Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect bug!


  • Please log in to reply

#1
crossbow66

crossbow66

    Member

  • Member
  • PipPip
  • 55 posts
I have caught that Google/Bing/Altavista redirect virus :angry: .

I have used Malwarebytes, TDSSKiller, Microsoft Malicious Removal Tool,Trend Micro Virus Remover, Ad-Aware,Spybot S&D, OTM, DDS, HiJack This,Superantispyware,UnhackMe, Goored Fix, and ComboFix. None worked. Can anyone here help?

Here's the OTR log:

OTL logfile created on: 9/13/2012 7:55:19 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.60% Memory free
5.19 Gb Paging File | 4.02 Gb Available in Paging File | 77.48% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.88 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 448.90 Gb Free Space | 32.13% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/10 12:59:18 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2012/09/06 16:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/06 20:05:41 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.0\system32\java.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2008/02/18 15:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 15:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/13 07:38:36 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/13 07:38:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/11 08:08:14 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/11 08:08:14 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/08/15 09:05:33 | 009,465,032 | ---- | M] () -- C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 22:36:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 22:32:15 | 000,141,312 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,712 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,200 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 23:10:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 23:10:10 | 000,015,872 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/04/18 05:30:43 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
MOD - [2004/11/17 17:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (94865510)
DRV - [2012/09/13 07:35:05 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\WINDOWS.0\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/10 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/12 14:04:06 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 07:55:01 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\OTL.com
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 15:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/10 13:44:50 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:45 | 000,039,184 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:41 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\UnHackMe
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Documents\regruninfo
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2012/08/14 19:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Nik Software
[2012/08/14 19:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nik Software
[2012/08/14 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012/08/14 19:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SilverEfexPro2

========== Files - Modified Within 30 Days ==========

[2012/09/13 08:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\OTL.com
[2012/09/13 07:38:07 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/13 07:37:33 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 07:37:33 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/13 07:37:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/13 07:35:05 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/13 07:34:57 | 000,000,350 | ---- | M] () -- C:\WINDOWS.0\tasks\WSTAT.job
[2012/09/13 07:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/13 07:34:31 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 22:05:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:04:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.wav
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:12:06 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.wav
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:45 | 000,039,184 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2012/08/16 02:20:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2012/08/15 09:05:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerApp.exe
[2012/08/15 09:05:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2012/08/14 11:01:44 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:13:28 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.wav
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:12:03 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.wav
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/05 23:12:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS.0\System32\jgsh400F.dll
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1258 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ
@Alternate Data Stream - 1186 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE
@Alternate Data Stream - 1048 bytes -> C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Download, Save and Run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Post your Combofix, TDSSKiller, MBAM logs


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

How do you connect to the Internet? Do you have router and a separate DSL or Cable Modem? Does your router still have the default password? Do you use wireless? Is it encrypted? IF so WEP or WPA/WPA2?


Ron
  • 0

#3
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ron,

Boy, am I glad to hear from you!! I followed your directions, and I'm going to post the logs I have obtained from all of those apps:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 16:54:11
-----------------------------
16:54:11.187 OS Version: Windows 5.1.2600 Service Pack 3
16:54:11.187 Number of processors: 2 586 0x170A
16:54:11.187 ComputerName: MARK-59C0B947BC UserName:
16:54:11.531 Initialize success
16:56:48.937 AVAST engine defs: 12091400
16:57:03.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:57:03.859 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
16:57:03.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1c
16:57:03.859 Disk 1 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610479MB BusType: 3
16:57:03.859 Disk 0 MBR read successfully
16:57:03.859 Disk 0 MBR scan
16:57:03.890 Disk 0 Windows XP default MBR code
16:57:03.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 63
16:57:03.890 Disk 0 scanning sectors +586067265
16:57:03.937 Disk 0 scanning C:\WINDOWS.0\system32\drivers
16:57:07.437 Service scanning
16:57:16.703 Modules scanning
16:57:20.609 AVAST engine scan C:\WINDOWS.0
16:57:25.078 AVAST engine scan C:\WINDOWS.0\system32
16:57:39.718 File: C:\WINDOWS.0\system32\jgsh400F.dll **INFECTED** Win32:Malware-gen
16:58:29.656 AVAST engine scan C:\WINDOWS.0\system32\drivers
16:58:34.625 AVAST engine scan C:\Documents and Settings\Mark V. Sanderford
17:08:01.015 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS.0
17:09:14.828 Scan finished successfully
17:14:38.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat"
17:14:38.906 The log file has been saved successfully to "C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR log.txt"


Farbar Service Scanner Version: 06-08-2012
Ran by Mark V. Sanderford (administrator) on 14-09-2012 at 17:15:26
Running from "C:\Documents and Settings\Mark V. Sanderford\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS.0\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS.0\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS.0\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS.0\system32\netman.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\srsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS.0\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS.0\system32\qmgr.dll => MD5 is legit
C:\WINDOWS.0\system32\es.dll => MD5 is legit
C:\WINDOWS.0\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000056000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Mark V. Sanderford (administrator) on 14-09-2012 at 17:15:26
Running from "C:\Documents and Settings\Mark V. Sanderford\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS.0\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS.0\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS.0\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS.0\system32\netman.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\srsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS.0\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS.0\system32\qmgr.dll => MD5 is legit
C:\WINDOWS.0\system32\es.dll => MD5 is legit
C:\WINDOWS.0\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000056000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

OTL logfile created on: 9/14/2012 8:12:51 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 59.57% Memory free
5.19 Gb Paging File | 3.62 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.39 Gb Free Space | 42.01% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
PRC - [2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/10 12:59:18 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2012/09/06 16:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/08/16 10:59:18 | 002,196,040 | ---- | M] (MediaFire LLC) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe
PRC - [2012/08/16 10:58:17 | 002,019,400 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_status.exe
PRC - [2012/08/16 10:55:56 | 003,032,136 | ---- | M] (MediaFire) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_services.exe
PRC - [2012/08/16 10:51:25 | 002,019,400 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_daemon.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/06 20:05:41 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.0\system32\java.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2008/02/18 15:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 15:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/14 15:20:16 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/14 15:20:16 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/11 08:08:14 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/11 08:08:14 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/08/16 10:58:17 | 002,019,400 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_status.exe
MOD - [2012/08/16 10:51:25 | 002,019,400 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_daemon.exe
MOD - [2012/08/16 10:40:19 | 018,678,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\QtGui4.dll
MOD - [2012/08/16 10:40:19 | 001,352,735 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mediafire_api_connect.dll
MOD - [2012/08/16 10:40:19 | 000,978,958 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\libstdc++-6.dll
MOD - [2012/08/16 10:40:19 | 000,978,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\QtNetwork4.dll
MOD - [2012/08/16 10:40:19 | 000,338,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\QtXml4.dll
MOD - [2012/08/16 10:40:19 | 000,151,054 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\libexpat-1.dll
MOD - [2012/08/16 10:40:19 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\libgcc_s_dw2-1.dll
MOD - [2012/08/16 10:40:18 | 004,533,248 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\QtCore4.dll
MOD - [2012/08/16 10:31:15 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\imageformats\qjpeg4.dll
MOD - [2012/08/16 10:31:15 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\imageformats\qgif4.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 22:36:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 22:36:19 | 000,069,120 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/13 22:32:15 | 000,141,312 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:38 | 000,220,672 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/05/11 23:12:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,712 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,200 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 23:10:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 23:10:10 | 000,015,872 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/06/10 08:29:34 | 000,466,944 | ---- | M] () -- C:\WINDOWS.0\system32\nvshell.dll
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/04/18 05:30:43 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
MOD - [2004/11/17 17:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MARKV~1.SAN\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (94865510)
DRV - [2012/09/14 15:16:13 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\WINDOWS.0\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/10 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/12 14:04:06 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS.0\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS.0\system32\Rundll32.exe C:\WINDOWS.0\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS.0\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS.0\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS.0\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS.0\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS.0\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS.0\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS.0\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS.0\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS.0\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS.0\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS.0\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 17:14:56 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 11:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\boost_interprocess
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 15:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/10 13:44:50 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:45 | 000,039,184 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:41 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\UnHackMe
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Documents\regruninfo
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

========== Files - Modified Within 30 Days ==========

[2012/09/14 20:05:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/14 20:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 17:14:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/14 17:04:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 15:19:45 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/14 15:19:06 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/14 15:19:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/14 15:16:13 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/14 15:16:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS.0\tasks\WSTAT.job
[2012/09/14 15:16:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/14 15:15:57 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 14:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012/09/13 23:45:56 | 003,950,886 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:04:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:45 | 000,039,184 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2012/08/16 02:20:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/14 17:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/13 23:45:48 | 003,950,886 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/05 23:12:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS.0\System32\jgsh400F.dll
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD3000GLFS-01F8U0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD6401AALS-00L3B2
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: WD 15EADS External USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: WD My Passport 0740 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 279.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Extended Partition
Bootable: True
BootPartition: True
PrimaryPartition: False
Size: 596.00GB
Starting Offset: 8225280
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/08/14 19:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Adobe
[2009/02/03 09:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\AdobeUM
[2009/10/03 17:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Ahead
[2009/06/10 17:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Amazon
[2011/06/02 14:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Apple Computer
[2011/09/05 20:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\ArcSoft
[2010/01/10 12:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Astro Gemini Software
[2009/01/25 18:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\ATI
[2012/08/16 07:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Audacity
[2012/01/08 17:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Big Fish Games
[2012/09/11 07:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\BitTorrent
[2012/09/14 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\CallingID
[2012/02/27 18:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Canon
[2011/07/06 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/08 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\CyberLink
[2009/03/03 20:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Digidesign
[2009/03/23 07:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\DisplayTune
[2012/09/14 20:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\DNA
[2009/10/17 17:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Easy Thumbnails
[2012/07/07 08:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\ElevatedDiagnostics
[2010/04/23 09:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\EmailNotifier
[2009/02/06 19:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\eMusic
[2009/06/21 22:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\EPSON
[2009/11/03 23:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2010/10/03 21:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Google
[2009/02/06 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Help
[2009/01/25 18:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Identities
[2009/02/03 09:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\InstallShield
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\JonDo
[2009/02/08 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Leadertech
[2009/05/17 12:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Logitech
[2009/02/06 19:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Macromedia
[2012/05/09 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Malwarebytes
[2012/09/14 15:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express
[2010/10/10 21:39:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft
[2009/02/06 18:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla
[2010/07/10 08:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mp3tag
[2009/02/06 19:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Opera
[2009/02/09 08:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\PACE Anti-Piracy
[2011/09/05 12:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\PandoraRecovery
[2009/11/20 19:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Qualcomm
[2010/03/28 09:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Real
[2010/07/12 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Seven Zip
[2012/08/14 19:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SilverEfexPro2
[2009/02/06 20:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Sun
[2012/09/11 08:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2009/02/06 18:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Talkback
[2010/08/27 11:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Thunderbird
[2009/02/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\TuneUp Software
[2011/11/30 17:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\vmntoolbar
[2009/02/06 16:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\WinRAR

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp1.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp3.cab:atapi.sys
[2009/01/20 19:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\XP 2\I386\sp3.cab:atapi.sys
[2009/01/20 18:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\erdnt\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS.0\system32\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS.0\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS.0\erdnt\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS.0\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS.0\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS.0\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS.0\erdnt\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS.0\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS.0\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS.0\$NtUninstallKB951748$\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS.0\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS.0\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS.0\system32\dllcache\nwprovau.dll
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS.0\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS.0\system32\dllcache\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS.0\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS.0\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS.0\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS.0\erdnt\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS.0\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS.0\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS.0\erdnt\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS.0\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS.0\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS.0\erdnt\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS.0\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS.0\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS.0\erdnt\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS.0\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS.0\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS.0\system32\dllcache\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS.0\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -reinstall [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -hide [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -show [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/12 13:34:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -reinstall [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -hide [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS.0\system32\ie4uinit.exe" -show [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/08/28 14:10:49 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >
[2012/08/05 23:12:28 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\jgsh400F.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1258 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ
@Alternate Data Stream - 1186 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE
@Alternate Data Stream - 1048 bytes -> C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z

< End of report >


OTL Extras logfile created on: 9/14/2012 8:12:51 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 59.57% Memory free
5.19 Gb Paging File | 3.62 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.39 Gb Free Space | 42.01% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS.0\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS.0\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS.0\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS.0\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS.0\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS.0\system32\mmc.exe" = C:\WINDOWS.0\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\AdFender\AdFender.exe" = C:\Program Files\AdFender\AdFender.exe:*:Enabled:AdFender -- (AdFender, Inc.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered Demo 7.4
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5392136D-EF88-415D-82B6-628C00EFDADA}" = IntelliMover
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859F6F7D-7A17-480B-B509-CCA9B3EDCC69}" = DC7
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E80F99-6295-4605-A609-675E78D63250}" = EPSON RAW Print
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}" = DiMAGE Scan ver 1.1
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAEF3BE9-F5CF-4355-BBC3-90134AD070F8}" = RAW Thumbnail Viewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CallingID LinkAdvisor 2.0 (2.0.0.248)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F572F682-E1FD-48F2-BFBF-26C8AFDC990A}" = DC8
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"3aline Screensaver Trial Version_is1" = 3aline Screensaver
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"AdFender" = AdFender
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Audacity_is1" = Audacity 2.0
"AudibleDownloadManager" = Audible Download Manager
"BFGC" = Big Fish Games Client
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"CA_VMN_antispyware" = CA VMN Anti-Spyware (remove only)
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Classicsonline_DLM" = ClassicsOnline
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Fractal Abstract" = Digital Fractal Abstract
"DriverAgent.exe" = DriverAgent by eSupport.com
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"eMusic Download Manager 5.0.1" = eMusic Download Manager 5.0.1
"eMusic Download Manager v5.0.2 5.0.2" = eMusic Download Manager v5.0.2
"EPSON Photo Print" = EPSON Photo Print
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON1394D3Printer" = EPSON 1394.3 Printer Devices
"Fix Redirect Virus" = Fix Redirect Virus
"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream
"G.O.M" = G.O.M
"Google Chrome" = Google Chrome
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaFire Express 0.12.3.3540" = MediaFire Express
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myst4-screen" = myst4-screen
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OCCT_is1" = OCCT Perestroika 3.0.0
"Opera 12.01.1532" = Opera 12.01
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PhotoME Beta-Release_is1" = PhotoME Beta-Release
"Precision" = EVGA Precision 1.4.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"realMYST Interactive 3D Edition" = realMYST Interactive 3D Edition
"RealPlayer 12.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON SPR2400 Reference Guide
"Silver Efex Pro 2" = Silver Efex Pro 2
"SpeedFan" = SpeedFan (remove only)
"SyncBack_is1" = SyncBack
"UnHackMe_is1" = UnHackMe 5.99 release
"vmntoolbar" = VMN Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XiphQT" = Xiph QuickTime Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZGIUninstallKey" = Zork Grand Inquisitor

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"59f7c765b6fc268f" = AutoApplyConvert
"BitTorrent DNA" = DNA
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2012 5:55:11 PM | Computer Name = MARK-59C0B947BC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2012 5:55:25 PM | Computer Name = MARK-59C0B947BC | Source = Application Hang | ID = 1001
Description = Fault bucket -1227688620.

Error - 9/10/2012 8:18:22 PM | Computer Name = MARK-59C0B947BC | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 9/12/2012 2:36:50 PM | Computer Name = MARK-59C0B947BC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2012 2:36:53 PM | Computer Name = MARK-59C0B947BC | Source = Application Hang | ID = 1001
Description = Fault bucket -1150946237.

Error - 9/14/2012 12:14:46 AM | Computer Name = MARK-59C0B947BC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00d52b40.

Error - 9/14/2012 12:14:55 AM | Computer Name = MARK-59C0B947BC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 9/14/2012 12:16:01 AM | Computer Name = MARK-59C0B947BC | Source = Application Hang | ID = 1002
Description = Hanging application adwcleaner.exe, version 2.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2012 12:22:23 AM | Computer Name = MARK-59C0B947BC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00bf2b40.

Error - 9/14/2012 12:22:35 AM | Computer Name = MARK-59C0B947BC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ OSession Events ]
Error - 7/10/2009 7:07:27 PM | Computer Name = MARK-59C0B947BC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 270
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/4/2010 12:34:04 AM | Computer Name = MARK-59C0B947BC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/5/2012 1:20:13 PM | Computer Name = MARK-59C0B947BC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/5/2012 1:22:26 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/5/2012 1:22:26 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/5/2012 3:44:25 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/5/2012 3:44:25 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/5/2012 4:30:18 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/5/2012 4:30:18 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/5/2012 9:49:14 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/5/2012 9:49:14 PM | Computer Name = MARK-59C0B947BC | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 9/6/2012 3:00:38 AM | Computer Name = MARK-59C0B947BC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB2686509).


< End of report >

I'll send these logs and follow with the tdss log, since I'm going to have to run it again becuase I can't find the log from that app... and i don't know what MBAM stands for, so I'll wait to hear from you on that one. :rolleyes:
  • 0

#4
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's TDSSKillers log:


