/19 09:27:48 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2012/07/18 09:46:58 | 000,062,010 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\birthday-ballon-border-md.png
[2012/07/18 09:28:07 | 000,040,985 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\hearts_border.png
[2012/07/17 20:05:13 | 000,260,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/17 18:56:04 | 734,003,200 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\[DB]_Naruto_Shippuuden_The Movie_[75F57621].avi
[2012/07/17 18:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/17 18:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/07/17 10:47:36 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/07/17 10:46:39 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/14 17:38:49 | 002,221,149 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\raya sale2.jpg
[2012/07/14 17:19:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Copy of raya sale.jpg
[2012/07/14 17:18:40 | 002,770,668 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\raya sale.jpg
[2012/07/12 12:54:47 | 000,023,944 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\facts.jpg
[2012/07/12 08:22:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 16:14:23 | 001,246,708 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_Front.jpg
[2012/07/09 16:14:19 | 000,928,666 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_C&F.jpg
[2012/07/09 16:14:16 | 001,164,830 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Raya Mailer 2012_Back.jpg
[2012/07/09 16:03:03 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/09 15:57:04 | 000,402,881 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Diners Club-Metrojaya .jpg
[2012/07/09 15:54:05 | 000,551,658 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJ tentcard 6x7-25 0712.pdf
[2012/07/09 12:42:07 | 000,043,548 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJ brands.JPG
[2012/07/09 12:10:21 | 000,063,996 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJ Gift Voucher.JPG
[2012/07/09 11:59:06 | 003,038,701 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJPC4.jpg
[2012/07/09 11:10:06 | 000,061,985 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJPC2.JPG
[2012/07/09 11:09:10 | 000,174,358 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJPC.jpg
[2012/07/09 11:09:10 | 000,039,201 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJPCT.JPG
[2012/07/09 10:54:47 | 000,170,806 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MJPC.png
[2012/07/09 10:43:19 | 000,148,687 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Metrojaya Kuching Sarawak OPENING SOON!!!.jpg
[2012/07/04 16:01:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012/07/04 16:01:16 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 16:01:04 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/07/04 15:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/05/26 11:26:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\TopScan.INI
[2012/04/26 14:40:52 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/26 14:40:52 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/19 15:17:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/28 13:12:35 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/02/15 10:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 19:16:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/02/01 15:18:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/28 12:46:26 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2011/10/09 09:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/04 10:44:56 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/09/30 16:26:32 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 16:26:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/30 10:37:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/29 16:50:10 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:57:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/28 16:56:46 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 16:33:11 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/09/28 16:32:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2011/09/28 16:32:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2011/09/28 16:32:41 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/09/28 16:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2011/09/28 16:32:41 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2011/09/28 09:26:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/09/28 09:06:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 09:02:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/05/18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323C8
[2012/07/03 12:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/29 13:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/17 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/03 12:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/05/03 12:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/30 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AnvSoft
[2012/05/25 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AskToolbar
[2012/07/03 12:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Babylon
[2012/05/26 08:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\bearsharemediabartb
[2011/10/15 15:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Haenlein-Software
[2012/07/31 15:09:48 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Rony@\Application Data\Java
[2011/10/04 10:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Minolta
[2012/07/17 10:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Samsung
[2011/10/11 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Xilisoft
[2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/07/31 14:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >

#5
techgeek37

Posted 31 July 2012 - 01:21 AM

Member

Topic Starter
Member
21 posts

OTL Extras logfile created on: 7/31/2012 3:06:31 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Rony@\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 584.28 Mb Available Physical Memory | 57.68% Memory free
2.37 Gb Paging File | 1.43 Gb Available in Paging File | 60.20% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 11.95 Gb Free Space | 40.80% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 51.21 Gb Free Space | 42.78% Space Free | Partition Type: NTFS

Computer Name: POS40 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5800:TCP" = 5800:TCP:*:Enabled:5800
"5900:TCP" = 5900:TCP:*:Enabled:5900
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe" = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe:*:Enabled:FTP Utility -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09404F93-8684-4401-ACEA-325BBB7EAA2C}_is1" = Videoplayer 1.1.1.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 6.20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ClientAccessExpress" = IBM iSeries Access for Windows
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"RegUtility_is1" = RegUtility version 4.1
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinToFlash Suggestor" = WinToFlash Suggestor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2012 1:05:40 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/14/2012 1:05:51 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/14/2012 1:06:05 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = DeviceFrameBuffer: BitBlt failed:5

Error - 6/14/2012 1:06:05 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = DeviceFrameBuffer: BitBlt failed:5

Error - 6/29/2012 3:19:24 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/29/2012 3:19:33 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/4/2012 4:06:26 AM | Computer Name = POS40 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module igfxsrvc.dll, version 6.14.10.4957, fault address 0x0000472f.

Error - 7/9/2012 3:00:09 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/9/2012 3:00:41 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/30/2012 11:51:09 PM | Computer Name = POS40 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module
unknown, version 0.0.0.0, fault address 0x00000004.

[ Application Events ]
Error - 6/14/2012 1:05:40 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/14/2012 1:05:51 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/14/2012 1:06:05 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = DeviceFrameBuffer: BitBlt failed:5

Error - 6/14/2012 1:06:05 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = DeviceFrameBuffer: BitBlt failed:5

Error - 6/29/2012 3:19:24 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 6/29/2012 3:19:33 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/4/2012 4:06:26 AM | Computer Name = POS40 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module igfxsrvc.dll, version 6.14.10.4957, fault address 0x0000472f.

Error - 7/9/2012 3:00:09 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/9/2012 3:00:41 AM | Computer Name = POS40 | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Authentication failure

Error - 7/30/2012 11:51:09 PM | Computer Name = POS40 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module
unknown, version 0.0.0.0, fault address 0x00000004.

[ System Events ]
Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/20/2012 12:21:03 AM | Computer Name = POS40 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf84c68e, parameter3
a2d65ae4, parameter4 00000000.

Error - 7/26/2012 12:14:34 AM | Computer Name = POS40 | Source = DCOM | ID = 10010
Description = The server {7A1A13F5-B96B-492A-B591-D7526E0B3013} did not register
with DCOM within the required timeout.

Error - 7/26/2012 10:06:54 PM | Computer Name = POS40 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
POS09 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EFD33790-568A-4DBC-884.
The
master browser is stopping or an election is being forced.

[ System Events ]
Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT.mui. Reference
error message: The system cannot find the path specified. .

Error - 7/19/2012 5:42:21 AM | Computer Name = POS40 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\PhotomatixPro4\exiv2.exe.
Reference
error message: The operation completed successfully. .