20:30:03.0484 4820 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:30:03.0812 4820 ============================================================
20:30:03.0812 4820 Current date / time: 2012/09/14 20:30:03.0812
20:30:03.0812 4820 SystemInfo:
20:30:03.0812 4820
20:30:03.0812 4820 OS Version: 5.1.2600 ServicePack: 3.0
20:30:03.0812 4820 Product type: Workstation
20:30:03.0812 4820 ComputerName: MARK-59C0B947BC
20:30:03.0812 4820 UserName: Mark V. Sanderford
20:30:03.0812 4820 Windows directory: C:\WINDOWS.0
20:30:03.0812 4820 System windows directory: C:\WINDOWS.0
20:30:03.0812 4820 Processor architecture: Intel x86
20:30:03.0812 4820 Number of processors: 2
20:30:03.0812 4820 Page size: 0x1000
20:30:03.0812 4820 Boot type: Normal boot
20:30:03.0812 4820 ============================================================
20:30:04.0468 4820 Drive \Device\Harddisk0\DR0 - Size: 0x45DD71DE00 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:30:04.0468 4820 Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:30:04.0468 4820 Drive \Device\Harddisk2\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:30:04.0484 4820 Drive \Device\Harddisk3\DR6 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:30:04.0484 4820 ============================================================
20:30:04.0484 4820 \Device\Harddisk0\DR0:
20:30:04.0484 4820 MBR partitions:
20:30:04.0484 4820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
20:30:04.0484 4820 \Device\Harddisk1\DR1:
20:30:04.0484 4820 MBR partitions:
20:30:04.0484 4820 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4A852FC1
20:30:04.0484 4820 \Device\Harddisk2\DR4:
20:30:04.0484 4820 MBR partitions:
20:30:04.0484 4820 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
20:30:04.0484 4820 \Device\Harddisk3\DR6:
20:30:04.0484 4820 MBR partitions:
20:30:04.0484 4820 \Device\Harddisk3\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
20:30:04.0484 4820 ============================================================
20:30:04.0531 4820 C: <-> \Device\Harddisk0\DR0\Partition1
20:30:04.0578 4820 D: <-> \Device\Harddisk1\DR1\Partition1
20:30:04.0578 4820 G: <-> \Device\Harddisk2\DR4\Partition1
20:30:04.0593 4820 I: <-> \Device\Harddisk3\DR6\Partition1
20:30:04.0593 4820 ============================================================
20:30:04.0593 4820 Initialize success
20:30:04.0593 4820 ============================================================
20:30:06.0343 2552 ============================================================
20:30:06.0343 2552 Scan started
20:30:06.0343 2552 Mode: Manual;
20:30:06.0343 2552 ============================================================
20:30:07.0359 2552 ================ Scan system memory ========================
20:30:07.0359 2552 System memory - ok
20:30:07.0359 2552 ================ Scan services =============================
20:30:07.0406 2552 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:30:07.0406 2552 !SASCORE - ok
20:30:07.0468 2552 94865510 - ok
20:30:07.0484 2552 Abiosdsk - ok
20:30:07.0484 2552 abp480n5 - ok
20:30:07.0500 2552 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS.0\system32\DRIVERS\ACPI.sys
20:30:07.0500 2552 ACPI - ok
20:30:07.0515 2552 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS.0\system32\drivers\ACPIEC.sys
20:30:07.0515 2552 ACPIEC - ok
20:30:07.0531 2552 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:30:07.0531 2552 Adobe LM Service - ok
20:30:07.0562 2552 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:07.0562 2552 AdobeFlashPlayerUpdateSvc - ok
20:30:07.0562 2552 adpu160m - ok
20:30:07.0578 2552 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS.0\system32\drivers\aec.sys
20:30:07.0578 2552 aec - ok
20:30:07.0593 2552 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS.0\System32\drivers\afd.sys
20:30:07.0593 2552 AFD - ok
20:30:07.0593 2552 Aha154x - ok
20:30:07.0593 2552 aic78u2 - ok
20:30:07.0593 2552 aic78xx - ok
20:30:07.0609 2552 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS.0\system32\alrsvc.dll
20:30:07.0609 2552 Alerter - ok
20:30:07.0625 2552 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS.0\System32\alg.exe
20:30:07.0625 2552 ALG - ok
20:30:07.0625 2552 AliIde - ok
20:30:07.0625 2552 amsint - ok
20:30:07.0656 2552 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
20:30:07.0656 2552 APC UPS Service - ok
20:30:07.0671 2552 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:30:07.0671 2552 Apple Mobile Device - ok
20:30:07.0671 2552 AppMgmt - ok
20:30:07.0671 2552 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS.0\system32\DRIVERS\arp1394.sys
20:30:07.0671 2552 Arp1394 - ok
20:30:07.0671 2552 asc - ok
20:30:07.0671 2552 asc3350p - ok
20:30:07.0687 2552 asc3550 - ok
20:30:07.0718 2552 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:30:07.0718 2552 aspnet_state - ok
20:30:07.0765 2552 [ 47ECB641BF04D4C2353B0487ABC9D268 ] Asset Management Daemon C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
20:30:07.0765 2552 Asset Management Daemon - ok
20:30:07.0765 2552 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS.0\system32\DRIVERS\asyncmac.sys
20:30:07.0765 2552 AsyncMac - ok
20:30:07.0781 2552 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS.0\system32\DRIVERS\atapi.sys
20:30:07.0781 2552 atapi - ok
20:30:07.0781 2552 Atdisk - ok
20:30:07.0781 2552 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS.0\system32\drivers\AtiHdmi.sys
20:30:07.0781 2552 AtiHdmiService - ok
20:30:07.0796 2552 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS.0\system32\DRIVERS\atmarpc.sys
20:30:07.0796 2552 Atmarpc - ok
20:30:07.0812 2552 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS.0\System32\audiosrv.dll
20:30:07.0812 2552 AudioSrv - ok
20:30:07.0828 2552 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS.0\system32\DRIVERS\audstub.sys
20:30:07.0828 2552 audstub - ok
20:30:07.0828 2552 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS.0\system32\drivers\Beep.sys
20:30:07.0828 2552 Beep - ok
20:30:07.0843 2552 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS.0\system32\qmgr.dll
20:30:07.0843 2552 BITS - ok
20:30:07.0875 2552 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:30:07.0875 2552 Bonjour Service - ok
20:30:07.0890 2552 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS.0\System32\browser.dll
20:30:07.0890 2552 Browser - ok
20:30:07.0906 2552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS.0\system32\drivers\cbidf2k.sys
20:30:07.0906 2552 cbidf2k - ok
20:30:07.0906 2552 cd20xrnt - ok
20:30:07.0906 2552 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS.0\system32\drivers\Cdaudio.sys
20:30:07.0906 2552 Cdaudio - ok
20:30:07.0921 2552 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS.0\system32\drivers\Cdfs.sys
20:30:07.0921 2552 Cdfs - ok
20:30:07.0921 2552 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS.0\system32\DRIVERS\cdrom.sys
20:30:07.0921 2552 Cdrom - ok
20:30:07.0937 2552 Changer - ok
20:30:07.0984 2552 [ 91D1BEF4AE80EDA8CDB4120B3522DEA6 ] CIDLinkAdvisorService C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
20:30:07.0984 2552 CIDLinkAdvisorService - ok
20:30:08.0000 2552 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS.0\system32\cisvc.exe
20:30:08.0000 2552 CiSvc - ok
20:30:08.0000 2552 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS.0\system32\clipsrv.exe
20:30:08.0000 2552 ClipSrv - ok
20:30:08.0015 2552 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:08.0031 2552 clr_optimization_v2.0.50727_32 - ok
20:30:08.0031 2552 CmdIde - ok
20:30:08.0062 2552 [ 8FF7029D0ED1CEB546C3DB981130DAEA ] COM Service C:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
20:30:08.0062 2552 COM Service - ok
20:30:08.0078 2552 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS.0\system32\DRIVERS\compbatt.sys
20:30:08.0078 2552 Compbatt - ok
20:30:08.0078 2552 COMSysApp - ok
20:30:08.0078 2552 Cpqarray - ok
20:30:08.0078 2552 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS.0\System32\cryptsvc.dll
20:30:08.0078 2552 CryptSvc - ok
20:30:08.0078 2552 dac2w2k - ok
20:30:08.0078 2552 dac960nt - ok
20:30:08.0109 2552 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS.0\system32\rpcss.dll
20:30:08.0109 2552 DcomLaunch - ok
20:30:08.0109 2552 DELTA - ok
20:30:08.0125 2552 [ 20A04D8077CCCBA1711070EB01F02AFB ] DELTAII C:\WINDOWS.0\system32\DRIVERS\deltaII.sys
20:30:08.0125 2552 DELTAII - ok
20:30:08.0140 2552 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS.0\System32\dhcpcsvc.dll
20:30:08.0140 2552 Dhcp - ok
20:30:08.0156 2552 [ 74DD46D49809C5F689F24CCDD0D18A4E ] DigiFilter C:\WINDOWS.0\system32\drivers\DigiFilt.sys
20:30:08.0156 2552 DigiFilter - ok
20:30:08.0156 2552 DigiRefresh - ok
20:30:08.0171 2552 [ 02983523825AEC64B6C50D7AFD2F694E ] digiSPTIService C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
20:30:08.0171 2552 digiSPTIService - ok
20:30:08.0171 2552 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS.0\system32\DRIVERS\disk.sys
20:30:08.0171 2552 Disk - ok
20:30:08.0171 2552 dmadmin - ok
20:30:08.0187 2552 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS.0\system32\drivers\dmboot.sys
20:30:08.0203 2552 dmboot - ok
20:30:08.0203 2552 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS.0\system32\drivers\dmio.sys
20:30:08.0203 2552 dmio - ok
20:30:08.0218 2552 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS.0\system32\drivers\dmload.sys
20:30:08.0218 2552 dmload - ok
20:30:08.0218 2552 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS.0\System32\dmserver.dll
20:30:08.0218 2552 dmserver - ok
20:30:08.0234 2552 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS.0\system32\drivers\DMusic.sys
20:30:08.0234 2552 DMusic - ok
20:30:08.0250 2552 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS.0\System32\dnsrslvr.dll
20:30:08.0250 2552 Dnscache - ok
20:30:08.0265 2552 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS.0\System32\dot3svc.dll
20:30:08.0265 2552 Dot3svc - ok
20:30:08.0265 2552 dpti2o - ok
20:30:08.0281 2552 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS.0\system32\drivers\drmkaud.sys
20:30:08.0281 2552 drmkaud - ok
20:30:08.0296 2552 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
20:30:08.0296 2552 DTSRVC - ok
20:30:08.0296 2552 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS.0\System32\eapsvc.dll
20:30:08.0312 2552 EapHost - ok
20:30:08.0312 2552 [ 0281A8C7EF5CE55ACB459F466EECD19F ] epppdt C:\WINDOWS.0\system32\DRIVERS\epppdt.sys
20:30:08.0312 2552 epppdt - ok
20:30:08.0328 2552 [ A720DC80DBCF5BA5EE48ECA7A2573EBE ] epppdtpr C:\WINDOWS.0\system32\DRIVERS\epppdtpr.sys
20:30:08.0328 2552 epppdtpr - ok
20:30:08.0328 2552 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS.0\System32\ersvc.dll
20:30:08.0328 2552 ERSvc - ok
20:30:08.0343 2552 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS.0\system32\services.exe
20:30:08.0343 2552 Eventlog - ok
20:30:08.0359 2552 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS.0\system32\es.dll
20:30:08.0359 2552 EventSystem - ok
20:30:08.0390 2552 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS.0\system32\drivers\Fastfat.sys
20:30:08.0390 2552 Fastfat - ok
20:30:08.0406 2552 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS.0\System32\shsvcs.dll
20:30:08.0406 2552 FastUserSwitchingCompatibility - ok
20:30:08.0406 2552 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS.0\system32\DRIVERS\fdc.sys
20:30:08.0406 2552 Fdc - ok
20:30:08.0421 2552 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS.0\system32\drivers\Fips.sys
20:30:08.0421 2552 Fips - ok
20:30:08.0421 2552 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS.0\system32\DRIVERS\flpydisk.sys
20:30:08.0421 2552 Flpydisk - ok
20:30:08.0437 2552 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS.0\system32\DRIVERS\fltMgr.sys
20:30:08.0437 2552 FltMgr - ok
20:30:08.0484 2552 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:30:08.0484 2552 FontCache3.0.0.0 - ok
20:30:08.0484 2552 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS.0\system32\drivers\Fs_Rec.sys
20:30:08.0484 2552 Fs_Rec - ok
20:30:08.0500 2552 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS.0\system32\DRIVERS\ftdisk.sys
20:30:08.0500 2552 Ftdisk - ok
20:30:08.0515 2552 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS.0\gdrv.sys
20:30:08.0515 2552 gdrv - ok
20:30:08.0531 2552 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys
20:30:08.0531 2552 GEARAspiWDM - ok
20:30:08.0562 2552 [ 9F8A14BA43086FFD4637FD3F961B6D64 ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
20:30:08.0562 2552 GEST Service - ok
20:30:08.0562 2552 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS.0\system32\giveio.sys
20:30:08.0562 2552 giveio - ok
20:30:08.0562 2552 GMSIPCI - ok
20:30:08.0578 2552 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS.0\system32\DRIVERS\msgpc.sys
20:30:08.0578 2552 Gpc - ok
20:30:08.0609 2552 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:08.0609 2552 gupdate - ok
20:30:08.0625 2552 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:08.0625 2552 gupdatem - ok
20:30:08.0640 2552 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS.0\system32\Drivers\GVTDrv.sys
20:30:08.0640 2552 GVTDrv - ok
20:30:08.0656 2552 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys
20:30:08.0656 2552 HDAudBus - ok
20:30:08.0671 2552 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:08.0687 2552 helpsvc - ok
20:30:08.0703 2552 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS.0\system32\DRIVERS\HidBatt.sys
20:30:08.0703 2552 HidBatt - ok
20:30:08.0703 2552 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS.0\System32\hidserv.dll
20:30:08.0703 2552 HidServ - ok
20:30:08.0718 2552 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS.0\system32\DRIVERS\hidusb.sys
20:30:08.0718 2552 hidusb - ok
20:30:08.0734 2552 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS.0\System32\kmsvc.dll
20:30:08.0734 2552 hkmsvc - ok
20:30:08.0734 2552 hpn - ok
20:30:08.0750 2552 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS.0\system32\Drivers\HTTP.sys
20:30:08.0765 2552 HTTP - ok
20:30:08.0781 2552 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS.0\System32\w3ssl.dll
20:30:08.0781 2552 HTTPFilter - ok
20:30:08.0781 2552 i2omgmt - ok
20:30:08.0781 2552 i2omp - ok
20:30:08.0812 2552 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:30:08.0812 2552 IDriverT - ok
20:30:08.0843 2552 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:08.0859 2552 idsvc - ok
20:30:08.0906 2552 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:30:08.0906 2552 IHA_MessageCenter - ok
20:30:08.0921 2552 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS.0\system32\DRIVERS\imapi.sys
20:30:08.0921 2552 Imapi - ok
20:30:08.0921 2552 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS.0\system32\imapi.exe
20:30:08.0921 2552 ImapiService - ok
20:30:08.0953 2552 [ 98E96B6F095E6289C3293B99D0F926B2 ] InCDfs C:\WINDOWS.0\system32\drivers\InCDFs.sys
20:30:08.0953 2552 InCDfs - ok
20:30:08.0968 2552 [ 0B3E2517CF826020688650D46ADF5B05 ] InCDPass C:\WINDOWS.0\system32\drivers\InCDPass.sys
20:30:08.0968 2552 InCDPass - ok
20:30:08.0968 2552 [ 00EE363EA793A9D8DAB5254ACBD7D8E6 ] InCDrec C:\WINDOWS.0\system32\drivers\InCDRec.sys
20:30:08.0968 2552 InCDrec - ok
20:30:08.0984 2552 [ D41AB5BE8861AFF53851594DE58DDDFA ] incdrm C:\WINDOWS.0\system32\drivers\InCDRm.sys
20:30:08.0984 2552 incdrm - ok
20:30:09.0046 2552 [ 40F8DC71CD638C40DB38A0C08AF2A6ED ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
20:30:09.0078 2552 InCDsrv - ok
20:30:09.0078 2552 ini910u - ok
20:30:09.0109 2552 [ 50264B5D818D67DA83A9054F8A16C1F6 ] IntcAzAudAddService C:\WINDOWS.0\system32\drivers\RtkHDAud.sys
20:30:09.0125 2552 Suspicious file (Forged): C:\WINDOWS.0\system32\drivers\RtkHDAud.sys. Real md5: 50264B5D818D67DA83A9054F8A16C1F6, Fake md5: 4AAA8312732655F93A254D1FA695EB79
20:30:09.0125 2552 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
20:30:09.0125 2552 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
20:30:09.0140 2552 IntelIde - ok
20:30:09.0140 2552 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS.0\system32\DRIVERS\intelppm.sys
20:30:09.0140 2552 intelppm - ok
20:30:09.0156 2552 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS.0\system32\DRIVERS\Ip6Fw.sys
20:30:09.0156 2552 Ip6Fw - ok
20:30:09.0156 2552 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS.0\system32\DRIVERS\ipfltdrv.sys
20:30:09.0156 2552 IpFilterDriver - ok
20:30:09.0171 2552 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS.0\system32\DRIVERS\ipinip.sys
20:30:09.0171 2552 IpInIp - ok
20:30:09.0171 2552 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS.0\system32\DRIVERS\ipnat.sys
20:30:09.0171 2552 IpNat - ok
20:30:09.0203 2552 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:30:09.0218 2552 iPod Service - ok
20:30:09.0234 2552 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS.0\system32\DRIVERS\ipsec.sys
20:30:09.0234 2552 IPSec - ok
20:30:09.0234 2552 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS.0\system32\DRIVERS\irenum.sys
20:30:09.0234 2552 IRENUM - ok
20:30:09.0250 2552 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS.0\system32\DRIVERS\isapnp.sys
20:30:09.0250 2552 isapnp - ok
20:30:09.0281 2552 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:30:09.0281 2552 JavaQuickStarterService - ok
20:30:09.0296 2552 [ B07084095F8C03AADB9811C9DF14B5E4 ] JRAID C:\WINDOWS.0\system32\DRIVERS\jraid.sys
20:30:09.0296 2552 JRAID - ok
20:30:09.0296 2552 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS.0\system32\DRIVERS\kbdclass.sys
20:30:09.0296 2552 Kbdclass - ok
20:30:09.0312 2552 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys
20:30:09.0312 2552 kbdhid - ok
20:30:09.0328 2552 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS.0\system32\drivers\kmixer.sys
20:30:09.0328 2552 kmixer - ok
20:30:09.0328 2552 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS.0\system32\drivers\KSecDD.sys
20:30:09.0328 2552 KSecDD - ok
20:30:09.0359 2552 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS.0\System32\srvsvc.dll
20:30:09.0359 2552 LanmanServer - ok
20:30:09.0375 2552 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS.0\System32\wkssvc.dll
20:30:09.0375 2552 lanmanworkstation - ok
20:30:09.0390 2552 Lavasoft Kernexplorer - ok
20:30:09.0390 2552 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS.0\system32\DRIVERS\Lbd.sys
20:30:09.0390 2552 Lbd - ok
20:30:09.0406 2552 [ E254E5B2C5227DDBB47D045940A0A559 ] LBeepKE C:\WINDOWS.0\system32\Drivers\LBeepKE.sys
20:30:09.0406 2552 LBeepKE - ok
20:30:09.0406 2552 lbrtfdc - ok
20:30:09.0437 2552 [ 47C12F1A54B5C1B51008D7629C1D4F7B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:30:09.0437 2552 LBTServ - ok
20:30:09.0437 2552 [ 8B30311241F97B35167AFE68D79E8530 ] LHidFilt C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys
20:30:09.0437 2552 LHidFilt - ok
20:30:09.0453 2552 [ 3C357DFDBBF2B4B01AA4B9C8A26E4416 ] LHidFlt2 C:\WINDOWS.0\system32\DRIVERS\LHidFlt2.Sys
20:30:09.0453 2552 LHidFlt2 - ok
20:30:09.0468 2552 [ FFB851B1B2F6596B7D3182B977A85206 ] LHidUsb C:\WINDOWS.0\system32\Drivers\LHidUsb.Sys
20:30:09.0468 2552 LHidUsb - ok
20:30:09.0500 2552 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
20:30:09.0500 2552 LinksysUpdater - ok
20:30:09.0500 2552 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS.0\System32\lmhsvc.dll
20:30:09.0500 2552 LmHosts - ok
20:30:09.0515 2552 [ 48D7422A6C4EEC886B56AC534CFA3ACF ] LMouFilt C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys
20:30:09.0515 2552 LMouFilt - ok
20:30:09.0515 2552 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS.0\system32\DRIVERS\LMouFlt2.Sys
20:30:09.0515 2552 LMouFlt2 - ok
20:30:09.0531 2552 [ 0B808FF2F17C8396FB2AE202F75AED37 ] LUsbFilt C:\WINDOWS.0\system32\Drivers\LUsbFilt.Sys
20:30:09.0531 2552 LUsbFilt - ok
20:30:09.0531 2552 MCSTRM - ok
20:30:09.0546 2552 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS.0\System32\msgsvc.dll
20:30:09.0546 2552 Messenger - ok
20:30:09.0562 2552 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS.0\system32\drivers\mnmdd.sys
20:30:09.0562 2552 mnmdd - ok
20:30:09.0578 2552 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS.0\system32\mnmsrvc.exe
20:30:09.0578 2552 mnmsrvc - ok
20:30:09.0578 2552 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS.0\system32\drivers\Modem.sys
20:30:09.0578 2552 Modem - ok
20:30:09.0593 2552 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS.0\system32\DRIVERS\mouclass.sys
20:30:09.0593 2552 Mouclass - ok
20:30:09.0593 2552 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS.0\system32\DRIVERS\mouhid.sys
20:30:09.0593 2552 mouhid - ok
20:30:09.0609 2552 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS.0\system32\drivers\MountMgr.sys
20:30:09.0609 2552 MountMgr - ok
20:30:09.0640 2552 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:30:09.0640 2552 MozillaMaintenance - ok
20:30:09.0656 2552 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS.0\system32\DRIVERS\MpFilter.sys
20:30:09.0656 2552 MpFilter - ok
20:30:09.0656 2552 mraid35x - ok
20:30:09.0656 2552 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS.0\system32\DRIVERS\mrxdav.sys
20:30:09.0656 2552 MRxDAV - ok
20:30:09.0687 2552 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys
20:30:09.0687 2552 MRxSmb - ok
20:30:09.0703 2552 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS.0\system32\msdtc.exe
20:30:09.0703 2552 MSDTC - ok
20:30:09.0703 2552 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS.0\system32\drivers\Msfs.sys
20:30:09.0703 2552 Msfs - ok
20:30:09.0703 2552 MSICPL - ok
20:30:09.0703 2552 MSIServer - ok
20:30:09.0718 2552 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
20:30:09.0718 2552 MSKSSRV - ok
20:30:09.0734 2552 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:30:09.0734 2552 MsMpSvc - ok
20:30:09.0750 2552 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
20:30:09.0750 2552 MSPCLOCK - ok
20:30:09.0765 2552 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS.0\system32\drivers\MSPQM.sys
20:30:09.0765 2552 MSPQM - ok
20:30:09.0781 2552 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS.0\system32\DRIVERS\mssmbios.sys
20:30:09.0781 2552 mssmbios - ok
20:30:09.0781 2552 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS.0\system32\drivers\Mup.sys
20:30:09.0781 2552 Mup - ok
20:30:09.0796 2552 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS.0\System32\qagentrt.dll
20:30:09.0796 2552 napagent - ok
20:30:09.0843 2552 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:30:09.0859 2552 NBService - ok
20:30:09.0875 2552 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS.0\system32\drivers\NDIS.sys
20:30:09.0875 2552 NDIS - ok
20:30:09.0890 2552 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys
20:30:09.0890 2552 NdisTapi - ok
20:30:09.0906 2552 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS.0\system32\DRIVERS\ndisuio.sys
20:30:09.0906 2552 Ndisuio - ok
20:30:09.0906 2552 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS.0\system32\DRIVERS\ndiswan.sys
20:30:09.0906 2552 NdisWan - ok
20:30:09.0921 2552 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS.0\system32\drivers\NDProxy.sys
20:30:09.0921 2552 NDProxy - ok
20:30:09.0921 2552 NeroRegInCDSrv - ok
20:30:09.0921 2552 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS.0\system32\DRIVERS\netbios.sys
20:30:09.0921 2552 NetBIOS - ok
20:30:09.0937 2552 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS.0\system32\DRIVERS\netbt.sys
20:30:09.0937 2552 NetBT - ok
20:30:09.0937 2552 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS.0\system32\netdde.exe
20:30:09.0937 2552 NetDDE - ok
20:30:09.0937 2552 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS.0\system32\netdde.exe
20:30:09.0953 2552 NetDDEdsdm - ok
20:30:09.0953 2552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS.0\system32\lsass.exe
20:30:09.0953 2552 Netlogon - ok
20:30:09.0968 2552 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS.0\System32\netman.dll
20:30:09.0968 2552 Netman - ok
20:30:09.0984 2552 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:30:09.0984 2552 NetTcpPortSharing - ok
20:30:09.0984 2552 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS.0\system32\DRIVERS\nic1394.sys
20:30:09.0984 2552 NIC1394 - ok
20:30:10.0000 2552 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS.0\System32\mswsock.dll
20:30:10.0000 2552 Nla - ok
20:30:10.0015 2552 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\WINDOWS.0\system32\nlssrv32.exe
20:30:10.0015 2552 nlsX86cc - ok
20:30:10.0046 2552 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:30:10.0046 2552 NMIndexingService - ok
20:30:10.0078 2552 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
20:30:10.0093 2552 nmservice - ok
20:30:10.0109 2552 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS.0\system32\drivers\Npfs.sys
20:30:10.0109 2552 Npfs - ok
20:30:10.0109 2552 NTACCESS - ok
20:30:10.0109 2552 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS.0\system32\drivers\Ntfs.sys
20:30:10.0109 2552 Ntfs - ok
20:30:10.0109 2552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS.0\system32\lsass.exe
20:30:10.0109 2552 NtLmSsp - ok
20:30:10.0125 2552 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS.0\system32\ntmssvc.dll
20:30:10.0125 2552 NtmsSvc - ok
20:30:10.0140 2552 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS.0\system32\drivers\Null.sys
20:30:10.0140 2552 Null - ok
20:30:10.0171 2552 [ C407467C9C43B15E8725978E114C4D65 ] nv C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
20:30:10.0203 2552 Suspicious file (Forged): C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys. Real md5: C407467C9C43B15E8725978E114C4D65, Fake md5: BF506D232C5E6F2DAE80F5C11B45C60E
20:30:10.0218 2552 nv ( ForgedFile.Multi.Generic ) - warning
20:30:10.0218 2552 nv - detected ForgedFile.Multi.Generic (1)
20:30:10.0234 2552 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] NVSvc C:\WINDOWS.0\system32\nvsvc32.exe
20:30:10.0234 2552 NVSvc - ok
20:30:10.0234 2552 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS.0\system32\DRIVERS\nwlnkflt.sys
20:30:10.0234 2552 NwlnkFlt - ok
20:30:10.0250 2552 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS.0\system32\DRIVERS\nwlnkfwd.sys
20:30:10.0250 2552 NwlnkFwd - ok
20:30:10.0281 2552 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:30:10.0296 2552 odserv - ok
20:30:10.0312 2552 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys
20:30:10.0312 2552 ohci1394 - ok
20:30:10.0328 2552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:30:10.0328 2552 ose - ok
20:30:10.0343 2552 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS.0\system32\DRIVERS\parport.sys
20:30:10.0343 2552 Parport - ok
20:30:10.0343 2552 [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan C:\WINDOWS.0\system32\drivers\Partizan.sys
20:30:10.0343 2552 Partizan - ok
20:30:10.0359 2552 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS.0\system32\drivers\PartMgr.sys
20:30:10.0359 2552 PartMgr - ok
20:30:10.0359 2552 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS.0\system32\drivers\ParVdm.sys
20:30:10.0359 2552 ParVdm - ok
20:30:10.0359 2552 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS.0\system32\DRIVERS\pci.sys
20:30:10.0359 2552 PCI - ok
20:30:10.0359 2552 PCIDump - ok
20:30:10.0375 2552 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS.0\system32\DRIVERS\pciide.sys
20:30:10.0375 2552 PCIIde - ok
20:30:10.0375 2552 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS.0\system32\drivers\Pcmcia.sys
20:30:10.0375 2552 Pcmcia - ok
20:30:10.0375 2552 PDCOMP - ok
20:30:10.0375 2552 PDFRAME - ok
20:30:10.0390 2552 [ D5DE7DD879CC7C2CDC5080B4F04F6770 ] PdiPorts C:\WINDOWS.0\system32\Drivers\PdiPorts.sys
20:30:10.0390 2552 PdiPorts - ok
20:30:10.0406 2552 [ C6CD72D1ED3B130E30FCE2B156817893 ] PdiService C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
20:30:10.0406 2552 PdiService - ok
20:30:10.0406 2552 PDRELI - ok
20:30:10.0406 2552 PDRFRAME - ok
20:30:10.0421 2552 perc2 - ok
20:30:10.0421 2552 perc2hib - ok
20:30:10.0437 2552 [ 943F840611D33832308EC5310B616B57 ] Pivot C:\WINDOWS.0\system32\drivers\pivot.sys
20:30:10.0437 2552 Pivot - ok
20:30:10.0437 2552 [ 998C58295288EEDFBFE95E7F6CC94DF4 ] pivotmou C:\WINDOWS.0\System32\drivers\pivotmou.sys
20:30:10.0437 2552 pivotmou - ok
20:30:10.0453 2552 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS.0\system32\services.exe
20:30:10.0453 2552 PlugPlay - ok
20:30:10.0468 2552 [ DEA06627596015263360097C2608384E ] pnarp C:\WINDOWS.0\system32\DRIVERS\pnarp.sys
20:30:10.0468 2552 pnarp - ok
20:30:10.0468 2552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS.0\system32\lsass.exe
20:30:10.0468 2552 PolicyAgent - ok
20:30:10.0484 2552 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS.0\system32\DRIVERS\raspptp.sys
20:30:10.0484 2552 PptpMiniport - ok
20:30:10.0484 2552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS.0\system32\lsass.exe
20:30:10.0484 2552 ProtectedStorage - ok
20:30:10.0500 2552 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS.0\system32\DRIVERS\psched.sys
20:30:10.0500 2552 PSched - ok
20:30:10.0515 2552 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS.0\system32\DRIVERS\ptilink.sys
20:30:10.0515 2552 Ptilink - ok
20:30:10.0515 2552 [ C0CDB9F7CE42C3487F0BEA409BF5D153 ] purendis C:\WINDOWS.0\system32\DRIVERS\purendis.sys
20:30:10.0515 2552 purendis - ok
20:30:10.0515 2552 ql1080 - ok
20:30:10.0515 2552 Ql10wnt - ok
20:30:10.0515 2552 ql12160 - ok
20:30:10.0515 2552 ql1240 - ok
20:30:10.0531 2552 ql1280 - ok
20:30:10.0546 2552 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS.0\system32\DRIVERS\rasacd.sys
20:30:10.0546 2552 RasAcd - ok
20:30:10.0546 2552 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS.0\System32\rasauto.dll
20:30:10.0546 2552 RasAuto - ok
20:30:10.0562 2552 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys
20:30:10.0562 2552 Rasl2tp - ok
20:30:10.0562 2552 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS.0\System32\rasmans.dll
20:30:10.0562 2552 RasMan - ok
20:30:10.0578 2552 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS.0\system32\DRIVERS\raspppoe.sys
20:30:10.0578 2552 RasPppoe - ok
20:30:10.0593 2552 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS.0\system32\DRIVERS\raspti.sys
20:30:10.0593 2552 Raspti - ok
20:30:10.0609 2552 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS.0\system32\DRIVERS\rdbss.sys
20:30:10.0609 2552 Rdbss - ok
20:30:10.0609 2552 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS.0\system32\DRIVERS\RDPCDD.sys
20:30:10.0609 2552 RDPCDD - ok
20:30:10.0640 2552 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS.0\system32\drivers\RDPWD.sys
20:30:10.0640 2552 RDPWD - ok
20:30:10.0640 2552 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS.0\system32\sessmgr.exe
20:30:10.0656 2552 RDSessMgr - ok
20:30:10.0671 2552 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS.0\system32\DRIVERS\redbook.sys
20:30:10.0671 2552 redbook - ok
20:30:10.0671 2552 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\WINDOWS.0\system32\Drivers\regguard.sys
20:30:10.0671 2552 RegGuard - ok
20:30:10.0687 2552 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS.0\System32\mprdim.dll
20:30:10.0687 2552 RemoteAccess - ok
20:30:10.0734 2552 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:30:10.0734 2552 RichVideo - ok
20:30:10.0734 2552 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS.0\system32\locator.exe
20:30:10.0750 2552 RpcLocator - ok
20:30:10.0750 2552 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS.0\System32\rpcss.dll
20:30:10.0750 2552 RpcSs - ok
20:30:10.0765 2552 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS.0\system32\rsvp.exe
20:30:10.0765 2552 RSVP - ok
20:30:10.0781 2552 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys
20:30:10.0781 2552 RTLE8023xp - ok
20:30:10.0781 2552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS.0\system32\lsass.exe
20:30:10.0781 2552 SamSs - ok
20:30:10.0796 2552 [ 24C68978D48F41084DC00159AA07FAB8 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
20:30:10.0796 2552 SANDRA - ok
20:30:10.0812 2552 [ 3A4AB78A64E391EF3D75BE0619EB428A ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
20:30:10.0812 2552 SandraAgentSrv - ok
20:30:10.0828 2552 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:30:10.0828 2552 SASDIFSV - ok
20:30:10.0843 2552 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:30:10.0843 2552 SASKUTIL - ok
20:30:10.0859 2552 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS.0\system32\DRIVERS\sbp2port.sys
20:30:10.0859 2552 sbp2port - ok
20:30:10.0875 2552 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS.0\System32\SCardSvr.exe
20:30:10.0875 2552 SCardSvr - ok
20:30:10.0890 2552 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS.0\system32\schedsvc.dll
20:30:10.0890 2552 Schedule - ok
20:30:10.0906 2552 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS.0\system32\DRIVERS\secdrv.sys
20:30:10.0906 2552 Secdrv - ok
20:30:10.0906 2552 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS.0\System32\seclogon.dll
20:30:10.0906 2552 seclogon - ok
20:30:10.0906 2552 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS.0\system32\sens.dll
20:30:10.0921 2552 SENS - ok
20:30:10.0921 2552 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS.0\system32\DRIVERS\serenum.sys
20:30:10.0921 2552 serenum - ok
20:30:10.0937 2552 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS.0\system32\DRIVERS\serial.sys
20:30:10.0937 2552 Serial - ok
20:30:10.0937 2552 SetupNTGLM7X - ok
20:30:10.0937 2552 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS.0\system32\drivers\Sfloppy.sys
20:30:10.0937 2552 Sfloppy - ok
20:30:10.0953 2552 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS.0\System32\ipnathlp.dll
20:30:10.0953 2552 SharedAccess - ok
20:30:10.0968 2552 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS.0\System32\shsvcs.dll
20:30:10.0968 2552 ShellHWDetection - ok
20:30:10.0968 2552 Simbad - ok
20:30:10.0968 2552 Sparrow - ok
20:30:10.0968 2552 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS.0\system32\speedfan.sys
20:30:10.0984 2552 speedfan - ok
20:30:10.0984 2552 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS.0\system32\drivers\splitter.sys
20:30:10.0984 2552 splitter - ok
20:30:11.0000 2552 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS.0\system32\spoolsv.exe
20:30:11.0000 2552 Spooler - ok
20:30:11.0015 2552 sprtsvc_verizondm - ok
20:30:11.0031 2552 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS.0\system32\DRIVERS\sr.sys
20:30:11.0031 2552 sr - ok
20:30:11.0031 2552 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS.0\system32\srsvc.dll
20:30:11.0031 2552 srservice - ok
20:30:11.0046 2552 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS.0\system32\DRIVERS\srv.sys
20:30:11.0062 2552 Srv - ok
20:30:11.0062 2552 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS.0\System32\ssdpsrv.dll
20:30:11.0062 2552 SSDPSRV - ok
20:30:11.0078 2552 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS.0\system32\wiaservc.dll
20:30:11.0078 2552 stisvc - ok
20:30:11.0093 2552 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS.0\system32\DRIVERS\swenum.sys
20:30:11.0093 2552 swenum - ok
20:30:11.0109 2552 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS.0\system32\drivers\swmidi.sys
20:30:11.0109 2552 swmidi - ok
20:30:11.0109 2552 SwPrv - ok
20:30:11.0109 2552 symc810 - ok
20:30:11.0109 2552 symc8xx - ok
20:30:11.0109 2552 sym_hi - ok
20:30:11.0109 2552 sym_u3 - ok
20:30:11.0125 2552 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS.0\system32\drivers\sysaudio.sys
20:30:11.0125 2552 sysaudio - ok
20:30:11.0140 2552 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS.0\system32\smlogsvc.exe
20:30:11.0140 2552 SysmonLog - ok
20:30:11.0156 2552 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS.0\System32\tapisrv.dll
20:30:11.0156 2552 TapiSrv - ok
20:30:11.0171 2552 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS.0\system32\DRIVERS\tcpip.sys
20:30:11.0171 2552 Tcpip - ok
20:30:11.0187 2552 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS.0\system32\drivers\TDPIPE.sys
20:30:11.0187 2552 TDPIPE - ok
20:30:11.0187 2552 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS.0\system32\drivers\TDTCP.sys
20:30:11.0187 2552 TDTCP - ok
20:30:11.0203 2552 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS.0\system32\DRIVERS\termdd.sys
20:30:11.0203 2552 TermDD - ok
20:30:11.0218 2552 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS.0\System32\termsrv.dll
20:30:11.0218 2552 TermService - ok
20:30:11.0218 2552 tgsrvc_verizondm - ok
20:30:11.0234 2552 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS.0\System32\shsvcs.dll
20:30:11.0234 2552 Themes - ok
20:30:11.0234 2552 TosIde - ok
20:30:11.0265 2552 [ A00DBB3CCF4E0821DD531DB8746A1374 ] TPkd C:\WINDOWS.0\system32\drivers\TPkd.sys
20:30:11.0265 2552 TPkd - ok
20:30:11.0265 2552 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS.0\system32\trkwks.dll
20:30:11.0265 2552 TrkWks - ok
20:30:11.0281 2552 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS.0\system32\DRIVERS\TVICHW32.SYS
20:30:11.0281 2552 TVICHW32 - ok
20:30:11.0296 2552 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS.0\system32\drivers\Udfs.sys
20:30:11.0296 2552 Udfs - ok
20:30:11.0296 2552 ultra - ok
20:30:11.0328 2552 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS.0\system32\DRIVERS\update.sys
20:30:11.0328 2552 Update - ok
20:30:11.0328 2552 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS.0\System32\upnphost.dll
20:30:11.0328 2552 upnphost - ok
20:30:11.0343 2552 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS.0\System32\ups.exe
20:30:11.0343 2552 UPS - ok
20:30:11.0359 2552 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS.0\system32\Drivers\usbaapl.sys
20:30:11.0359 2552 USBAAPL - ok
20:30:11.0375 2552 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS.0\system32\drivers\usbaudio.sys
20:30:11.0375 2552 usbaudio - ok
20:30:11.0390 2552 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys
20:30:11.0390 2552 usbccgp - ok
20:30:11.0390 2552 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS.0\system32\DRIVERS\usbehci.sys
20:30:11.0390 2552 usbehci - ok
20:30:11.0390 2552 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS.0\system32\DRIVERS\usbhub.sys
20:30:11.0390 2552 usbhub - ok
20:30:11.0406 2552 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS.0\system32\DRIVERS\usbprint.sys
20:30:11.0406 2552 usbprint - ok
20:30:11.0421 2552 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS.0\system32\DRIVERS\usbscan.sys
20:30:11.0421 2552 usbscan - ok
20:30:11.0421 2552 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS
20:30:11.0421 2552 USBSTOR - ok
20:30:11.0437 2552 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys
20:30:11.0437 2552 usbuhci - ok
20:30:11.0437 2552 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS.0\System32\drivers\vga.sys
20:30:11.0437 2552 VgaSave - ok
20:30:11.0437 2552 ViaIde - ok
20:30:11.0453 2552 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS.0\system32\drivers\VolSnap.sys
20:30:11.0453 2552 VolSnap - ok
20:30:11.0468 2552 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS.0\System32\vssvc.exe
20:30:11.0468 2552 VSS - ok
20:30:11.0484 2552 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS.0\system32\w32time.dll
20:30:11.0484 2552 W32Time - ok
20:30:11.0500 2552 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS.0\system32\DRIVERS\wanarp.sys
20:30:11.0500 2552 Wanarp - ok
20:30:11.0515 2552 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS.0\system32\DRIVERS\wdcsam.sys
20:30:11.0515 2552 WDC_SAM - ok
20:30:11.0546 2552 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:30:11.0546 2552 WDDMService - ok
20:30:11.0578 2552 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys
20:30:11.0578 2552 Wdf01000 - ok
20:30:11.0609 2552 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
20:30:11.0625 2552 WDFME - ok
20:30:11.0625 2552 WDICA - ok
20:30:11.0656 2552 [ 2F4B3C0E58D4A7BD8E38D1CD9CA47691 ] Wdm1 C:\WINDOWS.0\system32\Drivers\usbbc.sys
20:30:11.0656 2552 Wdm1 - ok
20:30:11.0671 2552 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS.0\system32\drivers\wdmaud.sys
20:30:11.0671 2552 wdmaud - ok
20:30:11.0703 2552 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
20:30:11.0703 2552 WDSC - ok
20:30:11.0718 2552 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS.0\System32\webclnt.dll
20:30:11.0718 2552 WebClient - ok
20:30:11.0750 2552 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS.0\system32\wbem\WMIsvc.dll
20:30:11.0750 2552 winmgmt - ok
20:30:11.0765 2552 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS.0\system32\MsPMSNSv.dll
20:30:11.0765 2552 WmdmPmSN - ok
20:30:11.0781 2552 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
20:30:11.0781 2552 WmiApSrv - ok
20:30:11.0828 2552 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:30:11.0843 2552 WMPNetworkSvc - ok
20:30:11.0843 2552 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys
20:30:11.0843 2552 WpdUsb - ok
20:30:11.0859 2552 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS.0\System32\drivers\ws2ifsl.sys
20:30:11.0859 2552 WS2IFSL - ok
20:30:11.0859 2552 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS.0\system32\wscsvc.dll
20:30:11.0859 2552 wscsvc - ok
20:30:11.0890 2552 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys
20:30:11.0890 2552 WudfPf - ok
20:30:11.0890 2552 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys
20:30:11.0890 2552 WudfRd - ok
20:30:11.0906 2552 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS.0\System32\WUDFSvc.dll
20:30:11.0906 2552 WudfSvc - ok
20:30:11.0921 2552 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS.0\System32\wzcsvc.dll
20:30:11.0921 2552 WZCSVC - ok
20:30:11.0921 2552 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS.0\System32\xmlprov.dll
20:30:11.0921 2552 xmlprov - ok
20:30:11.0921 2552 ================ Scan global ===============================
20:30:11.0937 2552 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS.0\system32\basesrv.dll
20:30:11.0968 2552 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
20:30:11.0968 2552 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
20:30:11.0984 2552 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS.0\system32\services.exe
20:30:11.0984 2552 [Global] - ok
20:30:11.0984 2552 ================ Scan MBR ==================================
20:30:11.0984 2552 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:30:12.0078 2552 \Device\Harddisk0\DR0 - ok
20:30:12.0093 2552 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:30:12.0140 2552 \Device\Harddisk1\DR1 - ok
20:30:12.0140 2552 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR4
20:30:12.0140 2552 \Device\Harddisk2\DR4 - ok
20:30:12.0140 2552 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR6
20:30:12.0140 2552 \Device\Harddisk3\DR6 - ok
20:30:12.0140 2552 ================ Scan VBR ==================================
20:30:12.0140 2552 [ 5E97E92C457ACF813949C6697B1329A0 ] \Device\Harddisk0\DR0\Partition1
20:30:12.0156 2552 \Device\Harddisk0\DR0\Partition1 - ok
20:30:12.0156 2552 [ B1F7A057FE2BE6B2C6D7229F2E6E8C35 ] \Device\Harddisk1\DR1\Partition1
20:30:12.0156 2552 \Device\Harddisk1\DR1\Partition1 - ok
20:30:12.0156 2552 [ CEE5D8F8B6974ABD2B8EC2ADCC29DEC3 ] \Device\Harddisk2\DR4\Partition1
20:30:12.0156 2552 \Device\Harddisk2\DR4\Partition1 - ok
20:30:12.0156 2552 [ E164AB8671C941BE3D308AA6E0E547D4 ] \Device\Harddisk3\DR6\Partition1
20:30:12.0171 2552 \Device\Harddisk3\DR6\Partition1 - ok
20:30:12.0171 2552 ============================================================
20:30:12.0171 2552 Scan finished
20:30:12.0171 2552 ============================================================
20:30:12.0171 1692 Detected object count: 2
20:30:12.0171 1692 Actual detected object count: 2
20:30:31.0125 1692 C:\WINDOWS.0\system32\drivers\RtkHDAud.sys - copied to quarantine
20:30:31.0125 1692 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Quarantine
20:30:31.0328 1692 C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys - copied to quarantine
20:30:31.0328 1692 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
  • 0