Error - 7/20/2012 12:21:03 AM | Computer Name = POS40 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf84c68e, parameter3
a2d65ae4, parameter4 00000000.

Error - 7/26/2012 12:14:34 AM | Computer Name = POS40 | Source = DCOM | ID = 10010
Description = The server {7A1A13F5-B96B-492A-B591-D7526E0B3013} did not register
with DCOM within the required timeout.

Error - 7/26/2012 10:06:54 PM | Computer Name = POS40 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
POS09 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EFD33790-568A-4DBC-884.
The
master browser is stopping or an election is being forced.

< End of report >

#6
maliprog

Posted 01 August 2012 - 01:26 AM

Trusted Helper

Malware Removal
6,172 posts

OK. Please post GMER log after the scan.

#7
techgeek37

Posted 01 August 2012 - 02:08 AM

Member

Topic Starter
Member
21 posts

sorry for late to give you the gmer reports. since yesterday i have been in trouble to open this geekstogo website which is i believe one of the cause by the virus. anyway here is the report;

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 17:40:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 ST3160318AS rev.CC44
Running: dp8ez3js.exe; Driver: C:\DOCUME~1\Rony@\LOCALS~1\Temp\fxtdapob.sys

---- System - GMER 1.0.15 ----

SSDT F7C1299C ZwClose
SSDT F7C12956 ZwCreateKey
SSDT F7C129A6 ZwCreateSection
SSDT F7C1294C ZwCreateThread
SSDT F7C1295B ZwDeleteKey
SSDT F7C12965 ZwDeleteValueKey
SSDT F7C12997 ZwDuplicateObject
SSDT F7C1296A ZwLoadKey
SSDT F7C12938 ZwOpenProcess
SSDT F7C1293D ZwOpenThread
SSDT F7C129BF ZwQueryValueKey
SSDT F7C12974 ZwReplaceKey
SSDT F7C129B0 ZwRequestWaitReplyPort
SSDT F7C1296F ZwRestoreKey
SSDT F7C129AB ZwSetContextThread
SSDT F7C129B5 ZwSetSecurityObject
SSDT F7C12960 ZwSetValueKey
SSDT F7C129BA ZwSystemDebugControl
SSDT F7C12947 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[2096] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3016] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3416] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4036] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 330CEAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Documents and Settings\Rony@\Application Data\Java\ (*** hidden *** ) @ C:\Documents [3276] 0x00400000
Library C:\Documents and Settings\Rony@\Application Data\Java\ (*** hidden *** ) @ C:\Documents [3380] 0x00400000
Library C:\Documents and Settings\Rony@\Application Data\Java\ (*** hidden *** ) @ C:\Documents [3444] 0x00400000
Library C:\Documents and Settings\Rony@\Application Data\Java\ (*** hidden *** ) @ C:\Documents [3480] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}@pahpjcpdjladbnpclaechbfdopiccmef 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4405E71-A3A5-9F12-3946-859A11A7714F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4405E71-A3A5-9F12-3946-859A11A7714F}@pajcdafcamnfaamiappaanlacmodffdm 0x61 0x62 0x61 0x6E ...

---- EOF - GMER 1.0.15 ----

#8
maliprog

Posted 01 August 2012 - 02:27 AM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's try to first fix.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?shimgvw?.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?Jview?.exe
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mesjeiqp.sys -- (mesjeiqp)
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [METROJAY-832BEB̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - HKCU..\Run: [POS40̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
[2010/08/13 00:32:04 | 015,728,768 | ---- | C] (EffectMatrix Inc. ) -- C:\Documents and Settings\Rony@\Application Data\tvc371.exe

:Files
C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe
C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

OTL fix log
TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button

#9
techgeek37

Posted 02 August 2012 - 02:35 AM

Member

Topic Starter
Member
21 posts

hi again... this is the result of OTL scanning

========== OTL ==========
Process ϝshimgvwʅ.exe killed successfully!
Process ߙJviewʚ.exe killed successfully!
Service mesjeiqp stopped successfully!
Service mesjeiqp deleted successfully!
File C:\WINDOWS\system32\drivers\mesjeiqp.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jre͸ deleted successfully.
C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\METROJAY-832BEB̉ deleted successfully.
C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\POS40̉ deleted successfully.
File C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd\ deleted successfully.
C:\WINDOWS\System32\cmd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\ deleted successfully.
C:\WINDOWS\System32\rundll32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunme.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blastclnn.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blastclnnn.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe\ deleted successfully.
File C:\WINDOWS\System32\rundll32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ise32.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\ deleted successfully.
File C:\WINDOWS\System32\rundll32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nbrowser.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\New Folder.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_login.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_tray.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npcsvc32.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npflgutl.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfports.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfrules.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfsvc32.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfuser.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfwiz.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprosec.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nuaa.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoa.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvcsched.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvoy.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reg32.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtpsvc.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scsaver.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSCVIHOST.exe\ deleted successfully.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe\ deleted successfully.
File C:\WINDOWS\System32\rundll32.exe not found.
C:\Documents and Settings\Rony@\Application Data\tvc371.exe moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe not found.
File\Folder C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_085811

#10
techgeek37

Posted 02 August 2012 - 02:38 AM

Member

Topic Starter
Member
21 posts

and this is the tdsskiller results...but after i run the scanning got an error when i right click the my computer and select for properties, it say that cannot find rundll32...do i make a mistake before?