#5
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I have DSL and I'm pretty sure I came up with a new password for the router...
  • 0

#6
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Now that I've checked, I'm sure I HAVEN'T changed the default password! :upset:
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2012/08/05 23:12:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS.0\System32\jgsh400F.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Owner\Application Data\*.exe
C:\Documents and Settings\All Users\Application Data\*.exe
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Run aswMBR as before and post the log.

Run TDSSKiller again and post the logs.

We've got to go out this evening so won't be back on line until late.
  • 0

#8
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
That's fine. I'll run these and post them... and we can take off again tomorrow. :thumbsup:
  • 0

#9
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ron,

Here are the logs from aswMBR and TDSS,but OTL didn't provide one...I wonder if I was supposed to check the "all" box under extra registry this time too...? Anyway here these are.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 21:21:52
-----------------------------
21:21:52.765 OS Version: Windows 5.1.2600 Service Pack 3
21:21:52.765 Number of processors: 2 586 0x170A
21:21:52.765 ComputerName: MARK-59C0B947BC UserName:
21:21:53.109 Initialize success
21:21:59.046 AVAST engine defs: 12091400
21:22:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:22:14.359 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
21:22:14.359 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1c
21:22:14.359 Disk 1 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610479MB BusType: 3
21:22:14.359 Disk 0 MBR read successfully
21:22:14.359 Disk 0 MBR scan
21:22:14.390 Disk 0 Windows XP default MBR code
21:22:14.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 63
21:22:14.390 Disk 0 scanning sectors +586067265
21:22:14.437 Disk 0 scanning C:\WINDOWS.0\system32\drivers
21:22:18.312 Service scanning
21:22:26.921 Modules scanning
21:22:30.468 AVAST engine scan C:\WINDOWS.0
21:22:36.109 AVAST engine scan C:\WINDOWS.0\system32
21:23:46.515 AVAST engine scan C:\WINDOWS.0\system32\drivers
21:23:51.140 AVAST engine scan C:\Documents and Settings\Mark V. Sanderford
21:31:16.328 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS.0
21:32:40.484 Scan finished successfully
21:34:16.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat"
21:34:16.078 The log file has been saved successfully to "C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.txt"

21:35:01.0765 4576 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:35:02.0156 4576 ============================================================
21:35:02.0156 4576 Current date / time: 2012/09/14 21:35:02.0156
21:35:02.0156 4576 SystemInfo:
21:35:02.0156 4576
21:35:02.0156 4576 OS Version: 5.1.2600 ServicePack: 3.0
21:35:02.0156 4576 Product type: Workstation
21:35:02.0156 4576 ComputerName: MARK-59C0B947BC
21:35:02.0156 4576 UserName: Mark V. Sanderford
21:35:02.0156 4576 Windows directory: C:\WINDOWS.0
21:35:02.0156 4576 System windows directory: C:\WINDOWS.0
21:35:02.0156 4576 Processor architecture: Intel x86
21:35:02.0156 4576 Number of processors: 2
21:35:02.0156 4576 Page size: 0x1000
21:35:02.0156 4576 Boot type: Normal boot
21:35:02.0156 4576 ============================================================
21:35:02.0843 4576 Drive \Device\Harddisk0\DR0 - Size: 0x45DD71DE00 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:35:02.0859 4576 Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:35:02.0859 4576 Drive \Device\Harddisk2\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:35:09.0359 4576 Drive \Device\Harddisk3\DR6 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:35:09.0671 4576 ============================================================
21:35:09.0671 4576 \Device\Harddisk0\DR0:
21:35:09.0671 4576 MBR partitions:
21:35:09.0671 4576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
21:35:09.0671 4576 \Device\Harddisk1\DR1:
21:35:09.0687 4576 MBR partitions:
21:35:09.0687 4576 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4A852FC1
21:35:09.0687 4576 \Device\Harddisk2\DR4:
21:35:09.0687 4576 MBR partitions:
21:35:09.0687 4576 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
21:35:09.0687 4576 \Device\Harddisk3\DR6:
21:35:09.0687 4576 MBR partitions:
21:35:09.0687 4576 \Device\Harddisk3\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
21:35:09.0687 4576 ============================================================
21:35:09.0734 4576 C: <-> \Device\Harddisk0\DR0\Partition1
21:35:09.0781 4576 D: <-> \Device\Harddisk1\DR1\Partition1
21:35:09.0781 4576 G: <-> \Device\Harddisk2\DR4\Partition1
21:35:10.0000 4576 I: <-> \Device\Harddisk3\DR6\Partition1
21:35:10.0000 4576 ============================================================
21:35:10.0000 4576 Initialize success
21:35:10.0000 4576 ============================================================
21:35:12.0671 0440 ============================================================
21:35:12.0671 0440 Scan started
21:35:12.0671 0440 Mode: Manual;
21:35:12.0671 0440 ============================================================
21:35:13.0703 0440 ================ Scan system memory ========================
21:35:13.0703 0440 System memory - ok
21:35:13.0703 0440 ================ Scan services =============================
21:35:13.0750 0440 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:35:13.0750 0440 !SASCORE - ok
21:35:13.0828 0440 94865510 - ok
21:35:13.0828 0440 Abiosdsk - ok
21:35:13.0828 0440 abp480n5 - ok
21:35:13.0859 0440 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS.0\system32\DRIVERS\ACPI.sys
21:35:13.0859 0440 ACPI - ok
21:35:13.0875 0440 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS.0\system32\drivers\ACPIEC.sys
21:35:13.0875 0440 ACPIEC - ok
21:35:13.0890 0440 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:35:13.0890 0440 Adobe LM Service - ok
21:35:13.0937 0440 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:13.0937 0440 AdobeFlashPlayerUpdateSvc - ok
21:35:13.0937 0440 adpu160m - ok
21:35:13.0953 0440 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS.0\system32\drivers\aec.sys
21:35:13.0953 0440 aec - ok
21:35:13.0968 0440 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS.0\System32\drivers\afd.sys
21:35:13.0968 0440 AFD - ok
21:35:13.0968 0440 Aha154x - ok
21:35:13.0968 0440 aic78u2 - ok
21:35:13.0968 0440 aic78xx - ok
21:35:13.0984 0440 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS.0\system32\alrsvc.dll
21:35:13.0984 0440 Alerter - ok
21:35:13.0984 0440 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS.0\System32\alg.exe
21:35:13.0984 0440 ALG - ok
21:35:13.0984 0440 AliIde - ok
21:35:14.0000 0440 amsint - ok
21:35:14.0015 0440 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
21:35:14.0015 0440 APC UPS Service - ok
21:35:14.0046 0440 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:14.0046 0440 Apple Mobile Device - ok
21:35:14.0046 0440 AppMgmt - ok
21:35:14.0046 0440 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS.0\system32\DRIVERS\arp1394.sys
21:35:14.0046 0440 Arp1394 - ok
21:35:14.0046 0440 asc - ok
21:35:14.0046 0440 asc3350p - ok
21:35:14.0062 0440 asc3550 - ok
21:35:14.0093 0440 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:35:14.0093 0440 aspnet_state - ok
21:35:14.0125 0440 [ 47ECB641BF04D4C2353B0487ABC9D268 ] Asset Management Daemon C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
21:35:14.0140 0440 Asset Management Daemon - ok
21:35:14.0140 0440 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS.0\system32\DRIVERS\asyncmac.sys
21:35:14.0140 0440 AsyncMac - ok
21:35:14.0156 0440 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS.0\system32\DRIVERS\atapi.sys
21:35:14.0156 0440 atapi - ok
21:35:14.0156 0440 Atdisk - ok
21:35:14.0171 0440 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS.0\system32\drivers\AtiHdmi.sys
21:35:14.0171 0440 AtiHdmiService - ok
21:35:14.0171 0440 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS.0\system32\DRIVERS\atmarpc.sys
21:35:14.0171 0440 Atmarpc - ok
21:35:14.0187 0440 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS.0\System32\audiosrv.dll
21:35:14.0187 0440 AudioSrv - ok
21:35:14.0203 0440 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS.0\system32\DRIVERS\audstub.sys
21:35:14.0203 0440 audstub - ok
21:35:14.0203 0440 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS.0\system32\drivers\Beep.sys
21:35:14.0203 0440 Beep - ok
21:35:14.0218 0440 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS.0\system32\qmgr.dll
21:35:14.0234 0440 BITS - ok
21:35:14.0265 0440 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:35:14.0281 0440 Bonjour Service - ok
21:35:14.0281 0440 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS.0\System32\browser.dll
21:35:14.0296 0440 Browser - ok
21:35:14.0296 0440 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS.0\system32\drivers\cbidf2k.sys
21:35:14.0296 0440 cbidf2k - ok
21:35:14.0296 0440 cd20xrnt - ok
21:35:14.0312 0440 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS.0\system32\drivers\Cdaudio.sys
21:35:14.0312 0440 Cdaudio - ok
21:35:14.0312 0440 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS.0\system32\drivers\Cdfs.sys
21:35:14.0312 0440 Cdfs - ok
21:35:14.0328 0440 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS.0\system32\DRIVERS\cdrom.sys
21:35:14.0328 0440 Cdrom - ok
21:35:14.0328 0440 Changer - ok
21:35:14.0390 0440 [ 91D1BEF4AE80EDA8CDB4120B3522DEA6 ] CIDLinkAdvisorService C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
21:35:14.0390 0440 CIDLinkAdvisorService - ok
21:35:14.0390 0440 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS.0\system32\cisvc.exe
21:35:14.0390 0440 CiSvc - ok
21:35:14.0406 0440 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS.0\system32\clipsrv.exe
21:35:14.0406 0440 ClipSrv - ok
21:35:14.0421 0440 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:14.0421 0440 clr_optimization_v2.0.50727_32 - ok
21:35:14.0421 0440 CmdIde - ok
21:35:14.0468 0440 [ 8FF7029D0ED1CEB546C3DB981130DAEA ] COM Service C:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
21:35:14.0468 0440 COM Service - ok
21:35:14.0468 0440 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS.0\system32\DRIVERS\compbatt.sys
21:35:14.0468 0440 Compbatt - ok
21:35:14.0468 0440 COMSysApp - ok
21:35:14.0468 0440 Cpqarray - ok
21:35:14.0468 0440 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS.0\System32\cryptsvc.dll
21:35:14.0468 0440 CryptSvc - ok
21:35:14.0468 0440 dac2w2k - ok
21:35:14.0484 0440 dac960nt - ok
21:35:14.0500 0440 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS.0\system32\rpcss.dll
21:35:14.0515 0440 DcomLaunch - ok
21:35:14.0515 0440 DELTA - ok
21:35:14.0531 0440 [ 20A04D8077CCCBA1711070EB01F02AFB ] DELTAII C:\WINDOWS.0\system32\DRIVERS\deltaII.sys
21:35:14.0531 0440 DELTAII - ok
21:35:14.0546 0440 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS.0\System32\dhcpcsvc.dll
21:35:14.0546 0440 Dhcp - ok
21:35:14.0562 0440 [ 74DD46D49809C5F689F24CCDD0D18A4E ] DigiFilter C:\WINDOWS.0\system32\drivers\DigiFilt.sys
21:35:14.0562 0440 DigiFilter - ok
21:35:14.0578 0440 DigiRefresh - ok
21:35:14.0578 0440 [ 02983523825AEC64B6C50D7AFD2F694E ] digiSPTIService C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
21:35:14.0593 0440 digiSPTIService - ok
21:35:14.0593 0440 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS.0\system32\DRIVERS\disk.sys
21:35:14.0593 0440 Disk - ok
21:35:14.0593 0440 dmadmin - ok
21:35:14.0609 0440 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS.0\system32\drivers\dmboot.sys
21:35:14.0625 0440 dmboot - ok
21:35:14.0640 0440 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS.0\system32\drivers\dmio.sys
21:35:14.0640 0440 dmio - ok
21:35:14.0656 0440 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS.0\system32\drivers\dmload.sys
21:35:14.0656 0440 dmload - ok
21:35:14.0656 0440 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS.0\System32\dmserver.dll
21:35:14.0656 0440 dmserver - ok
21:35:14.0671 0440 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS.0\system32\drivers\DMusic.sys
21:35:14.0671 0440 DMusic - ok
21:35:14.0687 0440 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS.0\System32\dnsrslvr.dll
21:35:14.0687 0440 Dnscache - ok
21:35:14.0703 0440 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS.0\System32\dot3svc.dll
21:35:14.0703 0440 Dot3svc - ok
21:35:14.0703 0440 dpti2o - ok
21:35:14.0703 0440 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS.0\system32\drivers\drmkaud.sys
21:35:14.0718 0440 drmkaud - ok
21:35:14.0734 0440 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
21:35:14.0734 0440 DTSRVC - ok
21:35:14.0734 0440 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS.0\System32\eapsvc.dll
21:35:14.0734 0440 EapHost - ok
21:35:14.0750 0440 [ 0281A8C7EF5CE55ACB459F466EECD19F ] epppdt C:\WINDOWS.0\system32\DRIVERS\epppdt.sys
21:35:14.0750 0440 epppdt - ok
21:35:14.0765 0440 [ A720DC80DBCF5BA5EE48ECA7A2573EBE ] epppdtpr C:\WINDOWS.0\system32\DRIVERS\epppdtpr.sys
21:35:14.0765 0440 epppdtpr - ok
21:35:14.0765 0440 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS.0\System32\ersvc.dll
21:35:14.0765 0440 ERSvc - ok
21:35:14.0781 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS.0\system32\services.exe
21:35:14.0781 0440 Eventlog - ok
21:35:14.0796 0440 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS.0\system32\es.dll
21:35:14.0796 0440 EventSystem - ok
21:35:14.0812 0440 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS.0\system32\drivers\Fastfat.sys
21:35:14.0828 0440 Fastfat - ok
21:35:14.0843 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS.0\System32\shsvcs.dll
21:35:14.0843 0440 FastUserSwitchingCompatibility - ok
21:35:14.0859 0440 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS.0\system32\DRIVERS\fdc.sys
21:35:14.0859 0440 Fdc - ok
21:35:14.0859 0440 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS.0\system32\drivers\Fips.sys
21:35:14.0859 0440 Fips - ok
21:35:14.0875 0440 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS.0\system32\DRIVERS\flpydisk.sys
21:35:14.0875 0440 Flpydisk - ok
21:35:14.0875 0440 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS.0\system32\DRIVERS\fltMgr.sys
21:35:14.0875 0440 FltMgr - ok
21:35:14.0921 0440 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:35:14.0921 0440 FontCache3.0.0.0 - ok
21:35:14.0921 0440 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS.0\system32\drivers\Fs_Rec.sys
21:35:14.0921 0440 Fs_Rec - ok
21:35:14.0937 0440 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS.0\system32\DRIVERS\ftdisk.sys
21:35:14.0937 0440 Ftdisk - ok
21:35:14.0953 0440 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS.0\gdrv.sys
21:35:14.0953 0440 gdrv - ok
21:35:14.0968 0440 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys
21:35:14.0968 0440 GEARAspiWDM - ok
21:35:14.0984 0440 [ 9F8A14BA43086FFD4637FD3F961B6D64 ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
21:35:14.0984 0440 GEST Service - ok
21:35:15.0000 0440 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS.0\system32\giveio.sys
21:35:15.0000 0440 giveio - ok
21:35:15.0000 0440 GMSIPCI - ok
21:35:15.0000 0440 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS.0\system32\DRIVERS\msgpc.sys
21:35:15.0000 0440 Gpc - ok
21:35:15.0046 0440 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:15.0046 0440 gupdate - ok
21:35:15.0046 0440 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:15.0046 0440 gupdatem - ok
21:35:15.0062 0440 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS.0\system32\Drivers\GVTDrv.sys
21:35:15.0062 0440 GVTDrv - ok
21:35:15.0078 0440 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys
21:35:15.0078 0440 HDAudBus - ok
21:35:15.0109 0440 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:35:15.0109 0440 helpsvc - ok
21:35:15.0125 0440 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS.0\system32\DRIVERS\HidBatt.sys
21:35:15.0125 0440 HidBatt - ok
21:35:15.0140 0440 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS.0\System32\hidserv.dll
21:35:15.0140 0440 HidServ - ok
21:35:15.0156 0440 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS.0\system32\DRIVERS\hidusb.sys
21:35:15.0156 0440 hidusb - ok
21:35:15.0171 0440 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS.0\System32\kmsvc.dll
21:35:15.0171 0440 hkmsvc - ok
21:35:15.0171 0440 hpn - ok
21:35:15.0187 0440 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS.0\system32\Drivers\HTTP.sys
21:35:15.0187 0440 HTTP - ok
21:35:15.0203 0440 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS.0\System32\w3ssl.dll
21:35:15.0203 0440 HTTPFilter - ok
21:35:15.0218 0440 i2omgmt - ok
21:35:15.0218 0440 i2omp - ok
21:35:15.0250 0440 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:35:15.0250 0440 IDriverT - ok
21:35:15.0265 0440 [ 63D05CE1990B514789C1F9566140D5B0 ] idsvc C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:35:15.0281 0440 Suspicious file (Forged): C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 63D05CE1990B514789C1F9566140D5B0, Fake md5: C01AC32DC5C03076CFB852CB5DA5229C
21:35:15.0281 0440 idsvc ( ForgedFile.Multi.Generic ) - warning
21:35:15.0281 0440 idsvc - detected ForgedFile.Multi.Generic (1)
21:35:15.0312 0440 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
21:35:15.0328 0440 IHA_MessageCenter - ok
21:35:15.0328 0440 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS.0\system32\DRIVERS\imapi.sys
21:35:15.0343 0440 Imapi - ok
21:35:15.0343 0440 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS.0\system32\imapi.exe
21:35:15.0343 0440 ImapiService - ok
21:35:15.0359 0440 [ 98E96B6F095E6289C3293B99D0F926B2 ] InCDfs C:\WINDOWS.0\system32\drivers\InCDFs.sys
21:35:15.0359 0440 InCDfs - ok
21:35:15.0375 0440 [ 0B3E2517CF826020688650D46ADF5B05 ] InCDPass C:\WINDOWS.0\system32\drivers\InCDPass.sys
21:35:15.0375 0440 InCDPass - ok
21:35:15.0390 0440 [ 00EE363EA793A9D8DAB5254ACBD7D8E6 ] InCDrec C:\WINDOWS.0\system32\drivers\InCDRec.sys
21:35:15.0390 0440 InCDrec - ok
21:35:15.0406 0440 [ D41AB5BE8861AFF53851594DE58DDDFA ] incdrm C:\WINDOWS.0\system32\drivers\InCDRm.sys
21:35:15.0406 0440 incdrm - ok
21:35:15.0437 0440 [ FD8531B1D12DAF45EE98BF72CC8528C8 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
21:35:15.0468 0440 Suspicious file (Forged): C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe. Real md5: FD8531B1D12DAF45EE98BF72CC8528C8, Fake md5: 40F8DC71CD638C40DB38A0C08AF2A6ED
21:35:15.0468 0440 InCDsrv ( ForgedFile.Multi.Generic ) - warning
21:35:15.0468 0440 InCDsrv - detected ForgedFile.Multi.Generic (1)
21:35:15.0468 0440 ini910u - ok
21:35:15.0500 0440 [ 50264B5D818D67DA83A9054F8A16C1F6 ] IntcAzAudAddService C:\WINDOWS.0\system32\drivers\RtkHDAud.sys
21:35:15.0546 0440 Suspicious file (Forged): C:\WINDOWS.0\system32\drivers\RtkHDAud.sys. Real md5: 50264B5D818D67DA83A9054F8A16C1F6, Fake md5: 4AAA8312732655F93A254D1FA695EB79
21:35:15.0562 0440 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
21:35:15.0562 0440 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
21:35:15.0562 0440 IntelIde - ok
21:35:15.0578 0440 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS.0\system32\DRIVERS\intelppm.sys
21:35:15.0578 0440 intelppm - ok
21:35:15.0578 0440 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS.0\system32\DRIVERS\Ip6Fw.sys
21:35:15.0578 0440 Ip6Fw - ok
21:35:15.0593 0440 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS.0\system32\DRIVERS\ipfltdrv.sys
21:35:15.0593 0440 IpFilterDriver - ok
21:35:15.0593 0440 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS.0\system32\DRIVERS\ipinip.sys
21:35:15.0593 0440 IpInIp - ok
21:35:15.0609 0440 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS.0\system32\DRIVERS\ipnat.sys
21:35:15.0609 0440 IpNat - ok
21:35:15.0656 0440 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:35:15.0656 0440 iPod Service - ok
21:35:15.0671 0440 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS.0\system32\DRIVERS\ipsec.sys
21:35:15.0671 0440 IPSec - ok
21:35:15.0671 0440 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS.0\system32\DRIVERS\irenum.sys
21:35:15.0671 0440 IRENUM - ok
21:35:15.0687 0440 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS.0\system32\DRIVERS\isapnp.sys
21:35:15.0687 0440 isapnp - ok
21:35:15.0734 0440 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:35:15.0734 0440 JavaQuickStarterService - ok
21:35:15.0734 0440 [ B07084095F8C03AADB9811C9DF14B5E4 ] JRAID C:\WINDOWS.0\system32\DRIVERS\jraid.sys
21:35:15.0734 0440 JRAID - ok
21:35:15.0734 0440 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS.0\system32\DRIVERS\kbdclass.sys
21:35:15.0750 0440 Kbdclass - ok
21:35:15.0750 0440 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys
21:35:15.0750 0440 kbdhid - ok
21:35:15.0750 0440 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS.0\system32\drivers\kmixer.sys
21:35:15.0750 0440 kmixer - ok
21:35:15.0765 0440 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS.0\system32\drivers\KSecDD.sys
21:35:15.0765 0440 KSecDD - ok
21:35:15.0781 0440 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS.0\System32\srvsvc.dll
21:35:15.0796 0440 LanmanServer - ok
21:35:15.0812 0440 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS.0\System32\wkssvc.dll
21:35:15.0812 0440 lanmanworkstation - ok
21:35:15.0812 0440 Lavasoft Kernexplorer - ok
21:35:15.0828 0440 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS.0\system32\DRIVERS\Lbd.sys
21:35:15.0828 0440 Lbd - ok
21:35:15.0843 0440 [ E254E5B2C5227DDBB47D045940A0A559 ] LBeepKE C:\WINDOWS.0\system32\Drivers\LBeepKE.sys
21:35:15.0843 0440 LBeepKE - ok
21:35:15.0843 0440 lbrtfdc - ok
21:35:15.0859 0440 [ 47C12F1A54B5C1B51008D7629C1D4F7B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:35:15.0875 0440 LBTServ - ok
21:35:15.0875 0440 [ 8B30311241F97B35167AFE68D79E8530 ] LHidFilt C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys
21:35:15.0875 0440 LHidFilt - ok
21:35:15.0890 0440 [ 3C357DFDBBF2B4B01AA4B9C8A26E4416 ] LHidFlt2 C:\WINDOWS.0\system32\DRIVERS\LHidFlt2.Sys
21:35:15.0890 0440 LHidFlt2 - ok
21:35:15.0906 0440 [ FFB851B1B2F6596B7D3182B977A85206 ] LHidUsb C:\WINDOWS.0\system32\Drivers\LHidUsb.Sys
21:35:15.0906 0440 LHidUsb - ok
21:35:15.0921 0440 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
21:35:15.0937 0440 LinksysUpdater - ok
21:35:15.0937 0440 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS.0\System32\lmhsvc.dll
21:35:15.0937 0440 LmHosts - ok
21:35:15.0953 0440 [ 48D7422A6C4EEC886B56AC534CFA3ACF ] LMouFilt C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys
21:35:15.0953 0440 LMouFilt - ok
21:35:15.0968 0440 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS.0\system32\DRIVERS\LMouFlt2.Sys
21:35:15.0968 0440 LMouFlt2 - ok
21:35:15.0968 0440 [ 0B808FF2F17C8396FB2AE202F75AED37 ] LUsbFilt C:\WINDOWS.0\system32\Drivers\LUsbFilt.Sys
21:35:15.0968 0440 LUsbFilt - ok
21:35:15.0968 0440 MCSTRM - ok
21:35:15.0984 0440 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS.0\System32\msgsvc.dll
21:35:15.0984 0440 Messenger - ok
21:35:16.0000 0440 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS.0\system32\drivers\mnmdd.sys
21:35:16.0000 0440 mnmdd - ok
21:35:16.0000 0440 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS.0\system32\mnmsrvc.exe
21:35:16.0000 0440 mnmsrvc - ok
21:35:16.0015 0440 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS.0\system32\drivers\Modem.sys
21:35:16.0015 0440 Modem - ok
21:35:16.0031 0440 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS.0\system32\DRIVERS\mouclass.sys
21:35:16.0031 0440 Mouclass - ok
21:35:16.0031 0440 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS.0\system32\DRIVERS\mouhid.sys
21:35:16.0031 0440 mouhid - ok
21:35:16.0031 0440 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS.0\system32\drivers\MountMgr.sys
21:35:16.0031 0440 MountMgr - ok
21:35:16.0062 0440 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:35:16.0062 0440 MozillaMaintenance - ok
21:35:16.0093 0440 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS.0\system32\DRIVERS\MpFilter.sys
21:35:16.0093 0440 MpFilter - ok
21:35:16.0093 0440 mraid35x - ok
21:35:16.0093 0440 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS.0\system32\DRIVERS\mrxdav.sys
21:35:16.0093 0440 MRxDAV - ok
21:35:16.0125 0440 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys
21:35:16.0156 0440 MRxSmb - ok
21:35:16.0171 0440 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS.0\system32\msdtc.exe
21:35:16.0171 0440 MSDTC - ok
21:35:16.0171 0440 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS.0\system32\drivers\Msfs.sys
21:35:16.0171 0440 Msfs - ok
21:35:16.0171 0440 MSICPL - ok
21:35:16.0171 0440 MSIServer - ok
21:35:16.0187 0440 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
21:35:16.0187 0440 MSKSSRV - ok
21:35:16.0203 0440 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:35:16.0203 0440 MsMpSvc - ok
21:35:16.0218 0440 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
21:35:16.0218 0440 MSPCLOCK - ok
21:35:16.0218 0440 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS.0\system32\drivers\MSPQM.sys
21:35:16.0218 0440 MSPQM - ok
21:35:16.0234 0440 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS.0\system32\DRIVERS\mssmbios.sys
21:35:16.0234 0440 mssmbios - ok
21:35:16.0234 0440 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS.0\system32\drivers\Mup.sys
21:35:16.0234 0440 Mup - ok
21:35:16.0265 0440 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS.0\System32\qagentrt.dll
21:35:16.0265 0440 napagent - ok
21:35:16.0296 0440 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:35:16.0312 0440 NBService - ok