16:06:21.0468 4100 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:06:22.0093 4100 ============================================================
16:06:22.0093 4100 Current date / time: 2012/08/02 16:06:22.0093
16:06:22.0093 4100 SystemInfo:
16:06:22.0093 4100
16:06:22.0093 4100 OS Version: 5.1.2600 ServicePack: 3.0
16:06:22.0093 4100 Product type: Workstation
16:06:22.0093 4100 ComputerName: POS40
16:06:22.0093 4100 UserName: Rony@
16:06:22.0093 4100 Windows directory: C:\WINDOWS
16:06:22.0093 4100 System windows directory: C:\WINDOWS
16:06:22.0093 4100 Processor architecture: Intel x86
16:06:22.0093 4100 Number of processors: 2
16:06:22.0093 4100 Page size: 0x1000
16:06:22.0093 4100 Boot type: Normal boot
16:06:22.0093 4100 ============================================================
16:06:24.0031 4100 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:06:24.0031 4100 Drive \Device\Harddisk1\DR3 - Size: 0x1DEC00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:06:24.0031 4100 ============================================================
16:06:24.0031 4100 \Device\Harddisk0\DR0:
16:06:24.0031 4100 MBR partitions:
16:06:24.0031 4100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
16:06:24.0046 4100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF6EDCD
16:06:24.0046 4100 \Device\Harddisk1\DR3:
16:06:24.0062 4100 MBR partitions:
16:06:24.0062 4100 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEF4000
16:06:24.0062 4100 ============================================================
16:06:24.0093 4100 C: <-> \Device\Harddisk0\DR0\Partition0
16:06:24.0250 4100 D: <-> \Device\Harddisk0\DR0\Partition1
16:06:24.0250 4100 ============================================================
16:06:24.0250 4100 Initialize success
16:06:24.0250 4100 ============================================================
16:08:19.0093 5932 ============================================================
16:08:19.0093 5932 Scan started
16:08:19.0093 5932 Mode: Manual; SigCheck; TDLFS;
16:08:19.0093 5932 ============================================================
16:08:19.0671 5932 Abiosdsk - ok
16:08:19.0671 5932 abp480n5 - ok
16:08:19.0718 5932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:08:20.0703 5932 ACPI ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0703 5932 ACPI - detected UnsignedFile.Multi.Generic (1)
16:08:20.0734 5932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:08:20.0765 5932 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0765 5932 ACPIEC - detected UnsignedFile.Multi.Generic (1)
16:08:20.0812 5932 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:08:20.0812 5932 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0812 5932 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
16:08:20.0812 5932 adpu160m - ok
16:08:20.0859 5932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:08:20.0875 5932 aec ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0875 5932 aec - detected UnsignedFile.Multi.Generic (1)
16:08:20.0921 5932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:08:20.0937 5932 AFD ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0937 5932 AFD - detected UnsignedFile.Multi.Generic (1)
16:08:20.0937 5932 Aha154x - ok
16:08:20.0937 5932 aic78u2 - ok
16:08:20.0937 5932 aic78xx - ok
16:08:20.0984 5932 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:08:20.0984 5932 Alerter ( UnsignedFile.Multi.Generic ) - warning
16:08:20.0984 5932 Alerter - detected UnsignedFile.Multi.Generic (1)
16:08:21.0015 5932 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:08:21.0015 5932 ALG ( UnsignedFile.Multi.Generic ) - warning
16:08:21.0015 5932 ALG - detected UnsignedFile.Multi.Generic (1)
16:08:21.0015 5932 AliIde - ok
16:08:21.0015 5932 amsint - ok
16:08:21.0078 5932 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
16:08:21.0406 5932 androidusb - ok
16:08:21.0484 5932 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:08:21.0500 5932 AntiVirSchedulerService - ok
16:08:21.0515 5932 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:08:21.0515 5932 AntiVirService - ok
16:08:21.0625 5932 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:08:21.0687 5932 AntiVirWebService - ok
16:08:21.0734 5932 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:08:21.0765 5932 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
16:08:21.0765 5932 AppMgmt - detected UnsignedFile.Multi.Generic (1)
16:08:21.0765 5932 asc - ok
16:08:21.0765 5932 asc3350p - ok
16:08:21.0765 5932 asc3550 - ok
16:08:21.0890 5932 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:08:21.0906 5932 aspnet_state - ok
16:08:21.0937 5932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:08:21.0953 5932 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
16:08:21.0953 5932 AsyncMac - detected UnsignedFile.Multi.Generic (1)
16:08:21.0984 5932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:08:21.0984 5932 atapi ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0000 5932 atapi - detected UnsignedFile.Multi.Generic (1)
16:08:22.0000 5932 Atdisk - ok
16:08:22.0015 5932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:08:22.0031 5932 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0031 5932 Atmarpc - detected UnsignedFile.Multi.Generic (1)
16:08:22.0046 5932 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:08:22.0062 5932 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0062 5932 AudioSrv - detected UnsignedFile.Multi.Generic (1)
16:08:22.0093 5932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:08:22.0109 5932 audstub ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0109 5932 audstub - detected UnsignedFile.Multi.Generic (1)
16:08:22.0140 5932 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:08:22.0156 5932 avgntflt - ok
16:08:22.0187 5932 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:08:22.0203 5932 avipbb - ok
16:08:22.0468 5932 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:08:22.0484 5932 avkmgr - ok
16:08:22.0484 5932 BDFsDrv - ok
16:08:22.0484 5932 BDRsDrv - ok
16:08:22.0515 5932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:08:22.0531 5932 Beep ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0531 5932 Beep - detected UnsignedFile.Multi.Generic (1)
16:08:22.0578 5932 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:08:22.0625 5932 BITS ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0625 5932 BITS - detected UnsignedFile.Multi.Generic (1)
16:08:22.0687 5932 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:08:22.0703 5932 Browser ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0703 5932 Browser - detected UnsignedFile.Multi.Generic (1)
16:08:22.0718 5932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:08:22.0734 5932 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0734 5932 cbidf2k - detected UnsignedFile.Multi.Generic (1)
16:08:22.0734 5932 cd20xrnt - ok
16:08:22.0750 5932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:08:22.0750 5932 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0750 5932 Cdaudio - detected UnsignedFile.Multi.Generic (1)
16:08:22.0765 5932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:08:22.0765 5932 Cdfs ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0765 5932 Cdfs - detected UnsignedFile.Multi.Generic (1)
16:08:22.0765 5932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:08:22.0781 5932 Cdrom ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0781 5932 Cdrom - detected UnsignedFile.Multi.Generic (1)
16:08:22.0781 5932 cerc6 - ok
16:08:22.0781 5932 Changer - ok
16:08:22.0812 5932 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:08:22.0812 5932 CiSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0812 5932 CiSvc - detected UnsignedFile.Multi.Generic (1)
16:08:22.0812 5932 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:08:22.0828 5932 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0828 5932 ClipSrv - detected UnsignedFile.Multi.Generic (1)
16:08:22.0843 5932 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:22.0875 5932 clr_optimization_v2.0.50727_32 - ok
16:08:22.0875 5932 CmdIde - ok
16:08:22.0890 5932 COMSysApp - ok
16:08:22.0890 5932 Cpqarray - ok
16:08:22.0921 5932 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:08:22.0937 5932 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:22.0937 5932 CryptSvc - detected UnsignedFile.Multi.Generic (1)
16:08:22.0968 5932 Cwbrxd (2f653567c894d155c5b4559d0442da0c) C:\WINDOWS\CWBRXD.EXE
16:08:23.0312 5932 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0312 5932 Cwbrxd - detected UnsignedFile.Multi.Generic (1)
16:08:23.0312 5932 dac2w2k - ok
16:08:23.0312 5932 dac960nt - ok
16:08:23.0375 5932 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:08:23.0375 5932 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0375 5932 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
16:08:23.0421 5932 dg_ssudbus (aeb179b855161ec9c88172abc75ad0ef) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:08:23.0437 5932 dg_ssudbus - ok
16:08:23.0468 5932 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:08:23.0484 5932 Dhcp ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0484 5932 Dhcp - detected UnsignedFile.Multi.Generic (1)
16:08:23.0531 5932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:08:23.0531 5932 Disk ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0531 5932 Disk - detected UnsignedFile.Multi.Generic (1)
16:08:23.0531 5932 dmadmin - ok
16:08:23.0593 5932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:08:23.0640 5932 dmboot ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0640 5932 dmboot - detected UnsignedFile.Multi.Generic (1)
16:08:23.0687 5932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:08:23.0687 5932 dmio ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0687 5932 dmio - detected UnsignedFile.Multi.Generic (1)
16:08:23.0703 5932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:08:23.0718 5932 dmload ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0718 5932 dmload - detected UnsignedFile.Multi.Generic (1)
16:08:23.0765 5932 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:08:23.0765 5932 dmserver ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0765 5932 dmserver - detected UnsignedFile.Multi.Generic (1)