21:35:16.0312 0440 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS.0\system32\drivers\NDIS.sys
21:35:16.0312 0440 NDIS - ok
21:35:16.0328 0440 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys
21:35:16.0328 0440 NdisTapi - ok
21:35:16.0343 0440 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS.0\system32\DRIVERS\ndisuio.sys
21:35:16.0343 0440 Ndisuio - ok
21:35:16.0343 0440 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS.0\system32\DRIVERS\ndiswan.sys
21:35:16.0343 0440 NdisWan - ok
21:35:16.0359 0440 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS.0\system32\drivers\NDProxy.sys
21:35:16.0359 0440 NDProxy - ok
21:35:16.0359 0440 NeroRegInCDSrv - ok
21:35:16.0359 0440 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS.0\system32\DRIVERS\netbios.sys
21:35:16.0359 0440 NetBIOS - ok
21:35:16.0375 0440 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS.0\system32\DRIVERS\netbt.sys
21:35:16.0375 0440 NetBT - ok
21:35:16.0375 0440 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS.0\system32\netdde.exe
21:35:16.0390 0440 NetDDE - ok
21:35:16.0390 0440 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS.0\system32\netdde.exe
21:35:16.0390 0440 NetDDEdsdm - ok
21:35:16.0390 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS.0\system32\lsass.exe
21:35:16.0390 0440 Netlogon - ok
21:35:16.0406 0440 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS.0\System32\netman.dll
21:35:16.0406 0440 Netman - ok
21:35:16.0421 0440 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:16.0421 0440 NetTcpPortSharing - ok
21:35:16.0437 0440 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS.0\system32\DRIVERS\nic1394.sys
21:35:16.0437 0440 NIC1394 - ok
21:35:16.0437 0440 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS.0\System32\mswsock.dll
21:35:16.0453 0440 Nla - ok
21:35:16.0468 0440 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\WINDOWS.0\system32\nlssrv32.exe
21:35:16.0468 0440 nlsX86cc - ok
21:35:16.0500 0440 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:35:16.0500 0440 NMIndexingService - ok
21:35:16.0531 0440 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
21:35:16.0546 0440 nmservice - ok
21:35:16.0562 0440 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS.0\system32\drivers\Npfs.sys
21:35:16.0562 0440 Npfs - ok
21:35:16.0562 0440 NTACCESS - ok
21:35:16.0562 0440 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS.0\system32\drivers\Ntfs.sys
21:35:16.0578 0440 Ntfs - ok
21:35:16.0578 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS.0\system32\lsass.exe
21:35:16.0578 0440 NtLmSsp - ok
21:35:16.0609 0440 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS.0\system32\ntmssvc.dll
21:35:16.0609 0440 NtmsSvc - ok
21:35:16.0625 0440 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS.0\system32\drivers\Null.sys
21:35:16.0625 0440 Null - ok
21:35:16.0671 0440 [ C407467C9C43B15E8725978E114C4D65 ] nv C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
21:35:16.0750 0440 Suspicious file (Forged): C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys. Real md5: C407467C9C43B15E8725978E114C4D65, Fake md5: BF506D232C5E6F2DAE80F5C11B45C60E
21:35:16.0765 0440 nv ( ForgedFile.Multi.Generic ) - warning
21:35:16.0765 0440 nv - detected ForgedFile.Multi.Generic (1)
21:35:16.0796 0440 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] NVSvc C:\WINDOWS.0\system32\nvsvc32.exe
21:35:16.0796 0440 NVSvc - ok
21:35:16.0796 0440 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS.0\system32\DRIVERS\nwlnkflt.sys
21:35:16.0796 0440 NwlnkFlt - ok
21:35:16.0812 0440 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS.0\system32\DRIVERS\nwlnkfwd.sys
21:35:16.0812 0440 NwlnkFwd - ok
21:35:16.0843 0440 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:35:16.0859 0440 odserv - ok
21:35:16.0859 0440 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys
21:35:16.0859 0440 ohci1394 - ok
21:35:16.0890 0440 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:16.0890 0440 ose - ok
21:35:16.0890 0440 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS.0\system32\DRIVERS\parport.sys
21:35:16.0906 0440 Parport - ok
21:35:16.0906 0440 [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan C:\WINDOWS.0\system32\drivers\Partizan.sys
21:35:16.0906 0440 Partizan - ok
21:35:16.0906 0440 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS.0\system32\drivers\PartMgr.sys
21:35:16.0906 0440 PartMgr - ok
21:35:16.0921 0440 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS.0\system32\drivers\ParVdm.sys
21:35:16.0921 0440 ParVdm - ok
21:35:16.0921 0440 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS.0\system32\DRIVERS\pci.sys
21:35:16.0921 0440 PCI - ok
21:35:16.0921 0440 PCIDump - ok
21:35:16.0921 0440 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS.0\system32\DRIVERS\pciide.sys
21:35:16.0921 0440 PCIIde - ok
21:35:16.0937 0440 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS.0\system32\drivers\Pcmcia.sys
21:35:16.0937 0440 Pcmcia - ok
21:35:16.0937 0440 PDCOMP - ok
21:35:16.0937 0440 PDFRAME - ok
21:35:16.0953 0440 [ D5DE7DD879CC7C2CDC5080B4F04F6770 ] PdiPorts C:\WINDOWS.0\system32\Drivers\PdiPorts.sys
21:35:16.0953 0440 PdiPorts - ok
21:35:16.0968 0440 [ C6CD72D1ED3B130E30FCE2B156817893 ] PdiService C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
21:35:16.0968 0440 PdiService - ok
21:35:16.0968 0440 PDRELI - ok
21:35:16.0968 0440 PDRFRAME - ok
21:35:16.0968 0440 perc2 - ok
21:35:16.0968 0440 perc2hib - ok
21:35:16.0984 0440 [ 943F840611D33832308EC5310B616B57 ] Pivot C:\WINDOWS.0\system32\drivers\pivot.sys
21:35:16.0984 0440 Pivot - ok
21:35:17.0000 0440 [ 998C58295288EEDFBFE95E7F6CC94DF4 ] pivotmou C:\WINDOWS.0\System32\drivers\pivotmou.sys
21:35:17.0000 0440 pivotmou - ok
21:35:17.0000 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS.0\system32\services.exe
21:35:17.0015 0440 PlugPlay - ok
21:35:17.0031 0440 [ DEA06627596015263360097C2608384E ] pnarp C:\WINDOWS.0\system32\DRIVERS\pnarp.sys
21:35:17.0031 0440 pnarp - ok
21:35:17.0031 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS.0\system32\lsass.exe
21:35:17.0031 0440 PolicyAgent - ok
21:35:17.0046 0440 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS.0\system32\DRIVERS\raspptp.sys
21:35:17.0046 0440 PptpMiniport - ok
21:35:17.0046 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS.0\system32\lsass.exe
21:35:17.0046 0440 ProtectedStorage - ok
21:35:17.0062 0440 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS.0\system32\DRIVERS\psched.sys
21:35:17.0062 0440 PSched - ok
21:35:17.0078 0440 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS.0\system32\DRIVERS\ptilink.sys
21:35:17.0078 0440 Ptilink - ok
21:35:17.0078 0440 [ C0CDB9F7CE42C3487F0BEA409BF5D153 ] purendis C:\WINDOWS.0\system32\DRIVERS\purendis.sys
21:35:17.0078 0440 purendis - ok
21:35:17.0078 0440 ql1080 - ok
21:35:17.0078 0440 Ql10wnt - ok
21:35:17.0078 0440 ql12160 - ok
21:35:17.0078 0440 ql1240 - ok
21:35:17.0093 0440 ql1280 - ok
21:35:17.0093 0440 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS.0\system32\DRIVERS\rasacd.sys
21:35:17.0093 0440 RasAcd - ok
21:35:17.0109 0440 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS.0\System32\rasauto.dll
21:35:17.0109 0440 RasAuto - ok
21:35:17.0109 0440 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys
21:35:17.0109 0440 Rasl2tp - ok
21:35:17.0125 0440 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS.0\System32\rasmans.dll
21:35:17.0125 0440 RasMan - ok
21:35:17.0140 0440 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS.0\system32\DRIVERS\raspppoe.sys
21:35:17.0140 0440 RasPppoe - ok
21:35:17.0140 0440 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS.0\system32\DRIVERS\raspti.sys
21:35:17.0140 0440 Raspti - ok
21:35:17.0156 0440 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS.0\system32\DRIVERS\rdbss.sys
21:35:17.0156 0440 Rdbss - ok
21:35:17.0171 0440 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS.0\system32\DRIVERS\RDPCDD.sys
21:35:17.0171 0440 RDPCDD - ok
21:35:17.0187 0440 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS.0\system32\drivers\RDPWD.sys
21:35:17.0187 0440 RDPWD - ok
21:35:17.0203 0440 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS.0\system32\sessmgr.exe
21:35:17.0203 0440 RDSessMgr - ok
21:35:17.0218 0440 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS.0\system32\DRIVERS\redbook.sys
21:35:17.0218 0440 redbook - ok
21:35:17.0234 0440 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\WINDOWS.0\system32\Drivers\regguard.sys
21:35:17.0234 0440 RegGuard - ok
21:35:17.0250 0440 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS.0\System32\mprdim.dll
21:35:17.0250 0440 RemoteAccess - ok
21:35:17.0296 0440 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:35:17.0296 0440 RichVideo - ok
21:35:17.0296 0440 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS.0\system32\locator.exe
21:35:17.0296 0440 RpcLocator - ok
21:35:17.0312 0440 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS.0\System32\rpcss.dll
21:35:17.0312 0440 RpcSs - ok
21:35:17.0328 0440 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS.0\system32\rsvp.exe
21:35:17.0328 0440 RSVP - ok
21:35:17.0343 0440 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys
21:35:17.0343 0440 RTLE8023xp - ok
21:35:17.0343 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS.0\system32\lsass.exe
21:35:17.0343 0440 SamSs - ok
21:35:17.0359 0440 [ 24C68978D48F41084DC00159AA07FAB8 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
21:35:17.0359 0440 SANDRA - ok
21:35:17.0375 0440 [ 3A4AB78A64E391EF3D75BE0619EB428A ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
21:35:17.0375 0440 SandraAgentSrv - ok
21:35:17.0390 0440 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:35:17.0390 0440 SASDIFSV - ok
21:35:17.0406 0440 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:35:17.0406 0440 SASKUTIL - ok
21:35:17.0421 0440 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS.0\system32\DRIVERS\sbp2port.sys
21:35:17.0421 0440 sbp2port - ok
21:35:17.0421 0440 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS.0\System32\SCardSvr.exe
21:35:17.0421 0440 SCardSvr - ok
21:35:17.0453 0440 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS.0\system32\schedsvc.dll
21:35:17.0453 0440 Schedule - ok
21:35:17.0453 0440 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS.0\system32\DRIVERS\secdrv.sys
21:35:17.0468 0440 Secdrv - ok
21:35:17.0468 0440 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS.0\System32\seclogon.dll
21:35:17.0468 0440 seclogon - ok
21:35:17.0468 0440 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS.0\system32\sens.dll
21:35:17.0468 0440 SENS - ok
21:35:17.0484 0440 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS.0\system32\DRIVERS\serenum.sys
21:35:17.0484 0440 serenum - ok
21:35:17.0484 0440 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS.0\system32\DRIVERS\serial.sys
21:35:17.0484 0440 Serial - ok
21:35:17.0500 0440 SetupNTGLM7X - ok
21:35:17.0500 0440 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS.0\system32\drivers\Sfloppy.sys
21:35:17.0500 0440 Sfloppy - ok
21:35:17.0515 0440 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS.0\System32\ipnathlp.dll
21:35:17.0515 0440 SharedAccess - ok
21:35:17.0515 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS.0\System32\shsvcs.dll
21:35:17.0515 0440 ShellHWDetection - ok
21:35:17.0515 0440 Simbad - ok
21:35:17.0515 0440 Sparrow - ok
21:35:17.0531 0440 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS.0\system32\speedfan.sys
21:35:17.0531 0440 speedfan - ok
21:35:17.0546 0440 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS.0\system32\drivers\splitter.sys
21:35:17.0546 0440 splitter - ok
21:35:17.0562 0440 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS.0\system32\spoolsv.exe
21:35:17.0562 0440 Spooler - ok
21:35:17.0578 0440 sprtsvc_verizondm - ok
21:35:17.0578 0440 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS.0\system32\DRIVERS\sr.sys
21:35:17.0578 0440 sr - ok
21:35:17.0593 0440 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS.0\system32\srsvc.dll
21:35:17.0593 0440 srservice - ok
21:35:17.0609 0440 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS.0\system32\DRIVERS\srv.sys
21:35:17.0625 0440 Srv - ok
21:35:17.0625 0440 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS.0\System32\ssdpsrv.dll
21:35:17.0625 0440 SSDPSRV - ok
21:35:17.0640 0440 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS.0\system32\wiaservc.dll
21:35:17.0656 0440 stisvc - ok
21:35:17.0671 0440 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS.0\system32\DRIVERS\swenum.sys
21:35:17.0671 0440 swenum - ok
21:35:17.0671 0440 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS.0\system32\drivers\swmidi.sys
21:35:17.0671 0440 swmidi - ok
21:35:17.0671 0440 SwPrv - ok
21:35:17.0671 0440 symc810 - ok
21:35:17.0671 0440 symc8xx - ok
21:35:17.0671 0440 sym_hi - ok
21:35:17.0687 0440 sym_u3 - ok
21:35:17.0703 0440 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS.0\system32\drivers\sysaudio.sys
21:35:17.0703 0440 sysaudio - ok
21:35:17.0718 0440 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS.0\system32\smlogsvc.exe
21:35:17.0718 0440 SysmonLog - ok
21:35:17.0734 0440 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS.0\System32\tapisrv.dll
21:35:17.0734 0440 TapiSrv - ok
21:35:17.0750 0440 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS.0\system32\DRIVERS\tcpip.sys
21:35:17.0750 0440 Tcpip - ok
21:35:17.0765 0440 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS.0\system32\drivers\TDPIPE.sys
21:35:17.0765 0440 TDPIPE - ok
21:35:17.0765 0440 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS.0\system32\drivers\TDTCP.sys
21:35:17.0765 0440 TDTCP - ok
21:35:17.0781 0440 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS.0\system32\DRIVERS\termdd.sys
21:35:17.0781 0440 TermDD - ok
21:35:17.0796 0440 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS.0\System32\termsrv.dll
21:35:17.0796 0440 TermService - ok
21:35:17.0796 0440 tgsrvc_verizondm - ok
21:35:17.0812 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS.0\System32\shsvcs.dll
21:35:17.0812 0440 Themes - ok
21:35:17.0812 0440 TosIde - ok
21:35:17.0828 0440 [ A00DBB3CCF4E0821DD531DB8746A1374 ] TPkd C:\WINDOWS.0\system32\drivers\TPkd.sys
21:35:17.0828 0440 TPkd - ok
21:35:17.0828 0440 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS.0\system32\trkwks.dll
21:35:17.0828 0440 TrkWks - ok
21:35:17.0843 0440 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS.0\system32\DRIVERS\TVICHW32.SYS
21:35:17.0843 0440 TVICHW32 - ok
21:35:17.0859 0440 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS.0\system32\drivers\Udfs.sys
21:35:17.0859 0440 Udfs - ok
21:35:17.0859 0440 ultra - ok
21:35:17.0890 0440 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS.0\system32\DRIVERS\update.sys
21:35:17.0890 0440 Update - ok
21:35:17.0906 0440 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS.0\System32\upnphost.dll
21:35:17.0906 0440 upnphost - ok
21:35:17.0906 0440 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS.0\System32\ups.exe
21:35:17.0906 0440 UPS - ok
21:35:17.0937 0440 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS.0\system32\Drivers\usbaapl.sys
21:35:17.0937 0440 USBAAPL - ok
21:35:17.0937 0440 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS.0\system32\drivers\usbaudio.sys
21:35:17.0937 0440 usbaudio - ok
21:35:17.0953 0440 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys
21:35:17.0953 0440 usbccgp - ok
21:35:17.0968 0440 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS.0\system32\DRIVERS\usbehci.sys
21:35:17.0968 0440 usbehci - ok
21:35:17.0968 0440 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS.0\system32\DRIVERS\usbhub.sys
21:35:17.0968 0440 usbhub - ok
21:35:17.0968 0440 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS.0\system32\DRIVERS\usbprint.sys
21:35:17.0968 0440 usbprint - ok
21:35:18.0000 0440 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS.0\system32\DRIVERS\usbscan.sys
21:35:18.0000 0440 usbscan - ok
21:35:18.0000 0440 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS
21:35:18.0000 0440 USBSTOR - ok
21:35:18.0000 0440 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys
21:35:18.0000 0440 usbuhci - ok
21:35:18.0015 0440 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS.0\System32\drivers\vga.sys
21:35:18.0015 0440 VgaSave - ok
21:35:18.0015 0440 ViaIde - ok
21:35:18.0015 0440 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS.0\system32\drivers\VolSnap.sys
21:35:18.0031 0440 VolSnap - ok
21:35:18.0031 0440 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS.0\System32\vssvc.exe
21:35:18.0046 0440 VSS - ok
21:35:18.0046 0440 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS.0\system32\w32time.dll
21:35:18.0046 0440 W32Time - ok
21:35:18.0062 0440 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS.0\system32\DRIVERS\wanarp.sys
21:35:18.0062 0440 Wanarp - ok
21:35:18.0078 0440 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS.0\system32\DRIVERS\wdcsam.sys
21:35:18.0078 0440 WDC_SAM - ok
21:35:18.0125 0440 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
21:35:18.0125 0440 WDDMService - ok
21:35:18.0140 0440 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys
21:35:18.0140 0440 Wdf01000 - ok
21:35:18.0171 0440 [ 9A541823D5006311AA6680885F5CA45E ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
21:35:18.0187 0440 Suspicious file (Forged): C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe. Real md5: 9A541823D5006311AA6680885F5CA45E, Fake md5: B5966F1DFF6E20576F3C8C2D93D129FD
21:35:18.0187 0440 WDFME ( ForgedFile.Multi.Generic ) - warning
21:35:18.0187 0440 WDFME - detected ForgedFile.Multi.Generic (1)
21:35:18.0187 0440 WDICA - ok
21:35:18.0203 0440 [ 2F4B3C0E58D4A7BD8E38D1CD9CA47691 ] Wdm1 C:\WINDOWS.0\system32\Drivers\usbbc.sys
21:35:18.0203 0440 Wdm1 - ok
21:35:18.0218 0440 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS.0\system32\drivers\wdmaud.sys
21:35:18.0218 0440 wdmaud - ok
21:35:18.0250 0440 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
21:35:18.0265 0440 WDSC - ok
21:35:18.0265 0440 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS.0\System32\webclnt.dll
21:35:18.0265 0440 WebClient - ok
21:35:18.0296 0440 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS.0\system32\wbem\WMIsvc.dll
21:35:18.0296 0440 winmgmt - ok
21:35:18.0312 0440 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS.0\system32\MsPMSNSv.dll
21:35:18.0312 0440 WmdmPmSN - ok
21:35:18.0328 0440 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
21:35:18.0328 0440 WmiApSrv - ok
21:35:18.0343 0440 [ F24B2C2AC4AF2B1A19C42D3415CCA040 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:35:18.0359 0440 Suspicious file (Forged): C:\Program Files\Windows Media Player\WMPNetwk.exe. Real md5: F24B2C2AC4AF2B1A19C42D3415CCA040, Fake md5: 6BAB4DC65515A098505F8B3D01FB6FE5
21:35:18.0359 0440 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - warning
21:35:18.0359 0440 WMPNetworkSvc - detected ForgedFile.Multi.Generic (1)
21:35:18.0375 0440 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys
21:35:18.0375 0440 WpdUsb - ok
21:35:18.0375 0440 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS.0\System32\drivers\ws2ifsl.sys
21:35:18.0375 0440 WS2IFSL - ok
21:35:18.0390 0440 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS.0\system32\wscsvc.dll
21:35:18.0390 0440 wscsvc - ok
21:35:18.0390 0440 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys
21:35:18.0390 0440 WudfPf - ok
21:35:18.0406 0440 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys
21:35:18.0406 0440 WudfRd - ok
21:35:18.0421 0440 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS.0\System32\WUDFSvc.dll
21:35:18.0421 0440 WudfSvc - ok
21:35:18.0421 0440 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS.0\System32\wzcsvc.dll
21:35:18.0437 0440 WZCSVC - ok
21:35:18.0453 0440 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS.0\System32\xmlprov.dll
21:35:18.0453 0440 xmlprov - ok
21:35:18.0453 0440 ================ Scan global ===============================
21:35:18.0453 0440 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS.0\system32\basesrv.dll
21:35:18.0484 0440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
21:35:18.0500 0440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
21:35:18.0500 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS.0\system32\services.exe
21:35:18.0515 0440 [Global] - ok
21:35:18.0515 0440 ================ Scan MBR ==================================
21:35:18.0515 0440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:35:18.0593 0440 \Device\Harddisk0\DR0 - ok
21:35:18.0625 0440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:35:18.0671 0440 \Device\Harddisk1\DR1 - ok
21:35:18.0671 0440 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR4
21:35:18.0671 0440 \Device\Harddisk2\DR4 - ok
21:35:18.0671 0440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR6
21:35:18.0671 0440 \Device\Harddisk3\DR6 - ok
21:35:18.0671 0440 ================ Scan VBR ==================================
21:35:18.0671 0440 [ 5E97E92C457ACF813949C6697B1329A0 ] \Device\Harddisk0\DR0\Partition1
21:35:18.0671 0440 \Device\Harddisk0\DR0\Partition1 - ok
21:35:18.0671 0440 [ B1F7A057FE2BE6B2C6D7229F2E6E8C35 ] \Device\Harddisk1\DR1\Partition1
21:35:18.0687 0440 \Device\Harddisk1\DR1\Partition1 - ok
21:35:18.0687 0440 [ CEE5D8F8B6974ABD2B8EC2ADCC29DEC3 ] \Device\Harddisk2\DR4\Partition1
21:35:19.0156 0440 \Device\Harddisk2\DR4\Partition1 - ok
21:35:19.0156 0440 [ E164AB8671C941BE3D308AA6E0E547D4 ] \Device\Harddisk3\DR6\Partition1
21:35:19.0156 0440 \Device\Harddisk3\DR6\Partition1 - ok
21:35:19.0156 0440 ============================================================
21:35:19.0156 0440 Scan finished
21:35:19.0156 0440 ============================================================
21:35:19.0171 0436 Detected object count: 6
21:35:19.0171 0436 Actual detected object count: 6
21:35:28.0484 0436 C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe - copied to quarantine
21:35:28.0484 0436 idsvc ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:35:28.0546 0436 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe - copied to quarantine
21:35:28.0546 0436 InCDsrv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:35:28.0656 0436 C:\WINDOWS.0\system32\drivers\RtkHDAud.sys - copied to quarantine
21:35:28.0656 0436 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:35:28.0875 0436 C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys - copied to quarantine
21:35:28.0875 0436 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:35:28.0984 0436 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe - copied to quarantine
21:35:28.0984 0436 WDFME ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:35:29.0000 0436 C:\Program Files\Windows Media Player\WMPNetwk.exe - copied to quarantine
21:35:29.0000 0436 WMPNetworkSvc ( ForgedFile.Multi.Generic ) - User select action: Quarantine
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
TDSSKiller is not able to Quarantine the files it finds for some reason. Let's see if there are other copies available:


Copy the text in the code box:

/md5start
infocard.exe 
InCDsrv.exe 
RtkHDAud.sys
nv4_mini.sys
WDFME.exe 
WMPNetwk.exe
/md5stop


Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

MBAM is MalwareBytes AntiMalware Please run a quick scan.
  • 0

Advertisements


#11
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OK, that's done. Here are the logs... Malwarebytes didn't find any malicious files.

OTL logfile created on: 9/15/2012 1:39:56 AM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.39% Memory free
5.19 Gb Paging File | 4.11 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.59 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/10 12:59:18 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2012/09/06 16:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/06 20:05:41 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.0\system32\java.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2008/02/18 15:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 15:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/15 01:34:59 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/15 01:34:59 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/11 08:08:14 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/11 08:08:14 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 22:36:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 22:32:15 | 000,141,312 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,712 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,200 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 23:10:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 23:10:10 | 000,015,872 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/04/18 05:30:43 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
MOD - [2004/11/17 17:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (94865510)
DRV - [2012/09/15 01:33:39 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\WINDOWS.0\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/10 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/14 21:16:49 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs
[2012/09/14 21:02:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 17:14:56 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 11:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\boost_interprocess
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 15:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/10 13:44:50 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:45 | 000,039,184 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:41 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\UnHackMe
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Documents\regruninfo
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

========== Files - Modified Within 30 Days ==========

[2012/09/15 01:34:30 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/15 01:33:39 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/15 01:33:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/15 01:33:38 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 01:33:38 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/15 01:33:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS.0\tasks\WSTAT.job
[2012/09/15 01:33:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/15 01:33:23 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 22:06:33 | 001,939,242 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs.rar
[2012/09/14 22:05:15 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/14 22:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 21:34:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/14 21:16:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts
[2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 14:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012/09/13 23:45:56 | 003,950,886 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:45 | 000,039,184 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2012/08/16 02:20:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/14 22:06:33 | 001,939,242 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs.rar
[2012/09/14 17:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/13 23:45:48 | 003,950,886 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: INCDSRV.EXE >
[2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) MD5=40F8DC71CD638C40DB38A0C08AF2A6ED -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

< MD5 for: INFOCARD.EXE >
[2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) MD5=C01AC32DC5C03076CFB852CB5DA5229C -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

< MD5 for: NV4_MINI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp1.cab:nv4_mini.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp3.cab:nv4_mini.sys
[2009/01/20 19:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\XP 2\I386\sp3.cab:nv4_mini.sys
[2009/01/20 18:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:nv4_mini.sys
[2003/05/02 16:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) MD5=5D701FCA6F7DB7A8A7D21F80A84D291A -- C:\NVIDIA\nForceWinXP\2.45\Display\nv4_mini.sys
[2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) MD5=BF506D232C5E6F2DAE80F5C11B45C60E -- C:\WINDOWS.0\system32\dllcache\nv4_mini.sys
[2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) MD5=BF506D232C5E6F2DAE80F5C11B45C60E -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys
[2008/12/25 12:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) MD5=CE34061A298BFB4EBD1A0BB8592DC977 -- C:\WINDOWS.0\system32\ReinstallBackups\0035\DriverFiles\nv4_mini.sys

< MD5 for: RTKHDAUD.SYS >
[2008/07/24 06:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) MD5=4AAA8312732655F93A254D1FA695EB79 -- C:\Program Files\Realtek\Audio\InstallShield\RTKHDAUD.sys
[2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) MD5=4AAA8312732655F93A254D1FA695EB79 -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys

< MD5 for: WDFME.EXE >
[2011/03/09 11:18:06 | 001,060,864 | ---- | M] () MD5=B5966F1DFF6E20576F3C8C2D93D129FD -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

< MD5 for: WMPNETWK.EXE >
[2009/01/30 18:46:12 | 000,913,408 | ---- | M] (Microsoft Corporation) MD5=6BAB4DC65515A098505F8B3D01FB6FE5 -- C:\Program Files\Windows Media Player\wmpnetwk.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1258 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ
@Alternate Data Stream - 1186 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE
@Alternate Data Stream - 1048 bytes -> C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z

< End of report >

OTL Extras logfile created on: 9/15/2012 1:39:56 AM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.39% Memory free
5.19 Gb Paging File | 4.11 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.59 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS.0\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS.0\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS.0\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS.0\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS.0\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS.0\system32\mmc.exe" = C:\WINDOWS.0\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\AdFender\AdFender.exe" = C:\Program Files\AdFender\AdFender.exe:*:Enabled:AdFender -- (AdFender, Inc.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered Demo 7.4
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5392136D-EF88-415D-82B6-628C00EFDADA}" = IntelliMover
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859F6F7D-7A17-480B-B509-CCA9B3EDCC69}" = DC7
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Micro
  • 0

#12
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OK, that's done. Here are the logs... Malwarebytes didn't find any malicious files.

OTL logfile created on: 9/15/2012 1:39:56 AM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.39% Memory free
5.19 Gb Paging File | 4.11 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.59 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/10 12:59:18 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2012/09/06 16:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/06 20:05:41 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.0\system32\java.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2008/02/18 15:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 15:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/15 01:34:59 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/15 01:34:59 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/11 08:08:14 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/11 08:08:14 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 22:36:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 22:32:15 | 000,141,312 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,712 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 23:10:37 | 000,627,200 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 23:10:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 23:10:10 | 000,015,872 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/04/18 05:30:43 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
MOD - [2004/11/17 17:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (94865510)
DRV - [2012/09/15 01:33:39 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\WINDOWS.0\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/10 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/14 21:16:49 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs
[2012/09/14 21:02:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 17:14:56 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 11:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\boost_interprocess
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 15:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:52:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/10 13:44:50 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:45 | 000,039,184 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:41 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\UnHackMe
[2012/09/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Documents\regruninfo
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

========== Files - Modified Within 30 Days ==========

[2012/09/15 01:34:30 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/15 01:33:39 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/15 01:33:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/15 01:33:38 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 01:33:38 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/15 01:33:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS.0\tasks\WSTAT.job
[2012/09/15 01:33:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/15 01:33:23 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 22:06:33 | 001,939,242 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs.rar
[2012/09/14 22:05:15 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/14 22:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 21:34:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/14 21:16:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts
[2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 14:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012/09/13 23:45:56 | 003,950,886 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:44:50 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\regguard.sys
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:45 | 000,039,184 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\Partizan.exe
[2012/09/10 13:30:45 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS.0\System32\drivers\Partizan.sys
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS.0\System32\drivers\UnHackMeDrv.sys
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2012/08/16 02:20:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/14 22:06:33 | 001,939,242 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs.rar
[2012/09/14 17:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/13 23:45:48 | 003,950,886 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: INCDSRV.EXE >
[2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) MD5=40F8DC71CD638C40DB38A0C08AF2A6ED -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

< MD5 for: INFOCARD.EXE >
[2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) MD5=C01AC32DC5C03076CFB852CB5DA5229C -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

< MD5 for: NV4_MINI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp1.cab:nv4_mini.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp3.cab:nv4_mini.sys
[2009/01/20 19:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\XP 2\I386\sp3.cab:nv4_mini.sys
[2009/01/20 18:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:nv4_mini.sys
[2003/05/02 16:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) MD5=5D701FCA6F7DB7A8A7D21F80A84D291A -- C:\NVIDIA\nForceWinXP\2.45\Display\nv4_mini.sys
[2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) MD5=BF506D232C5E6F2DAE80F5C11B45C60E -- C:\WINDOWS.0\system32\dllcache\nv4_mini.sys
[2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) MD5=BF506D232C5E6F2DAE80F5C11B45C60E -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys
[2008/12/25 12:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) MD5=CE34061A298BFB4EBD1A0BB8592DC977 -- C:\WINDOWS.0\system32\ReinstallBackups\0035\DriverFiles\nv4_mini.sys

< MD5 for: RTKHDAUD.SYS >
[2008/07/24 06:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) MD5=4AAA8312732655F93A254D1FA695EB79 -- C:\Program Files\Realtek\Audio\InstallShield\RTKHDAUD.sys
[2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) MD5=4AAA8312732655F93A254D1FA695EB79 -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys

< MD5 for: WDFME.EXE >
[2011/03/09 11:18:06 | 001,060,864 | ---- | M] () MD5=B5966F1DFF6E20576F3C8C2D93D129FD -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

< MD5 for: WMPNETWK.EXE >
[2009/01/30 18:46:12 | 000,913,408 | ---- | M] (Microsoft Corporation) MD5=6BAB4DC65515A098505F8B3D01FB6FE5 -- C:\Program Files\Windows Media Player\wmpnetwk.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1258 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ
@Alternate Data Stream - 1186 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE
@Alternate Data Stream - 1048 bytes -> C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z

< End of report >

OTL Extras logfile created on: 9/15/2012 1:39:56 AM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.39% Memory free
5.19 Gb Paging File | 4.11 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.59 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS.0\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS.0\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS.0\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS.0\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS.0\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS.0\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS.0\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS.0\system32\mmc.exe" = C:\WINDOWS.0\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\AdFender\AdFender.exe" = C:\Program Files\AdFender\AdFender.exe:*:Enabled:AdFender -- (AdFender, Inc.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered Demo 7.4
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5392136D-EF88-415D-82B6-628C00EFDADA}" = IntelliMover
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859F6F7D-7A17-480B-B509-CCA9B3EDCC69}" = DC7
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Micro
  • 0

#13
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry about the duplication but the browser hung up...
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
@Alternate Data Stream - 1258 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy
@Alternate Data Stream - 1220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ
@Alternate Data Stream - 1186 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE
@Alternate Data Stream - 1048 bytes -> C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ
@Alternate Data Stream - 1045 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z

:files
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS.0\system32\drivers\RtkHDAud.sys|C:\Program Files\Realtek\Audio\InstallShield\RTKHDAUD.sys /replace
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS.0\system32\drivers\nv4_mini.sys|C:\WINDOWS.0\system32\dllcache\nv4_mini.sys /replace
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply. It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09142012-some number.log.

Then run TDSSKiller again and let's see how we did.

If it stills shows files with fake MD5's then tell it to Delete them this time instead of quarantine.
  • 0

#15
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's some logs...

========== OTL ==========
C:\WINDOWS.0\system32\jgsh400F.dll moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Owner\Application Data\*.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Java cache emptied: 0 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Flash cache emptied: 3146 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.3 log created on 09142012_210203




========== OTL ==========
File C:\WINDOWS.0\System32\jgsh400F.dll not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.bat deleted successfully.
C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Owner\Application Data\*.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Java cache emptied: 0 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Flash cache emptied: 0 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.3 log created on 09142012_211649


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS.0\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
ADS C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:AREcnXXBMKOlAvEiH8HMBNy deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:8E9uVpvOmwKjKo2ipMzJZOuqeoZ deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:4Tg39g2PDYFzGaPyOwyKE deleted successfully.
ADS C:\Documents and Settings\Mark V. Sanderford\Cookies:ktm53vjRdinQXrQorzuBp9ZMV3GZ deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft:Be0n78AF1YfdmXk5Z deleted successfully.
========== FILES ==========
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe moved successfully.
C:\Program Files\Windows Media Player\wmpnetwk.exe moved successfully.
File C:\WINDOWS.0\system32\drivers\RtkHDAud.sys successfully replaced with C:\Program Files\Realtek\Audio\InstallShield\RTKHDAUD.sys
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe moved successfully.
C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe moved successfully.
File C:\WINDOWS.0\system32\drivers\nv4_mini.sys successfully replaced with C:\WINDOWS.0\system32\dllcache\nv4_mini.sys
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Java cache emptied: 0 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.MARK-59C0B947BC

User: All Users

User: All Users.WINDOWS.0

User: Default User

User: Default User.WINDOWS.0

User: Diamond Cut Productions

User: LocalService

User: LocalService.NT AUTHORITY

User: Mark V. Sanderford
->Flash cache emptied: 1278 bytes

User: MARKV~1~SAN

User: NetworkService

User: NetworkService.NT AUTHORITY

User: New user
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.3 log created on 09152012_024947