16:08:23.0796 5932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:08:23.0812 5932 DMusic ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0812 5932 DMusic - detected UnsignedFile.Multi.Generic (1)
16:08:23.0843 5932 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:08:23.0859 5932 Dnscache ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0859 5932 Dnscache - detected UnsignedFile.Multi.Generic (1)
16:08:23.0890 5932 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:08:23.0906 5932 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0906 5932 Dot3svc - detected UnsignedFile.Multi.Generic (1)
16:08:23.0906 5932 dpti2o - ok
16:08:23.0921 5932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:08:23.0921 5932 drmkaud ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0921 5932 drmkaud - detected UnsignedFile.Multi.Generic (1)
16:08:23.0937 5932 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:08:23.0953 5932 EapHost ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0953 5932 EapHost - detected UnsignedFile.Multi.Generic (1)
16:08:23.0968 5932 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:08:23.0984 5932 ERSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:23.0984 5932 ERSvc - detected UnsignedFile.Multi.Generic (1)
16:08:24.0031 5932 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:08:24.0062 5932 Eventlog ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0062 5932 Eventlog - detected UnsignedFile.Multi.Generic (1)
16:08:24.0078 5932 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:08:24.0093 5932 EventSystem ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0093 5932 EventSystem - detected UnsignedFile.Multi.Generic (1)
16:08:24.0125 5932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:08:24.0140 5932 Fastfat ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0140 5932 Fastfat - detected UnsignedFile.Multi.Generic (1)
16:08:24.0187 5932 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:08:24.0218 5932 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0218 5932 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
16:08:24.0281 5932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:08:24.0281 5932 Fdc ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0281 5932 Fdc - detected UnsignedFile.Multi.Generic (1)
16:08:24.0296 5932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:08:24.0296 5932 Fips ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0296 5932 Fips - detected UnsignedFile.Multi.Generic (1)
16:08:24.0296 5932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:08:24.0312 5932 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0312 5932 Flpydisk - detected UnsignedFile.Multi.Generic (1)
16:08:24.0343 5932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:08:24.0343 5932 FltMgr ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0343 5932 FltMgr - detected UnsignedFile.Multi.Generic (1)
16:08:24.0421 5932 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:08:24.0421 5932 FontCache3.0.0.0 - ok
16:08:24.0468 5932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:08:24.0468 5932 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0468 5932 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
16:08:24.0484 5932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:08:24.0484 5932 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0484 5932 Ftdisk - detected UnsignedFile.Multi.Generic (1)
16:08:24.0515 5932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:08:24.0515 5932 Gpc ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0515 5932 Gpc - detected UnsignedFile.Multi.Generic (1)
16:08:24.0546 5932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:08:24.0562 5932 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0562 5932 HDAudBus - detected UnsignedFile.Multi.Generic (1)
16:08:24.0625 5932 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:08:24.0640 5932 helpsvc ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0640 5932 helpsvc - detected UnsignedFile.Multi.Generic (1)
16:08:24.0640 5932 HidServ - ok
16:08:24.0671 5932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:08:24.0687 5932 hidusb ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0687 5932 hidusb - detected UnsignedFile.Multi.Generic (1)
16:08:24.0734 5932 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:08:24.0750 5932 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0750 5932 hkmsvc - detected UnsignedFile.Multi.Generic (1)
16:08:24.0750 5932 hpn - ok
16:08:24.0812 5932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:08:24.0812 5932 HTTP ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0812 5932 HTTP - detected UnsignedFile.Multi.Generic (1)
16:08:24.0828 5932 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:08:24.0843 5932 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0843 5932 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
16:08:24.0843 5932 i2omgmt - ok
16:08:24.0843 5932 i2omp - ok
16:08:24.0906 5932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:08:24.0906 5932 i8042prt ( UnsignedFile.Multi.Generic ) - warning
16:08:24.0906 5932 i8042prt - detected UnsignedFile.Multi.Generic (1)
16:08:25.0203 5932 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:08:25.0437 5932 ialm ( UnsignedFile.Multi.Generic ) - warning
16:08:25.0437 5932 ialm - detected UnsignedFile.Multi.Generic (1)
16:08:25.0578 5932 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:08:25.0750 5932 idsvc - ok
16:08:25.0843 5932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:08:25.0843 5932 Imapi ( UnsignedFile.Multi.Generic ) - warning
16:08:25.0843 5932 Imapi - detected UnsignedFile.Multi.Generic (1)
16:08:25.0937 5932 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:08:25.0937 5932 ImapiService ( UnsignedFile.Multi.Generic ) - warning
16:08:25.0937 5932 ImapiService - detected UnsignedFile.Multi.Generic (1)
16:08:25.0953 5932 ini910u - ok
16:08:25.0953 5932 IntelIde - ok
16:08:26.0000 5932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:08:26.0000 5932 intelppm ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0000 5932 intelppm - detected UnsignedFile.Multi.Generic (1)
16:08:26.0031 5932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:08:26.0031 5932 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0031 5932 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
16:08:26.0062 5932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:08:26.0062 5932 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0062 5932 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
16:08:26.0062 5932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:08:26.0078 5932 IpInIp ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0078 5932 IpInIp - detected UnsignedFile.Multi.Generic (1)
16:08:26.0093 5932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:08:26.0093 5932 IpNat ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0093 5932 IpNat - detected UnsignedFile.Multi.Generic (1)
16:08:26.0140 5932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:08:26.0140 5932 IPSec ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0140 5932 IPSec - detected UnsignedFile.Multi.Generic (1)
16:08:26.0171 5932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:08:26.0171 5932 IRENUM ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0171 5932 IRENUM - detected UnsignedFile.Multi.Generic (1)
16:08:26.0203 5932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:08:26.0203 5932 isapnp ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0203 5932 isapnp - detected UnsignedFile.Multi.Generic (1)
16:08:26.0312 5932 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
16:08:26.0328 5932 JavaQuickStarterService - ok
16:08:26.0375 5932 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
16:08:26.0375 5932 k57w2k ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0375 5932 k57w2k - detected UnsignedFile.Multi.Generic (1)
16:08:26.0421 5932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:08:26.0421 5932 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0421 5932 Kbdclass - detected UnsignedFile.Multi.Generic (1)
16:08:26.0421 5932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:08:26.0437 5932 kbdhid ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0437 5932 kbdhid - detected UnsignedFile.Multi.Generic (1)
16:08:26.0453 5932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:08:26.0453 5932 kmixer ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0453 5932 kmixer - detected UnsignedFile.Multi.Generic (1)
16:08:26.0484 5932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:08:26.0500 5932 KSecDD ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0500 5932 KSecDD - detected UnsignedFile.Multi.Generic (1)
16:08:26.0531 5932 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:08:26.0546 5932 LanmanServer ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0546 5932 LanmanServer - detected UnsignedFile.Multi.Generic (1)
16:08:26.0609 5932 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:08:26.0625 5932 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0625 5932 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
16:08:26.0625 5932 lbrtfdc - ok
16:08:26.0671 5932 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:08:26.0671 5932 LmHosts ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0671 5932 LmHosts - detected UnsignedFile.Multi.Generic (1)
16:08:26.0687 5932 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:08:26.0703 5932 Messenger ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0703 5932 Messenger - detected UnsignedFile.Multi.Generic (1)
16:08:26.0734 5932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:08:26.0734 5932 mnmdd ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0734 5932 mnmdd - detected UnsignedFile.Multi.Generic (1)
16:08:26.0765 5932 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:08:26.0781 5932 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0781 5932 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
16:08:26.0781 5932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:08:26.0796 5932 Modem ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0796 5932 Modem - detected UnsignedFile.Multi.Generic (1)
16:08:26.0812 5932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:08:26.0812 5932 Mouclass ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0812 5932 Mouclass - detected UnsignedFile.Multi.Generic (1)
16:08:26.0843 5932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:08:26.0843 5932 mouhid ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0843 5932 mouhid - detected UnsignedFile.Multi.Generic (1)
16:08:26.0843 5932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:08:26.0843 5932 MountMgr ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0843 5932 MountMgr - detected UnsignedFile.Multi.Generic (1)
16:08:26.0875 5932 MP4ConverterAudio (60a99ef04ec0afa0c44cdaae851b1dda) C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys
16:08:26.0890 5932 MP4ConverterAudio - ok
16:08:26.0890 5932 mraid35x - ok
16:08:26.0906 5932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:08:26.0906 5932 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0906 5932 MRxDAV - detected UnsignedFile.Multi.Generic (1)
16:08:26.0953 5932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:08:26.0968 5932 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
16:08:26.0968 5932 MRxSmb - detected UnsignedFile.Multi.Generic (1)
16:08:27.0000 5932 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:08:27.0000 5932 MSDTC ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0000 5932 MSDTC - detected UnsignedFile.Multi.Generic (1)
16:08:27.0031 5932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:08:27.0031 5932 Msfs ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0031 5932 Msfs - detected UnsignedFile.Multi.Generic (1)
16:08:27.0046 5932 MSIServer - ok
16:08:27.0062 5932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:08:27.0062 5932 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0062 5932 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
16:08:27.0078 5932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:08:27.0078 5932 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0078 5932 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
16:08:27.0093 5932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:08:27.0093 5932 MSPQM ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0093 5932 MSPQM - detected UnsignedFile.Multi.Generic (1)
16:08:27.0125 5932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:08:27.0125 5932 mssmbios ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0125 5932 mssmbios - detected UnsignedFile.Multi.Generic (1)
16:08:27.0156 5932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:08:27.0156 5932 Mup ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0156 5932 Mup - detected UnsignedFile.Multi.Generic (1)
16:08:27.0203 5932 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:08:27.0218 5932 napagent ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0218 5932 napagent - detected UnsignedFile.Multi.Generic (1)
16:08:27.0234 5932 NBService - ok
16:08:27.0250 5932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:08:27.0265 5932 NDIS ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0265 5932 NDIS - detected UnsignedFile.Multi.Generic (1)
16:08:27.0296 5932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:08:27.0296 5932 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0296 5932 NdisTapi - detected UnsignedFile.Multi.Generic (1)
16:08:27.0343 5932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:08:27.0343 5932 NdisWan ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0343 5932 NdisWan - detected UnsignedFile.Multi.Generic (1)
16:08:27.0359 5932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:08:27.0375 5932 NDProxy ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0375 5932 NDProxy - detected UnsignedFile.Multi.Generic (1)
16:08:27.0390 5932 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
16:08:27.0406 5932 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0406 5932 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:08:27.0437 5932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:08:27.0453 5932 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0453 5932 NetBIOS - detected UnsignedFile.Multi.Generic (1)
16:08:27.0453 5932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:08:27.0468 5932 NetBT ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0468 5932 NetBT - detected UnsignedFile.Multi.Generic (1)
16:08:27.0500 5932 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:08:27.0515 5932 NetDDE ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0515 5932 NetDDE - detected UnsignedFile.Multi.Generic (1)
16:08:27.0515 5932 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:08:27.0546 5932 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0546 5932 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
16:08:27.0593 5932 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:08:27.0593 5932 Netlogon ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0593 5932 Netlogon - detected UnsignedFile.Multi.Generic (1)
16:08:27.0609 5932 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:08:27.0625 5932 Netman ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0625 5932 Netman - detected UnsignedFile.Multi.Generic (1)
16:08:27.0703 5932 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:27.0750 5932 NetTcpPortSharing - ok
16:08:27.0796 5932 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:08:27.0796 5932 Nla ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0796 5932 Nla - detected UnsignedFile.Multi.Generic (1)
16:08:27.0859 5932 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:08:27.0890 5932 NMIndexingService - ok
16:08:27.0906 5932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:08:27.0906 5932 Npfs ( UnsignedFile.Multi.Generic ) - warning
16:08:27.0906 5932 Npfs - detected UnsignedFile.Multi.Generic (1)
16:08:28.0000 5932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:08:28.0031 5932 Ntfs ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0031 5932 Ntfs - detected UnsignedFile.Multi.Generic (1)
16:08:28.0062 5932 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:08:28.0062 5932 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0062 5932 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
16:08:28.0093 5932 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:08:28.0109 5932 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0109 5932 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
16:08:28.0140 5932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:08:28.0140 5932 Null ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0140 5932 Null - detected UnsignedFile.Multi.Generic (1)
16:08:28.0171 5932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:08:28.0171 5932 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0171 5932 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
16:08:28.0187 5932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:08:28.0187 5932 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0187 5932 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
16:08:28.0281 5932 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:08:28.0296 5932 odserv - ok
16:08:28.0343 5932 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:28.0359 5932 ose - ok
16:08:28.0390 5932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:08:28.0390 5932 Parport ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0390 5932 Parport - detected UnsignedFile.Multi.Generic (1)
16:08:28.0406 5932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:08:28.0406 5932 PartMgr ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0406 5932 PartMgr - detected UnsignedFile.Multi.Generic (1)
16:08:28.0453 5932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:08:28.0453 5932 ParVdm ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0453 5932 ParVdm - detected UnsignedFile.Multi.Generic (1)
16:08:28.0484 5932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:08:28.0500 5932 PCI ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0500 5932 PCI - detected UnsignedFile.Multi.Generic (1)
16:08:28.0500 5932 PCIDump - ok
16:08:28.0515 5932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:08:28.0515 5932 PCIIde ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0515 5932 PCIIde - detected UnsignedFile.Multi.Generic (1)
16:08:28.0546 5932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:08:28.0546 5932 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0546 5932 Pcmcia - detected UnsignedFile.Multi.Generic (1)
16:08:28.0562 5932 PDCOMP - ok
16:08:28.0562 5932 PDFRAME - ok
16:08:28.0562 5932 PDRELI - ok
16:08:28.0562 5932 PDRFRAME - ok
16:08:28.0578 5932 perc2 - ok
16:08:28.0578 5932 perc2hib - ok
16:08:28.0625 5932 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:08:28.0640 5932 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0640 5932 PlugPlay - detected UnsignedFile.Multi.Generic (1)
16:08:28.0671 5932 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
16:08:28.0671 5932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0671 5932 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:08:28.0718 5932 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:08:28.0718 5932 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0718 5932 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
16:08:28.0718 5932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:08:28.0734 5932 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0734 5932 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
16:08:28.0734 5932 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:08:28.0734 5932 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0734 5932 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
16:08:28.0750 5932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:08:28.0750 5932 PSched ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0750 5932 PSched - detected UnsignedFile.Multi.Generic (1)
16:08:28.0843 5932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:08:28.0859 5932 Ptilink ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0859 5932 Ptilink - detected UnsignedFile.Multi.Generic (1)
16:08:28.0859 5932 ql1080 - ok
16:08:28.0859 5932 Ql10wnt - ok
16:08:28.0859 5932 ql12160 - ok
16:08:28.0875 5932 ql1240 - ok
16:08:28.0875 5932 ql1280 - ok
16:08:28.0875 5932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:08:28.0875 5932 RasAcd ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0875 5932 RasAcd - detected UnsignedFile.Multi.Generic (1)
16:08:28.0921 5932 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:08:28.0921 5932 RasAuto ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0921 5932 RasAuto - detected UnsignedFile.Multi.Generic (1)
16:08:28.0953 5932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:08:28.0968 5932 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
16:08:28.0968 5932 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
16:08:28.0984 5932 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:08:29.0000 5932 RasMan ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0000 5932 RasMan - detected UnsignedFile.Multi.Generic (1)
16:08:29.0000 5932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:08:29.0015 5932 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0015 5932 RasPppoe - detected UnsignedFile.Multi.Generic (1)
16:08:29.0015 5932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:08:29.0015 5932 Raspti ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0015 5932 Raspti - detected UnsignedFile.Multi.Generic (1)
16:08:29.0062 5932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:08:29.0062 5932 Rdbss ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0062 5932 Rdbss - detected UnsignedFile.Multi.Generic (1)
16:08:29.0062 5932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:08:29.0078 5932 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0078 5932 RDPCDD - detected UnsignedFile.Multi.Generic (1)
16:08:29.0109 5932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:08:29.0125 5932 rdpdr ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0125 5932 rdpdr - detected UnsignedFile.Multi.Generic (1)
16:08:29.0156 5932 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:08:29.0218 5932 RDPWD - ok
16:08:29.0234 5932 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:08:29.0250 5932 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0250 5932 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
16:08:29.0281 5932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:08:29.0281 5932 redbook ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0281 5932 redbook - detected UnsignedFile.Multi.Generic (1)
16:08:29.0312 5932 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:08:29.0312 5932 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0312 5932 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
16:08:29.0343 5932 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:08:29.0359 5932 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0359 5932 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
16:08:29.0390 5932 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:08:29.0406 5932 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0406 5932 RpcLocator - detected UnsignedFile.Multi.Generic (1)
16:08:29.0437 5932 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:08:29.0453 5932 RpcSs ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0453 5932 RpcSs - detected UnsignedFile.Multi.Generic (1)
16:08:29.0484 5932 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:08:29.0484 5932 RSVP ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0484 5932 RSVP - detected UnsignedFile.Multi.Generic (1)
16:08:29.0531 5932 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:08:29.0531 5932 SamSs ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0531 5932 SamSs - detected UnsignedFile.Multi.Generic (1)
16:08:29.0562 5932 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:08:29.0578 5932 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0578 5932 SCardSvr - detected UnsignedFile.Multi.Generic (1)
16:08:29.0718 5932 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:08:29.0734 5932 Schedule ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0734 5932 Schedule - detected UnsignedFile.Multi.Generic (1)
16:08:29.0765 5932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:08:29.0765 5932 Secdrv ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0765 5932 Secdrv - detected UnsignedFile.Multi.Generic (1)
16:08:29.0796 5932 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:08:29.0796 5932 seclogon ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0796 5932 seclogon - detected UnsignedFile.Multi.Generic (1)
16:08:29.0812 5932 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:08:29.0812 5932 SENS ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0812 5932 SENS - detected UnsignedFile.Multi.Generic (1)
16:08:29.0828 5932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:08:29.0828 5932 serenum ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0828 5932 serenum - detected UnsignedFile.Multi.Generic (1)
16:08:29.0843 5932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:08:29.0843 5932 Serial ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0843 5932 Serial - detected UnsignedFile.Multi.Generic (1)
16:08:29.0890 5932 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
16:08:29.0890 5932 SFAUDIO ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0890 5932 SFAUDIO - detected UnsignedFile.Multi.Generic (1)
16:08:29.0906 5932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:08:29.0921 5932 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0921 5932 Sfloppy - detected UnsignedFile.Multi.Generic (1)
16:08:29.0953 5932 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:08:29.0953 5932 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
16:08:29.0953 5932 SharedAccess - detected UnsignedFile.Multi.Generic (1)
16:08:30.0031 5932 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:08:30.0046 5932 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0046 5932 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
16:08:30.0046 5932 Simbad - ok
16:08:30.0046 5932 Sparrow - ok
16:08:30.0093 5932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:08:30.0109 5932 splitter ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0109 5932 splitter - detected UnsignedFile.Multi.Generic (1)
16:08:30.0171 5932 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:08:30.0171 5932 Spooler ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0171 5932 Spooler - detected UnsignedFile.Multi.Generic (1)
16:08:30.0265 5932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:08:30.0265 5932 sr ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0265 5932 sr - detected UnsignedFile.Multi.Generic (1)
16:08:30.0312 5932 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:08:30.0328 5932 srservice ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0328 5932 srservice - detected UnsignedFile.Multi.Generic (1)
16:08:30.0359 5932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:08:30.0359 5932 Srv ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0359 5932 Srv - detected UnsignedFile.Multi.Generic (1)
16:08:30.0390 5932 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
16:08:30.0437 5932 ssadbus - ok
16:08:30.0468 5932 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:08:30.0484 5932 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0484 5932 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
16:08:30.0500 5932 ssudmdm (6c0cc5868f99064516fb9f82563a02ea) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:08:30.0515 5932 ssudmdm - ok
16:08:30.0562 5932 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:08:30.0578 5932 stisvc ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0578 5932 stisvc - detected UnsignedFile.Multi.Generic (1)
16:08:30.0656 5932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:08:30.0656 5932 swenum ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0656 5932 swenum - detected UnsignedFile.Multi.Generic (1)
16:08:30.0718 5932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:08:30.0734 5932 swmidi ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0734 5932 swmidi - detected UnsignedFile.Multi.Generic (1)
16:08:30.0734 5932 SwPrv - ok
16:08:30.0734 5932 symc810 - ok
16:08:30.0750 5932 symc8xx - ok
16:08:30.0750 5932 sym_hi - ok
16:08:30.0750 5932 sym_u3 - ok
16:08:30.0843 5932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:08:30.0859 5932 sysaudio ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0859 5932 sysaudio - detected UnsignedFile.Multi.Generic (1)
16:08:30.0890 5932 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:08:30.0890 5932 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0890 5932 SysmonLog - detected UnsignedFile.Multi.Generic (1)
16:08:30.0921 5932 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:08:30.0937 5932 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
16:08:30.0937 5932 TapiSrv - detected UnsignedFile.Multi.Generic (1)
16:08:30.0968 5932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:08:31.0000 5932 Tcpip ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0000 5932 Tcpip - detected UnsignedFile.Multi.Generic (1)
16:08:31.0046 5932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:08:31.0062 5932 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0078 5932 TDPIPE - detected UnsignedFile.Multi.Generic (1)
16:08:31.0078 5932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:08:31.0093 5932 TDTCP ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0093 5932 TDTCP - detected UnsignedFile.Multi.Generic (1)
16:08:31.0125 5932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:08:31.0125 5932 TermDD ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0125 5932 TermDD - detected UnsignedFile.Multi.Generic (1)
16:08:31.0156 5932 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:08:31.0171 5932 TermService ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0171 5932 TermService - detected UnsignedFile.Multi.Generic (1)
16:08:31.0203 5932 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:08:31.0218 5932 Themes ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0218 5932 Themes - detected UnsignedFile.Multi.Generic (1)
16:08:31.0250 5932 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:08:31.0250 5932 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0250 5932 TlntSvr - detected UnsignedFile.Multi.Generic (1)
16:08:31.0250 5932 TosIde - ok
16:08:31.0296 5932 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:08:31.0296 5932 TrkWks ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0296 5932 TrkWks - detected UnsignedFile.Multi.Generic (1)
16:08:31.0312 5932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:08:31.0328 5932 Udfs ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0328 5932 Udfs - detected UnsignedFile.Multi.Generic (1)
16:08:31.0328 5932 ultra - ok
16:08:31.0390 5932 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:08:31.0406 5932 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0406 5932 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:08:31.0453 5932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:08:31.0468 5932 Update ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0468 5932 Update - detected UnsignedFile.Multi.Generic (1)
16:08:31.0500 5932 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:08:31.0515 5932 upnphost ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0515 5932 upnphost - detected UnsignedFile.Multi.Generic (1)
16:08:31.0531 5932 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:08:31.0546 5932 UPS ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0546 5932 UPS - detected UnsignedFile.Multi.Generic (1)
16:08:31.0562 5932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:08:31.0578 5932 usbccgp ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0578 5932 usbccgp - detected UnsignedFile.Multi.Generic (1)
16:08:31.0609 5932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:08:31.0609 5932 usbehci ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0609 5932 usbehci - detected UnsignedFile.Multi.Generic (1)
16:08:31.0687 5932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:08:31.0703 5932 usbhub ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0703 5932 usbhub - detected UnsignedFile.Multi.Generic (1)
16:08:31.0734 5932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:08:31.0734 5932 usbscan ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0734 5932 usbscan - detected UnsignedFile.Multi.Generic (1)
16:08:31.0765 5932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:08:31.0781 5932 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0781 5932 USBSTOR - detected UnsignedFile.Multi.Generic (1)
16:08:31.0812 5932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:08:31.0812 5932 usbuhci ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0812 5932 usbuhci - detected UnsignedFile.Multi.Generic (1)
16:08:31.0859 5932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:08:31.0859 5932 VgaSave ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0859 5932 VgaSave - detected UnsignedFile.Multi.Generic (1)
16:08:31.0875 5932 ViaIde - ok
16:08:31.0890 5932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:08:31.0890 5932 VolSnap ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0890 5932 VolSnap - detected UnsignedFile.Multi.Generic (1)
16:08:31.0921 5932 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:08:31.0937 5932 VSS ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0937 5932 VSS - detected UnsignedFile.Multi.Generic (1)
16:08:31.0968 5932 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:08:31.0984 5932 W32Time ( UnsignedFile.Multi.Generic ) - warning
16:08:31.0984 5932 W32Time - detected UnsignedFile.Multi.Generic (1)
16:08:31.0984 5932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:08:32.0000 5932 Wanarp ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0000 5932 Wanarp - detected UnsignedFile.Multi.Generic (1)
16:08:32.0046 5932 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:08:32.0078 5932 Wdf01000 - ok
16:08:32.0078 5932 WDICA - ok
16:08:32.0125 5932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:08:32.0140 5932 wdmaud ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0140 5932 wdmaud - detected UnsignedFile.Multi.Generic (1)
16:08:32.0171 5932 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:08:32.0187 5932 WebClient ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0187 5932 WebClient - detected UnsignedFile.Multi.Generic (1)
16:08:32.0250 5932 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:08:32.0250 5932 winmgmt ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0250 5932 winmgmt - detected UnsignedFile.Multi.Generic (1)
16:08:32.0375 5932 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
16:08:32.0406 5932 WinVNC4 - ok
16:08:32.0437 5932 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:08:32.0437 5932 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0437 5932 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
16:08:32.0640 5932 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:08:32.0671 5932 Wmi ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0671 5932 Wmi - detected UnsignedFile.Multi.Generic (1)
16:08:32.0703 5932 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:08:32.0718 5932 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0718 5932 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
16:08:32.0781 5932 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:08:32.0875 5932 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0875 5932 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
16:08:32.0968 5932 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:08:32.0984 5932 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
16:08:32.0984 5932 WpdUsb - detected UnsignedFile.Multi.Generic (1)
16:08:33.0203 5932 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:08:33.0218 5932 wscsvc ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0218 5932 wscsvc - detected UnsignedFile.Multi.Generic (1)
16:08:33.0281 5932 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:08:33.0281 5932 wuauserv ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0281 5932 wuauserv - detected UnsignedFile.Multi.Generic (1)
16:08:33.0312 5932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:08:33.0328 5932 WudfPf ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0328 5932 WudfPf - detected UnsignedFile.Multi.Generic (1)
16:08:33.0343 5932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:08:33.0359 5932 WudfRd ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0359 5932 WudfRd - detected UnsignedFile.Multi.Generic (1)
16:08:33.0375 5932 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:08:33.0390 5932 WudfSvc ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0390 5932 WudfSvc - detected UnsignedFile.Multi.Generic (1)
16:08:33.0421 5932 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:08:33.0437 5932 xmlprov ( UnsignedFile.Multi.Generic ) - warning
16:08:33.0437 5932 xmlprov - detected UnsignedFile.Multi.Generic (1)
16:08:33.0453 5932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:08:33.0890 5932 \Device\Harddisk0\DR0 - ok
16:08:33.0890 5932 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
16:08:35.0000 5932 \Device\Harddisk1\DR3 - ok
16:08:35.0000 5932 Boot (0x1200) (1baf71cbee3da3530f200ebe3e3012f9) \Device\Harddisk0\DR0\Partition0
16:08:35.0015 5932 \Device\Harddisk0\DR0\Partition0 - ok
16:08:35.0015 5932 Boot (0x1200) (f6e2430a0fc55e45c06fcea0f5c3b610) \Device\Harddisk0\DR0\Partition1
16:08:35.0015 5932 \Device\Harddisk0\DR0\Partition1 - ok
16:08:35.0015 5932 Boot (0x1200) (0a07f6bda363a63132ecd374668241f4) \Device\Harddisk1\DR3\Partition0
16:08:35.0015 5932 \Device\Harddisk1\DR3\Partition0 - ok
16:08:35.0015 5932 ============================================================
16:08:35.0015 5932 Scan finished
16:08:35.0015 5932 ============================================================
16:08:35.0125 1804 Detected object count: 201
16:08:35.0125 1804 Actual detected object count: 201
16:13:10.0828 1804 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 aec ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0828 1804 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0828 1804 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0843 1804 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0843 1804 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0859 1804 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0859 1804 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0875 1804 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0875 1804 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0890 1804 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0890 1804 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 k57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 k57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0906 1804 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0906 1804 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0921 1804 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0921 1804 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0937 1804 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0937 1804 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0953 1804 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0953 1804 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 Null ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0968 1804 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0968 1804 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:10.0984 1804 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:10.0984 1804 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0000 1804 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0000 1804 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 SFAUDIO ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 SFAUDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0015 1804 sr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0015 1804 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0031 1804 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0031 1804 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 Update ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0046 1804 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0046 1804 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0062 1804 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0062 1804 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:11.0078 1804 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:11.0078 1804 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:13.0875 1448 Deinitialize success

#11
maliprog

Posted 02 August 2012 - 04:54 AM

Trusted Helper

Malware Removal
6,172 posts

Let's fix that error. Also, test your system after this step and tell me what problems do you have now?

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Files
C:\WINDOWS\System32\rundll32.exe|C:\_OTL\MovedFiles\08022012_085811\C_windows\system32\rundll32.exe /replace
C:\WINDOWS\System32\cmd.exe|C:\_OTL\MovedFiles\08022012_085811\C_windows\system32\cmd.exe /replace

:Commands
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

#12
techgeek37

Posted 03 August 2012 - 02:03 AM

Member

Topic Starter
Member
21 posts

hi maliprog!

,thank you very much for your help .. i think the viruses has been swiped away from my pc...by the way the error i mention before have been fix...i did not find any more error for the moment...and i want to ask if your solution here can be used on my another pc? here is the OTL results ...

========== OTL ==========
========== FILES ==========
File C:\WINDOWS\System32\rundll32.exe successfully replaced with C:\_OTL\MovedFiles\08022012_085811\C_windows\system32\rundll32.exe
File C:\WINDOWS\System32\cmd.exe successfully replaced with C:\_OTL\MovedFiles\08022012_085811\C_windows\system32\cmd.exe
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_155423

#13
maliprog

Posted 03 August 2012 - 03:46 AM

Trusted Helper

Malware Removal
6,172 posts

and i want to ask if your solution here can be used on my another pc? here is the OTL results ...

NO! Every fix is specific for this system only. Let's finish this one first and I'll help you with another here in this thread. Just tell me when you finish this last few steps.

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

#14
maliprog

Posted 06 August 2012 - 03:29 AM

Trusted Helper

Malware Removal
6,172 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

#15
techgeek37

Posted 06 August 2012 - 11:00 PM

Member

Topic Starter
Member
21 posts

good day maliprog, sorry for the late reply...here is the OTL results...

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Rony@
->Temp folder emptied: 371988 bytes
->Temporary Internet Files folder emptied: 5290983 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7518883 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb

HOSTS file reset successfully
Unable to stop System Restore Service. Error code 1722. Restore points not cleared.
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08072012_124623

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...