02:58:38.0515 5624 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
02:58:38.0843 5624 ============================================================
02:58:38.0843 5624 Current date / time: 2012/09/15 02:58:38.0843
02:58:38.0843 5624 SystemInfo:
02:58:38.0843 5624
02:58:38.0843 5624 OS Version: 5.1.2600 ServicePack: 3.0
02:58:38.0843 5624 Product type: Workstation
02:58:38.0843 5624 ComputerName: MARK-59C0B947BC
02:58:38.0843 5624 UserName: Mark V. Sanderford
02:58:38.0843 5624 Windows directory: C:\WINDOWS.0
02:58:38.0843 5624 System windows directory: C:\WINDOWS.0
02:58:38.0843 5624 Processor architecture: Intel x86
02:58:38.0843 5624 Number of processors: 2
02:58:38.0843 5624 Page size: 0x1000
02:58:38.0843 5624 Boot type: Normal boot
02:58:38.0843 5624 ============================================================
02:58:39.0531 5624 Drive \Device\Harddisk0\DR0 - Size: 0x45DD71DE00 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:58:39.0546 5624 Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:58:39.0546 5624 Drive \Device\Harddisk2\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:58:40.0015 5624 Drive \Device\Harddisk3\DR6 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:58:40.0312 5624 ============================================================
02:58:40.0312 5624 \Device\Harddisk0\DR0:
02:58:40.0312 5624 MBR partitions:
02:58:40.0312 5624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
02:58:40.0312 5624 \Device\Harddisk1\DR1:
02:58:40.0312 5624 MBR partitions:
02:58:40.0328 5624 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4A852FC1
02:58:40.0328 5624 \Device\Harddisk2\DR4:
02:58:40.0328 5624 MBR partitions:
02:58:40.0328 5624 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
02:58:40.0328 5624 \Device\Harddisk3\DR6:
02:58:40.0328 5624 MBR partitions:
02:58:40.0328 5624 \Device\Harddisk3\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
02:58:40.0328 5624 ============================================================
02:58:40.0375 5624 C: <-> \Device\Harddisk0\DR0\Partition1
02:58:40.0406 5624 D: <-> \Device\Harddisk1\DR1\Partition1
02:58:40.0406 5624 G: <-> \Device\Harddisk2\DR4\Partition1
02:58:40.0609 5624 I: <-> \Device\Harddisk3\DR6\Partition1
02:58:40.0609 5624 ============================================================
02:58:40.0609 5624 Initialize success
02:58:40.0609 5624 ============================================================
02:58:45.0000 5568 ============================================================
02:58:45.0000 5568 Scan started
02:58:45.0000 5568 Mode: Manual;
02:58:45.0000 5568 ============================================================
02:58:45.0718 5568 ================ Scan system memory ========================
02:58:45.0718 5568 System memory - ok
02:58:45.0718 5568 ================ Scan services =============================
02:58:45.0781 5568 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:58:45.0781 5568 !SASCORE - ok
02:58:45.0859 5568 94865510 - ok
02:58:45.0859 5568 Abiosdsk - ok
02:58:45.0859 5568 abp480n5 - ok
02:58:45.0875 5568 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS.0\system32\DRIVERS\ACPI.sys
02:58:45.0875 5568 ACPI - ok
02:58:45.0890 5568 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS.0\system32\drivers\ACPIEC.sys
02:58:45.0890 5568 ACPIEC - ok
02:58:45.0906 5568 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:58:45.0906 5568 Adobe LM Service - ok
02:58:45.0937 5568 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:58:45.0937 5568 AdobeFlashPlayerUpdateSvc - ok
02:58:45.0953 5568 adpu160m - ok
02:58:45.0953 5568 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS.0\system32\drivers\aec.sys
02:58:45.0953 5568 aec - ok
02:58:45.0968 5568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS.0\System32\drivers\afd.sys
02:58:45.0968 5568 AFD - ok
02:58:45.0968 5568 Aha154x - ok
02:58:45.0984 5568 aic78u2 - ok
02:58:45.0984 5568 aic78xx - ok
02:58:45.0984 5568 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS.0\system32\alrsvc.dll
02:58:46.0000 5568 Alerter - ok
02:58:46.0000 5568 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS.0\System32\alg.exe
02:58:46.0000 5568 ALG - ok
02:58:46.0000 5568 AliIde - ok
02:58:46.0015 5568 amsint - ok
02:58:46.0031 5568 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
02:58:46.0031 5568 APC UPS Service - ok
02:58:46.0062 5568 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:58:46.0062 5568 Apple Mobile Device - ok
02:58:46.0062 5568 AppMgmt - ok
02:58:46.0062 5568 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS.0\system32\DRIVERS\arp1394.sys
02:58:46.0062 5568 Arp1394 - ok
02:58:46.0062 5568 asc - ok
02:58:46.0062 5568 asc3350p - ok
02:58:46.0078 5568 asc3550 - ok
02:58:46.0109 5568 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:58:46.0125 5568 aspnet_state - ok
02:58:46.0156 5568 [ 47ECB641BF04D4C2353B0487ABC9D268 ] Asset Management Daemon C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
02:58:46.0156 5568 Asset Management Daemon - ok
02:58:46.0156 5568 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS.0\system32\DRIVERS\asyncmac.sys
02:58:46.0156 5568 AsyncMac - ok
02:58:46.0171 5568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS.0\system32\DRIVERS\atapi.sys
02:58:46.0171 5568 atapi - ok
02:58:46.0171 5568 Atdisk - ok
02:58:46.0187 5568 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS.0\system32\drivers\AtiHdmi.sys
02:58:46.0187 5568 AtiHdmiService - ok
02:58:46.0187 5568 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS.0\system32\DRIVERS\atmarpc.sys
02:58:46.0187 5568 Atmarpc - ok
02:58:46.0203 5568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS.0\System32\audiosrv.dll
02:58:46.0203 5568 AudioSrv - ok
02:58:46.0218 5568 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS.0\system32\DRIVERS\audstub.sys
02:58:46.0218 5568 audstub - ok
02:58:46.0218 5568 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS.0\system32\drivers\Beep.sys
02:58:46.0218 5568 Beep - ok
02:58:46.0234 5568 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS.0\system32\qmgr.dll
02:58:46.0265 5568 BITS - ok
02:58:46.0281 5568 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:58:46.0281 5568 Bonjour Service - ok
02:58:46.0312 5568 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS.0\System32\browser.dll
02:58:46.0312 5568 Browser - ok
02:58:46.0312 5568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS.0\system32\drivers\cbidf2k.sys
02:58:46.0312 5568 cbidf2k - ok
02:58:46.0312 5568 cd20xrnt - ok
02:58:46.0328 5568 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS.0\system32\drivers\Cdaudio.sys
02:58:46.0328 5568 Cdaudio - ok
02:58:46.0328 5568 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS.0\system32\drivers\Cdfs.sys
02:58:46.0328 5568 Cdfs - ok
02:58:46.0343 5568 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS.0\system32\DRIVERS\cdrom.sys
02:58:46.0343 5568 Cdrom - ok
02:58:46.0343 5568 Changer - ok
02:58:46.0390 5568 [ 91D1BEF4AE80EDA8CDB4120B3522DEA6 ] CIDLinkAdvisorService C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
02:58:46.0390 5568 CIDLinkAdvisorService - ok
02:58:46.0406 5568 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS.0\system32\cisvc.exe
02:58:46.0406 5568 CiSvc - ok
02:58:46.0406 5568 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS.0\system32\clipsrv.exe
02:58:46.0406 5568 ClipSrv - ok
02:58:46.0421 5568 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:58:46.0468 5568 clr_optimization_v2.0.50727_32 - ok
02:58:46.0468 5568 CmdIde - ok
02:58:46.0515 5568 [ 8FF7029D0ED1CEB546C3DB981130DAEA ] COM Service C:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
02:58:46.0515 5568 COM Service - ok
02:58:46.0531 5568 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS.0\system32\DRIVERS\compbatt.sys
02:58:46.0531 5568 Compbatt - ok
02:58:46.0531 5568 COMSysApp - ok
02:58:46.0531 5568 Cpqarray - ok
02:58:46.0546 5568 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS.0\System32\cryptsvc.dll
02:58:46.0546 5568 CryptSvc - ok
02:58:46.0546 5568 dac2w2k - ok
02:58:46.0546 5568 dac960nt - ok
02:58:46.0562 5568 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS.0\system32\rpcss.dll
02:58:46.0593 5568 DcomLaunch - ok
02:58:46.0593 5568 DELTA - ok
02:58:46.0609 5568 [ 20A04D8077CCCBA1711070EB01F02AFB ] DELTAII C:\WINDOWS.0\system32\DRIVERS\deltaII.sys
02:58:46.0609 5568 DELTAII - ok
02:58:46.0625 5568 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS.0\System32\dhcpcsvc.dll
02:58:46.0625 5568 Dhcp - ok
02:58:46.0625 5568 [ 74DD46D49809C5F689F24CCDD0D18A4E ] DigiFilter C:\WINDOWS.0\system32\drivers\DigiFilt.sys
02:58:46.0625 5568 DigiFilter - ok
02:58:46.0640 5568 DigiRefresh - ok
02:58:46.0656 5568 [ 02983523825AEC64B6C50D7AFD2F694E ] digiSPTIService C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
02:58:46.0656 5568 digiSPTIService - ok
02:58:46.0656 5568 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS.0\system32\DRIVERS\disk.sys
02:58:46.0656 5568 Disk - ok
02:58:46.0656 5568 dmadmin - ok
02:58:46.0671 5568 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS.0\system32\drivers\dmboot.sys
02:58:46.0687 5568 dmboot - ok
02:58:46.0703 5568 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS.0\system32\drivers\dmio.sys
02:58:46.0718 5568 dmio - ok
02:58:46.0718 5568 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS.0\system32\drivers\dmload.sys
02:58:46.0718 5568 dmload - ok
02:58:46.0734 5568 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS.0\System32\dmserver.dll
02:58:46.0734 5568 dmserver - ok
02:58:46.0750 5568 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS.0\system32\drivers\DMusic.sys
02:58:46.0750 5568 DMusic - ok
02:58:46.0765 5568 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS.0\System32\dnsrslvr.dll
02:58:46.0765 5568 Dnscache - ok
02:58:46.0765 5568 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS.0\System32\dot3svc.dll
02:58:46.0765 5568 Dot3svc - ok
02:58:46.0765 5568 dpti2o - ok
02:58:46.0781 5568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS.0\system32\drivers\drmkaud.sys
02:58:46.0781 5568 drmkaud - ok
02:58:46.0812 5568 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
02:58:46.0812 5568 DTSRVC - ok
02:58:46.0812 5568 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS.0\System32\eapsvc.dll
02:58:46.0812 5568 EapHost - ok
02:58:46.0828 5568 [ 0281A8C7EF5CE55ACB459F466EECD19F ] epppdt C:\WINDOWS.0\system32\DRIVERS\epppdt.sys
02:58:46.0828 5568 epppdt - ok
02:58:46.0843 5568 [ A720DC80DBCF5BA5EE48ECA7A2573EBE ] epppdtpr C:\WINDOWS.0\system32\DRIVERS\epppdtpr.sys
02:58:46.0843 5568 epppdtpr - ok
02:58:46.0843 5568 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS.0\System32\ersvc.dll
02:58:46.0843 5568 ERSvc - ok
02:58:46.0859 5568 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS.0\system32\services.exe
02:58:46.0859 5568 Eventlog - ok
02:58:46.0875 5568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS.0\system32\es.dll
02:58:46.0875 5568 EventSystem - ok
02:58:46.0890 5568 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS.0\system32\drivers\Fastfat.sys
02:58:46.0890 5568 Fastfat - ok
02:58:46.0906 5568 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS.0\System32\shsvcs.dll
02:58:46.0906 5568 FastUserSwitchingCompatibility - ok
02:58:46.0921 5568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS.0\system32\DRIVERS\fdc.sys
02:58:46.0921 5568 Fdc - ok
02:58:46.0921 5568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS.0\system32\drivers\Fips.sys
02:58:46.0921 5568 Fips - ok
02:58:46.0937 5568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS.0\system32\DRIVERS\flpydisk.sys
02:58:46.0937 5568 Flpydisk - ok
02:58:46.0937 5568 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS.0\system32\DRIVERS\fltMgr.sys
02:58:46.0937 5568 FltMgr - ok
02:58:46.0984 5568 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:58:46.0984 5568 FontCache3.0.0.0 - ok
02:58:47.0000 5568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS.0\system32\drivers\Fs_Rec.sys
02:58:47.0000 5568 Fs_Rec - ok
02:58:47.0000 5568 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS.0\system32\DRIVERS\ftdisk.sys
02:58:47.0000 5568 Ftdisk - ok
02:58:47.0015 5568 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS.0\gdrv.sys
02:58:47.0765 5568 gdrv - ok
02:58:47.0765 5568 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys
02:58:47.0765 5568 GEARAspiWDM - ok
02:58:47.0781 5568 [ 9F8A14BA43086FFD4637FD3F961B6D64 ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
02:58:47.0781 5568 GEST Service - ok
02:58:47.0796 5568 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS.0\system32\giveio.sys
02:58:47.0796 5568 giveio - ok
02:58:47.0796 5568 GMSIPCI - ok
02:58:47.0812 5568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS.0\system32\DRIVERS\msgpc.sys
02:58:47.0812 5568 Gpc - ok
02:58:47.0828 5568 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:58:47.0828 5568 gupdate - ok
02:58:47.0843 5568 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:58:47.0843 5568 gupdatem - ok
02:58:47.0843 5568 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS.0\system32\Drivers\GVTDrv.sys
02:58:47.0843 5568 GVTDrv - ok
02:58:47.0859 5568 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys
02:58:47.0859 5568 HDAudBus - ok
02:58:47.0890 5568 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:58:47.0906 5568 helpsvc - ok
02:58:47.0921 5568 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS.0\system32\DRIVERS\HidBatt.sys
02:58:47.0921 5568 HidBatt - ok
02:58:47.0921 5568 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS.0\System32\hidserv.dll
02:58:47.0921 5568 HidServ - ok
02:58:47.0937 5568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS.0\system32\DRIVERS\hidusb.sys
02:58:47.0937 5568 hidusb - ok
02:58:47.0953 5568 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS.0\System32\kmsvc.dll
02:58:47.0953 5568 hkmsvc - ok
02:58:47.0953 5568 hpn - ok
02:58:47.0968 5568 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS.0\system32\Drivers\HTTP.sys
02:58:47.0968 5568 HTTP - ok
02:58:47.0984 5568 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS.0\System32\w3ssl.dll
02:58:47.0984 5568 HTTPFilter - ok
02:58:47.0984 5568 i2omgmt - ok
02:58:47.0984 5568 i2omp - ok
02:58:48.0015 5568 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:58:48.0031 5568 IDriverT - ok
02:58:48.0031 5568 idsvc - ok
02:58:48.0062 5568 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
02:58:48.0062 5568 IHA_MessageCenter - ok
02:58:48.0078 5568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS.0\system32\DRIVERS\imapi.sys
02:58:48.0078 5568 Imapi - ok
02:58:48.0093 5568 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS.0\system32\imapi.exe
02:58:48.0093 5568 ImapiService - ok
02:58:48.0109 5568 [ 98E96B6F095E6289C3293B99D0F926B2 ] InCDfs C:\WINDOWS.0\system32\drivers\InCDFs.sys
02:58:48.0109 5568 InCDfs - ok
02:58:48.0125 5568 [ 0B3E2517CF826020688650D46ADF5B05 ] InCDPass C:\WINDOWS.0\system32\drivers\InCDPass.sys
02:58:48.0125 5568 InCDPass - ok
02:58:48.0140 5568 [ 00EE363EA793A9D8DAB5254ACBD7D8E6 ] InCDrec C:\WINDOWS.0\system32\drivers\InCDRec.sys
02:58:48.0140 5568 InCDrec - ok
02:58:48.0156 5568 [ D41AB5BE8861AFF53851594DE58DDDFA ] incdrm C:\WINDOWS.0\system32\drivers\InCDRm.sys
02:58:48.0156 5568 incdrm - ok
02:58:48.0187 5568 InCDsrv - ok
02:58:48.0187 5568 ini910u - ok
02:58:48.0265 5568 [ 4AAA8312732655F93A254D1FA695EB79 ] IntcAzAudAddService C:\WINDOWS.0\system32\drivers\RtkHDAud.sys
02:58:48.0359 5568 IntcAzAudAddService - ok
02:58:48.0359 5568 IntelIde - ok
02:58:48.0375 5568 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS.0\system32\DRIVERS\intelppm.sys
02:58:48.0375 5568 intelppm - ok
02:58:48.0375 5568 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS.0\system32\DRIVERS\Ip6Fw.sys
02:58:48.0375 5568 Ip6Fw - ok
02:58:48.0375 5568 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS.0\system32\DRIVERS\ipfltdrv.sys
02:58:48.0390 5568 IpFilterDriver - ok
02:58:48.0390 5568 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS.0\system32\DRIVERS\ipinip.sys
02:58:48.0390 5568 IpInIp - ok
02:58:48.0406 5568 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS.0\system32\DRIVERS\ipnat.sys
02:58:48.0406 5568 IpNat - ok
02:58:48.0437 5568 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:58:48.0453 5568 iPod Service - ok
02:58:48.0453 5568 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS.0\system32\DRIVERS\ipsec.sys
02:58:48.0453 5568 IPSec - ok
02:58:48.0468 5568 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS.0\system32\DRIVERS\irenum.sys
02:58:48.0468 5568 IRENUM - ok
02:58:48.0468 5568 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS.0\system32\DRIVERS\isapnp.sys
02:58:48.0468 5568 isapnp - ok
02:58:48.0515 5568 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
02:58:48.0515 5568 JavaQuickStarterService - ok
02:58:48.0515 5568 [ B07084095F8C03AADB9811C9DF14B5E4 ] JRAID C:\WINDOWS.0\system32\DRIVERS\jraid.sys
02:58:48.0515 5568 JRAID - ok
02:58:48.0531 5568 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS.0\system32\DRIVERS\kbdclass.sys
02:58:48.0531 5568 Kbdclass - ok
02:58:48.0531 5568 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys
02:58:48.0531 5568 kbdhid - ok
02:58:48.0546 5568 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS.0\system32\drivers\kmixer.sys
02:58:48.0546 5568 kmixer - ok
02:58:48.0546 5568 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS.0\system32\drivers\KSecDD.sys
02:58:48.0546 5568 KSecDD - ok
02:58:48.0578 5568 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS.0\System32\srvsvc.dll
02:58:48.0578 5568 LanmanServer - ok
02:58:48.0593 5568 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS.0\System32\wkssvc.dll
02:58:48.0593 5568 lanmanworkstation - ok
02:58:48.0609 5568 Lavasoft Kernexplorer - ok
02:58:48.0609 5568 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS.0\system32\DRIVERS\Lbd.sys
02:58:48.0609 5568 Lbd - ok
02:58:48.0625 5568 [ E254E5B2C5227DDBB47D045940A0A559 ] LBeepKE C:\WINDOWS.0\system32\Drivers\LBeepKE.sys
02:58:48.0625 5568 LBeepKE - ok
02:58:48.0625 5568 lbrtfdc - ok
02:58:48.0656 5568 [ 47C12F1A54B5C1B51008D7629C1D4F7B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
02:58:48.0656 5568 LBTServ - ok
02:58:48.0656 5568 [ 8B30311241F97B35167AFE68D79E8530 ] LHidFilt C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys
02:58:48.0656 5568 LHidFilt - ok
02:58:48.0671 5568 [ 3C357DFDBBF2B4B01AA4B9C8A26E4416 ] LHidFlt2 C:\WINDOWS.0\system32\DRIVERS\LHidFlt2.Sys
02:58:48.0671 5568 LHidFlt2 - ok
02:58:48.0687 5568 [ FFB851B1B2F6596B7D3182B977A85206 ] LHidUsb C:\WINDOWS.0\system32\Drivers\LHidUsb.Sys
02:58:48.0687 5568 LHidUsb - ok
02:58:48.0718 5568 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
02:58:48.0718 5568 LinksysUpdater - ok
02:58:48.0718 5568 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS.0\System32\lmhsvc.dll
02:58:48.0718 5568 LmHosts - ok
02:58:48.0734 5568 [ 48D7422A6C4EEC886B56AC534CFA3ACF ] LMouFilt C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys
02:58:48.0734 5568 LMouFilt - ok
02:58:48.0734 5568 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS.0\system32\DRIVERS\LMouFlt2.Sys
02:58:48.0734 5568 LMouFlt2 - ok
02:58:48.0750 5568 [ 0B808FF2F17C8396FB2AE202F75AED37 ] LUsbFilt C:\WINDOWS.0\system32\Drivers\LUsbFilt.Sys
02:58:48.0750 5568 LUsbFilt - ok
02:58:48.0750 5568 MCSTRM - ok
02:58:48.0765 5568 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS.0\System32\msgsvc.dll
02:58:48.0765 5568 Messenger - ok
02:58:48.0781 5568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS.0\system32\drivers\mnmdd.sys
02:58:48.0781 5568 mnmdd - ok
02:58:48.0781 5568 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS.0\system32\mnmsrvc.exe
02:58:48.0781 5568 mnmsrvc - ok
02:58:48.0796 5568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS.0\system32\drivers\Modem.sys
02:58:48.0796 5568 Modem - ok
02:58:48.0812 5568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS.0\system32\DRIVERS\mouclass.sys
02:58:48.0812 5568 Mouclass - ok
02:58:48.0812 5568 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS.0\system32\DRIVERS\mouhid.sys
02:58:48.0812 5568 mouhid - ok
02:58:48.0812 5568 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS.0\system32\drivers\MountMgr.sys
02:58:48.0812 5568 MountMgr - ok
02:58:48.0843 5568 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:58:48.0843 5568 MozillaMaintenance - ok
02:58:48.0875 5568 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS.0\system32\DRIVERS\MpFilter.sys
02:58:48.0875 5568 MpFilter - ok
02:58:48.0875 5568 mraid35x - ok
02:58:48.0875 5568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS.0\system32\DRIVERS\mrxdav.sys
02:58:48.0875 5568 MRxDAV - ok
02:58:48.0906 5568 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys
02:58:48.0921 5568 MRxSmb - ok
02:58:48.0937 5568 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS.0\system32\msdtc.exe
02:58:48.0937 5568 MSDTC - ok
02:58:48.0953 5568 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS.0\system32\drivers\Msfs.sys
02:58:48.0953 5568 Msfs - ok
02:58:48.0953 5568 MSICPL - ok
02:58:48.0953 5568 MSIServer - ok
02:58:48.0953 5568 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
02:58:48.0953 5568 MSKSSRV - ok
02:58:48.0984 5568 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:58:48.0984 5568 MsMpSvc - ok
02:58:49.0000 5568 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
02:58:49.0000 5568 MSPCLOCK - ok
02:58:49.0000 5568 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS.0\system32\drivers\MSPQM.sys
02:58:49.0000 5568 MSPQM - ok
02:58:49.0015 5568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS.0\system32\DRIVERS\mssmbios.sys
02:58:49.0015 5568 mssmbios - ok
02:58:49.0015 5568 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS.0\system32\drivers\Mup.sys
02:58:49.0015 5568 Mup - ok
02:58:49.0031 5568 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS.0\System32\qagentrt.dll
02:58:49.0046 5568 napagent - ok
02:58:49.0078 5568 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
02:58:49.0078 5568 NBService - ok
02:58:49.0093 5568 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS.0\system32\drivers\NDIS.sys
02:58:49.0093 5568 NDIS - ok
02:58:49.0125 5568 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys
02:58:49.0125 5568 NdisTapi - ok
02:58:49.0125 5568 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS.0\system32\DRIVERS\ndisuio.sys
02:58:49.0125 5568 Ndisuio - ok
02:58:49.0125 5568 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS.0\system32\DRIVERS\ndiswan.sys
02:58:49.0125 5568 NdisWan - ok
02:58:49.0140 5568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS.0\system32\drivers\NDProxy.sys
02:58:49.0140 5568 NDProxy - ok
02:58:49.0140 5568 NeroRegInCDSrv - ok
02:58:49.0156 5568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS.0\system32\DRIVERS\netbios.sys
02:58:49.0156 5568 NetBIOS - ok
02:58:49.0156 5568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS.0\system32\DRIVERS\netbt.sys
02:58:49.0156 5568 NetBT - ok
02:58:49.0171 5568 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS.0\system32\netdde.exe
02:58:49.0171 5568 NetDDE - ok
02:58:49.0171 5568 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS.0\system32\netdde.exe
02:58:49.0171 5568 NetDDEdsdm - ok
02:58:49.0187 5568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS.0\system32\lsass.exe
02:58:49.0187 5568 Netlogon - ok
02:58:49.0187 5568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS.0\System32\netman.dll
02:58:49.0187 5568 Netman - ok
02:58:49.0218 5568 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:58:49.0218 5568 NetTcpPortSharing - ok
02:58:49.0234 5568 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS.0\system32\DRIVERS\nic1394.sys
02:58:49.0234 5568 NIC1394 - ok
02:58:49.0250 5568 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS.0\System32\mswsock.dll
02:58:49.0250 5568 Nla - ok
02:58:49.0265 5568 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\WINDOWS.0\system32\nlssrv32.exe
02:58:49.0265 5568 nlsX86cc - ok
02:58:49.0296 5568 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
02:58:49.0296 5568 NMIndexingService - ok
02:58:49.0343 5568 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
02:58:49.0343 5568 nmservice - ok
02:58:49.0359 5568 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS.0\system32\drivers\Npfs.sys
02:58:49.0359 5568 Npfs - ok
02:58:49.0359 5568 NTACCESS - ok
02:58:49.0359 5568 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS.0\system32\drivers\Ntfs.sys
02:58:49.0375 5568 Ntfs - ok
02:58:49.0390 5568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS.0\system32\lsass.exe
02:58:49.0390 5568 NtLmSsp - ok
02:58:49.0406 5568 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS.0\system32\ntmssvc.dll
02:58:49.0437 5568 NtmsSvc - ok
02:58:49.0453 5568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS.0\system32\drivers\Null.sys
02:58:49.0453 5568 Null - ok
02:58:49.0578 5568 [ BF506D232C5E6F2DAE80F5C11B45C60E ] nv C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
02:58:49.0703 5568 nv - ok
02:58:49.0734 5568 [ CE8CCE2B9F96ACA02E5DED4298A7796D ] NVSvc C:\WINDOWS.0\system32\nvsvc32.exe
02:58:49.0734 5568 NVSvc - ok
02:58:49.0734 5568 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS.0\system32\DRIVERS\nwlnkflt.sys
02:58:49.0734 5568 NwlnkFlt - ok
02:58:49.0734 5568 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS.0\system32\DRIVERS\nwlnkfwd.sys
02:58:49.0734 5568 NwlnkFwd - ok
02:58:49.0781 5568 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:58:49.0781 5568 odserv - ok
02:58:49.0796 5568 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys
02:58:49.0796 5568 ohci1394 - ok
02:58:49.0828 5568 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:58:49.0828 5568 ose - ok
02:58:49.0828 5568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS.0\system32\DRIVERS\parport.sys
02:58:49.0828 5568 Parport - ok
02:58:49.0843 5568 [ 6DDCF3F801EC15FE698F6A215CF30A1F ] Partizan C:\WINDOWS.0\system32\drivers\Partizan.sys
02:58:49.0843 5568 Partizan - ok
02:58:49.0843 5568 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS.0\system32\drivers\PartMgr.sys
02:58:49.0843 5568 PartMgr - ok
02:58:49.0859 5568 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS.0\system32\drivers\ParVdm.sys
02:58:49.0859 5568 ParVdm - ok
02:58:49.0859 5568 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS.0\system32\DRIVERS\pci.sys
02:58:49.0859 5568 PCI - ok
02:58:49.0859 5568 PCIDump - ok
02:58:49.0875 5568 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS.0\system32\DRIVERS\pciide.sys
02:58:49.0875 5568 PCIIde - ok
02:58:49.0875 5568 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS.0\system32\drivers\Pcmcia.sys
02:58:49.0875 5568 Pcmcia - ok
02:58:49.0875 5568 PDCOMP - ok
02:58:49.0875 5568 PDFRAME - ok
02:58:49.0890 5568 [ D5DE7DD879CC7C2CDC5080B4F04F6770 ] PdiPorts C:\WINDOWS.0\system32\Drivers\PdiPorts.sys
02:58:49.0890 5568 PdiPorts - ok
02:58:49.0906 5568 [ C6CD72D1ED3B130E30FCE2B156817893 ] PdiService C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
02:58:49.0906 5568 PdiService - ok
02:58:49.0906 5568 PDRELI - ok
02:58:49.0921 5568 PDRFRAME - ok
02:58:49.0921 5568 perc2 - ok
02:58:49.0921 5568 perc2hib - ok
02:58:49.0937 5568 [ 943F840611D33832308EC5310B616B57 ] Pivot C:\WINDOWS.0\system32\drivers\pivot.sys
02:58:49.0937 5568 Pivot - ok
02:58:49.0937 5568 [ 998C58295288EEDFBFE95E7F6CC94DF4 ] pivotmou C:\WINDOWS.0\System32\drivers\pivotmou.sys
02:58:49.0937 5568 pivotmou - ok
02:58:49.0953 5568 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS.0\system32\services.exe
02:58:49.0953 5568 PlugPlay - ok
02:58:49.0953 5568 [ DEA06627596015263360097C2608384E ] pnarp C:\WINDOWS.0\system32\DRIVERS\pnarp.sys
02:58:49.0953 5568 pnarp - ok
02:58:49.0968 5568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS.0\system32\lsass.exe
02:58:49.0968 5568 PolicyAgent - ok
02:58:49.0984 5568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS.0\system32\DRIVERS\raspptp.sys
02:58:49.0984 5568 PptpMiniport - ok
02:58:49.0984 5568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS.0\system32\lsass.exe
02:58:49.0984 5568 ProtectedStorage - ok
02:58:49.0984 5568 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS.0\system32\DRIVERS\psched.sys
02:58:49.0984 5568 PSched - ok
02:58:50.0000 5568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS.0\system32\DRIVERS\ptilink.sys
02:58:50.0000 5568 Ptilink - ok
02:58:50.0015 5568 [ C0CDB9F7CE42C3487F0BEA409BF5D153 ] purendis C:\WINDOWS.0\system32\DRIVERS\purendis.sys
02:58:50.0015 5568 purendis - ok
02:58:50.0015 5568 ql1080 - ok
02:58:50.0015 5568 Ql10wnt - ok
02:58:50.0015 5568 ql12160 - ok
02:58:50.0015 5568 ql1240 - ok
02:58:50.0015 5568 ql1280 - ok
02:58:50.0031 5568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS.0\system32\DRIVERS\rasacd.sys
02:58:50.0031 5568 RasAcd - ok
02:58:50.0031 5568 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS.0\System32\rasauto.dll
02:58:50.0031 5568 RasAuto - ok
02:58:50.0046 5568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys
02:58:50.0046 5568 Rasl2tp - ok
02:58:50.0046 5568 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS.0\System32\rasmans.dll
02:58:50.0046 5568 RasMan - ok
02:58:50.0062 5568 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS.0\system32\DRIVERS\raspppoe.sys
02:58:50.0062 5568 RasPppoe - ok
02:58:50.0062 5568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS.0\system32\DRIVERS\raspti.sys
02:58:50.0062 5568 Raspti - ok
02:58:50.0093 5568 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS.0\system32\DRIVERS\rdbss.sys
02:58:50.0093 5568 Rdbss - ok
02:58:50.0093 5568 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS.0\system32\DRIVERS\RDPCDD.sys
02:58:50.0093 5568 RDPCDD - ok
02:58:50.0125 5568 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS.0\system32\drivers\RDPWD.sys
02:58:50.0125 5568 RDPWD - ok
02:58:50.0140 5568 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS.0\system32\sessmgr.exe
02:58:50.0140 5568 RDSessMgr - ok
02:58:50.0156 5568 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS.0\system32\DRIVERS\redbook.sys
02:58:50.0156 5568 redbook - ok
02:58:50.0171 5568 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\WINDOWS.0\system32\Drivers\regguard.sys
02:58:50.0171 5568 RegGuard - ok
02:58:50.0187 5568 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS.0\System32\mprdim.dll
02:58:50.0187 5568 RemoteAccess - ok
02:58:50.0218 5568 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
02:58:50.0218 5568 RichVideo - ok
02:58:50.0250 5568 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS.0\system32\locator.exe
02:58:50.0250 5568 RpcLocator - ok
02:58:50.0250 5568 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS.0\System32\rpcss.dll
02:58:50.0250 5568 RpcSs - ok
02:58:50.0265 5568 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS.0\system32\rsvp.exe
02:58:50.0265 5568 RSVP - ok
02:58:50.0281 5568 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys
02:58:50.0281 5568 RTLE8023xp - ok
02:58:50.0281 5568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS.0\system32\lsass.exe
02:58:50.0281 5568 SamSs - ok
02:58:50.0296 5568 [ 24C68978D48F41084DC00159AA07FAB8 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
02:58:50.0296 5568 SANDRA - ok
02:58:50.0312 5568 [ 3A4AB78A64E391EF3D75BE0619EB428A ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
02:58:50.0312 5568 SandraAgentSrv - ok
02:58:50.0343 5568 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:58:50.0343 5568 SASDIFSV - ok
02:58:50.0343 5568 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:58:50.0343 5568 SASKUTIL - ok
02:58:50.0375 5568 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS.0\system32\DRIVERS\sbp2port.sys
02:58:50.0375 5568 sbp2port - ok
02:58:50.0375 5568 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS.0\System32\SCardSvr.exe
02:58:50.0375 5568 SCardSvr - ok
02:58:50.0390 5568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS.0\system32\schedsvc.dll
02:58:50.0406 5568 Schedule - ok
02:58:50.0406 5568 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS.0\system32\DRIVERS\secdrv.sys
02:58:50.0421 5568 Secdrv - ok
02:58:50.0421 5568 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS.0\System32\seclogon.dll
02:58:50.0421 5568 seclogon - ok
02:58:50.0421 5568 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS.0\system32\sens.dll
02:58:50.0421 5568 SENS - ok
02:58:50.0437 5568 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS.0\system32\DRIVERS\serenum.sys
02:58:50.0437 5568 serenum - ok
02:58:50.0437 5568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS.0\system32\DRIVERS\serial.sys
02:58:50.0437 5568 Serial - ok
02:58:50.0437 5568 SetupNTGLM7X - ok
02:58:50.0453 5568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS.0\system32\drivers\Sfloppy.sys
02:58:50.0453 5568 Sfloppy - ok
02:58:50.0468 5568 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS.0\System32\ipnathlp.dll
02:58:50.0468 5568 SharedAccess - ok
02:58:50.0468 5568 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS.0\System32\shsvcs.dll
02:58:50.0468 5568 ShellHWDetection - ok
02:58:50.0468 5568 Simbad - ok
02:58:50.0468 5568 Sparrow - ok
02:58:50.0484 5568 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS.0\system32\speedfan.sys
02:58:50.0484 5568 speedfan - ok
02:58:50.0500 5568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS.0\system32\drivers\splitter.sys
02:58:50.0500 5568 splitter - ok
02:58:50.0500 5568 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS.0\system32\spoolsv.exe
02:58:50.0515 5568 Spooler - ok
02:58:50.0531 5568 sprtsvc_verizondm - ok
02:58:50.0531 5568 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS.0\system32\DRIVERS\sr.sys
02:58:50.0531 5568 sr - ok
02:58:50.0546 5568 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS.0\system32\srsvc.dll
02:58:50.0546 5568 srservice - ok
02:58:50.0562 5568 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS.0\system32\DRIVERS\srv.sys
02:58:50.0562 5568 Srv - ok
02:58:50.0578 5568 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS.0\System32\ssdpsrv.dll
02:58:50.0578 5568 SSDPSRV - ok
02:58:50.0593 5568 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS.0\system32\wiaservc.dll
02:58:50.0609 5568 stisvc - ok
02:58:50.0609 5568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS.0\system32\DRIVERS\swenum.sys
02:58:50.0609 5568 swenum - ok
02:58:50.0625 5568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS.0\system32\drivers\swmidi.sys
02:58:50.0625 5568 swmidi - ok
02:58:50.0625 5568 SwPrv - ok
02:58:50.0625 5568 symc810 - ok
02:58:50.0625 5568 symc8xx - ok
02:58:50.0625 5568 sym_hi - ok
02:58:50.0640 5568 sym_u3 - ok
02:58:50.0640 5568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS.0\system32\drivers\sysaudio.sys
02:58:50.0640 5568 sysaudio - ok
02:58:50.0656 5568 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS.0\system32\smlogsvc.exe
02:58:50.0656 5568 SysmonLog - ok
02:58:50.0671 5568 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS.0\System32\tapisrv.dll
02:58:50.0671 5568 TapiSrv - ok
02:58:50.0687 5568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS.0\system32\DRIVERS\tcpip.sys
02:58:50.0687 5568 Tcpip - ok
02:58:50.0703 5568 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS.0\system32\drivers\TDPIPE.sys
02:58:50.0703 5568 TDPIPE - ok
02:58:50.0703 5568 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS.0\system32\drivers\TDTCP.sys
02:58:50.0703 5568 TDTCP - ok
02:58:50.0718 5568 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS.0\system32\DRIVERS\termdd.sys
02:58:50.0718 5568 TermDD - ok
02:58:50.0734 5568 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS.0\System32\termsrv.dll
02:58:50.0750 5568 TermService - ok
02:58:50.0750 5568 tgsrvc_verizondm - ok
02:58:50.0750 5568 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS.0\System32\shsvcs.dll
02:58:50.0750 5568 Themes - ok
02:58:50.0750 5568 TosIde - ok
02:58:50.0765 5568 [ A00DBB3CCF4E0821DD531DB8746A1374 ] TPkd C:\WINDOWS.0\system32\drivers\TPkd.sys
02:58:50.0765 5568 TPkd - ok
02:58:50.0765 5568 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS.0\system32\trkwks.dll
02:58:50.0765 5568 TrkWks - ok
02:58:50.0781 5568 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS.0\system32\DRIVERS\TVICHW32.SYS
02:58:50.0781 5568 TVICHW32 - ok
02:58:50.0796 5568 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS.0\system32\drivers\Udfs.sys
02:58:50.0796 5568 Udfs - ok
02:58:50.0796 5568 ultra - ok
02:58:50.0828 5568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS.0\system32\DRIVERS\update.sys
02:58:50.0828 5568 Update - ok
02:58:50.0843 5568 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS.0\System32\upnphost.dll
02:58:50.0843 5568 upnphost - ok
02:58:50.0843 5568 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS.0\System32\ups.exe
02:58:50.0843 5568 UPS - ok
02:58:50.0875 5568 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS.0\system32\Drivers\usbaapl.sys
02:58:50.0875 5568 USBAAPL - ok
02:58:50.0890 5568 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS.0\system32\drivers\usbaudio.sys
02:58:50.0890 5568 usbaudio - ok
02:58:50.0890 5568 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys
02:58:50.0890 5568 usbccgp - ok
02:58:50.0906 5568 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS.0\system32\DRIVERS\usbehci.sys
02:58:50.0906 5568 usbehci - ok
02:58:50.0906 5568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS.0\system32\DRIVERS\usbhub.sys
02:58:50.0906 5568 usbhub - ok
02:58:50.0921 5568 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS.0\system32\DRIVERS\usbprint.sys
02:58:50.0921 5568 usbprint - ok
02:58:50.0937 5568 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS.0\system32\DRIVERS\usbscan.sys
02:58:50.0937 5568 usbscan - ok
02:58:50.0937 5568 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS
02:58:50.0937 5568 USBSTOR - ok
02:58:50.0937 5568 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys
02:58:50.0937 5568 usbuhci - ok
02:58:50.0953 5568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS.0\System32\drivers\vga.sys
02:58:50.0953 5568 VgaSave - ok
02:58:50.0953 5568 ViaIde - ok
02:58:50.0968 5568 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS.0\system32\drivers\VolSnap.sys
02:58:50.0968 5568 VolSnap - ok
02:58:50.0984 5568 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS.0\System32\vssvc.exe
02:58:50.0984 5568 VSS - ok
02:58:50.0984 5568 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS.0\system32\w32time.dll
02:58:51.0000 5568 W32Time - ok
02:58:51.0000 5568 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS.0\system32\DRIVERS\wanarp.sys
02:58:51.0015 5568 Wanarp - ok
02:58:51.0031 5568 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS.0\system32\DRIVERS\wdcsam.sys
02:58:51.0031 5568 WDC_SAM - ok
02:58:51.0062 5568 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
02:58:51.0062 5568 WDDMService - ok
02:58:51.0078 5568 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys
02:58:51.0078 5568 Wdf01000 - ok
02:58:51.0093 5568 WDFME - ok
02:58:51.0093 5568 WDICA - ok
02:58:51.0125 5568 [ 2F4B3C0E58D4A7BD8E38D1CD9CA47691 ] Wdm1 C:\WINDOWS.0\system32\Drivers\usbbc.sys
02:58:51.0125 5568 Wdm1 - ok
02:58:51.0125 5568 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS.0\system32\drivers\wdmaud.sys
02:58:51.0125 5568 wdmaud - ok
02:58:51.0156 5568 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
02:58:51.0156 5568 WDSC - ok
02:58:51.0171 5568 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS.0\System32\webclnt.dll
02:58:51.0171 5568 WebClient - ok
02:58:51.0203 5568 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS.0\system32\wbem\WMIsvc.dll
02:58:51.0203 5568 winmgmt - ok
02:58:51.0218 5568 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS.0\system32\MsPMSNSv.dll
02:58:51.0218 5568 WmdmPmSN - ok
02:58:51.0234 5568 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
02:58:51.0234 5568 WmiApSrv - ok
02:58:51.0250 5568 WMPNetworkSvc - ok
02:58:51.0265 5568 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys
02:58:51.0265 5568 WpdUsb - ok
02:58:51.0265 5568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS.0\System32\drivers\ws2ifsl.sys
02:58:51.0265 5568 WS2IFSL - ok
02:58:51.0281 5568 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS.0\system32\wscsvc.dll
02:58:51.0281 5568 wscsvc - ok
02:58:51.0296 5568 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys
02:58:51.0296 5568 WudfPf - ok
02:58:51.0296 5568 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys
02:58:51.0312 5568 WudfRd - ok
02:58:51.0312 5568 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS.0\System32\WUDFSvc.dll
02:58:51.0328 5568 WudfSvc - ok
02:58:51.0343 5568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS.0\System32\wzcsvc.dll
02:58:51.0359 5568 WZCSVC - ok
02:58:51.0359 5568 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS.0\System32\xmlprov.dll
02:58:51.0359 5568 xmlprov - ok
02:58:51.0359 5568 ================ Scan global ===============================
02:58:51.0375 5568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS.0\system32\basesrv.dll
02:58:51.0406 5568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
02:58:51.0421 5568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS.0\system32\winsrv.dll
02:58:51.0437 5568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS.0\system32\services.exe
02:58:51.0437 5568 [Global] - ok
02:58:51.0437 5568 ================ Scan MBR ==================================
02:58:51.0437 5568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:58:51.0531 5568 \Device\Harddisk0\DR0 - ok
02:58:51.0531 5568 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
02:58:51.0578 5568 \Device\Harddisk1\DR1 - ok
02:58:51.0578 5568 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR4
02:58:51.0593 5568 \Device\Harddisk2\DR4 - ok
02:58:51.0640 5568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR6
02:58:51.0640 5568 \Device\Harddisk3\DR6 - ok
02:58:51.0640 5568 ================ Scan VBR ==================================
02:58:51.0640 5568 [ 5E97E92C457ACF813949C6697B1329A0 ] \Device\Harddisk0\DR0\Partition1
02:58:51.0656 5568 \Device\Harddisk0\DR0\Partition1 - ok
02:58:51.0656 5568 [ B1F7A057FE2BE6B2C6D7229F2E6E8C35 ] \Device\Harddisk1\DR1\Partition1
02:58:51.0656 5568 \Device\Harddisk1\DR1\Partition1 - ok
02:58:51.0656 5568 [ CEE5D8F8B6974ABD2B8EC2ADCC29DEC3 ] \Device\Harddisk2\DR4\Partition1
02:58:52.0109 5568 \Device\Harddisk2\DR4\Partition1 - ok
02:58:52.0109 5568 [ E164AB8671C941BE3D308AA6E0E547D4 ] \Device\Harddisk3\DR6\Partition1
02:58:52.0125 5568 \Device\Harddisk3\DR6\Partition1 - ok
02:58:52.0125 5568 ============================================================
02:58:52.0125 5568 Scan finished
02:58:52.0125 5568 ============================================================
02:58:52.0125 5844 Detected object count: 0
02:58:52.0125 5844 Actual detected object count: 0

TDSS found nothing this time!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP