Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

eBay, PayPal were hacked. Avast found Win32-Spyware [Solved]


  • This topic is locked This topic is locked

#1
nachtkitten

nachtkitten

    Member

  • Member
  • PipPip
  • 13 posts
I'm not sure when my computer was infected, but on Wednesday morning I logged into my email and saw that my eBay selling account had been hacked, and the hacker(s) made 55 transactions through my PayPal account (draining my existing PayPal funds, then my bank account, then my credit card...the latter two were attached to my PayPal account and those transactions were still pending). I made all the necessary phone calls, then changed my eBay and PayPal emails using a friend's computer (which had just been reformatted the day before and hadn't been online before I used it that day). I neglected to change the password for the email I had associated with my eBay account, and the next day, my eBay account had been hacked again, but eBay had unlinked my PayPal account due to the suspicious activity the day before so no transactions went through. I then changed all passwords again, including my email password. That seemed to do the trick. I got home today and got back on my computer, then ran a scan on avast, which found Win32-Spyware (I clicked "Move to Chest"). I Googled this virus and learned (I think) that it's a keylogging Trojan. And I'm not sure what else may be lurking on my computer, so I would be very grateful for any help.

Here is my OTL log (below it is the "Extras.txt" file, not sure if both logs are needed):

OTL logfile created on: 11/10/2012 9:08:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 294.04 Mb Available Physical Memory | 28.77% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 30.63 Gb Free Space | 43.89% Space Free | Partition Type: NTFS

Computer Name: LIU | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/10 21:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2012/10/26 13:29:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/16 21:46:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2010/09/07 07:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/31 10:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/08 14:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 14:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/10 10:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/06/17 05:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/05/03 23:27:32 | 005,044,736 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/30 09:50:20 | 000,274,432 | ---- | M] (GoGoData.com) -- C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
PRC - [2005/01/02 14:55:10 | 000,204,800 | ---- | M] (GoGoData.com) -- C:\Program Files\GoGoData.com\GoGoData Toolbar\AdBusterServer.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/10 13:36:08 | 001,830,400 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12111002\algo.dll
MOD - [2012/11/06 13:38:34 | 001,829,376 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12110602\algo.dll
MOD - [2012/10/26 13:29:56 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 18:05:17 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/09/07 07:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/27 09:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
MOD - [2007/08/08 14:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MOD - [2005/03/21 14:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2004/12/21 21:48:14 | 000,049,152 | ---- | M] () -- C:\Program Files\GoGoData.com\GoGoData Toolbar\gogohook.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe -- (WUSB54GSv2SVC)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2012/10/26 13:29:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 18:05:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/08/27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [On_Demand | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 14:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/12 16:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MA311P~1\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.netbt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.mrxsmb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.afd)
DRV - [2012/11/10 19:19:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/07 06:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 06:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 06:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 06:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 06:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 06:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/02/29 15:03:48 | 000,008,944 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/29 15:03:46 | 000,051,440 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/11/01 21:52:04 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/08/10 09:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/07/24 18:04:08 | 000,048,640 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/06/14 20:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/31 14:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 08:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 13:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 13:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 13:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 16:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/26 14:54:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/04/30 17:56:32 | 000,054,784 | R--- | M] (NETGEAR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma311n51.sys -- (MA311)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DF 4E B3 17 7F 7E 41 41 8F BA 20 96 55 62 1B E3 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQpIyCjJ4&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledAddons: {2816a2d5-e61a-4282-8a58-a629b0da7175}:1.0
FF - prefs.js..extensions.enabledAddons: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..extensions.enabledAddons: {6bbc74d6-8173-456d-b61a-e913a8ed4c35}:1.0
FF - prefs.js..extensions.enabledAddons: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.428
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62133&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Dad\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/04/13 04:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 00:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 01:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 13:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 13:29:48 | 000,000,000 | ---D | M]

[2008/12/28 00:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2012/10/23 12:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions
[2011/08/24 08:43:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
[2011/04/24 21:35:12 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/09/12 01:10:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
[2010/11/02 02:00:43 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2012/02/27 14:09:17 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2009/02/17 05:23:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2012/07/18 10:58:25 | 000,552,766 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}.xpi
[2012/07/24 21:04:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/10 15:47:27 | 000,252,340 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/02/27 14:09:04 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\searchplugins\MyStart Search.xml
[2012/07/18 00:15:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\searchplugins\search-the-web.xml
[2012/10/30 11:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 13:29:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/30 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/26 13:29:42 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org
[2012/09/30 11:08:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/10/26 13:29:57 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/08/28 23:58:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:42:19 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dad\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Veehd Plugin = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nggibpkldeegooaoeafiingedpapjifl\1.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/01/01 17:11:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GoGoData AdBuster ) - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\Program Files\GoGoData.com\GoGoData Toolbar\TomahawkBar.dll (GoGoData.com)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GoGoData AdBuster ) - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\Program Files\GoGoData.com\GoGoData Toolbar\TomahawkBar.dll (GoGoData.com)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe (GoGoData.com)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra 'Tools' menuitem : GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - Reg Error: Value error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238557909203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF4C0F9-2A04-4E44-9018-88573E537B9F}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 21:08:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/11/10 19:19:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/01 22:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/11/01 22:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Geckofx
[2012/11/01 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/01 22:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/11/01 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/11/01 21:57:01 | 000,659,504 | ---- | C] (FUSENET) -- C:\Documents and Settings\Dad\Desktop\GraboidVideoInstaller-3.6.exe
[2012/10/26 13:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Dad\*.tmp files -> C:\Documents and Settings\Dad\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/10 21:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/11/10 21:05:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/10 20:59:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006UA.job
[2012/11/10 20:51:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 20:17:14 | 000,180,534 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\romneyobama.jpg
[2012/11/10 19:19:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/10 19:16:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 18:58:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/10 18:01:40 | 000,246,304 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2012/11/10 17:57:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
[2012/11/10 17:57:30 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 17:56:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/10 17:56:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/10 17:56:39 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 14:38:47 | 000,070,490 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\godless.jpg
[2012/11/06 02:59:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006Core1cce1265c6760ec.job
[2012/11/06 00:35:48 | 000,330,077 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\aujyea.jpg
[2012/11/05 23:11:32 | 000,053,366 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\fingercuddles.jpg
[2012/11/05 22:50:34 | 000,019,971 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\republican.jpg
[2012/11/05 22:09:28 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/05 13:07:45 | 000,154,284 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\facebookcover1.jpg
[2012/11/05 13:05:27 | 000,143,002 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\gasmask.jpg
[2012/11/05 02:35:44 | 000,018,200 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\character.jpg
[2012/11/04 11:09:57 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 11:09:57 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/02 17:30:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LIU-Diana).job
[2012/11/02 00:23:46 | 000,016,285 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\moveon2.jpg
[2012/11/01 21:56:46 | 000,659,504 | ---- | M] (FUSENET) -- C:\Documents and Settings\Dad\Desktop\GraboidVideoInstaller-3.6.exe
[2012/11/01 17:23:31 | 000,039,400 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\openposition.jpg
[2012/11/01 16:24:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
[2012/10/25 22:42:36 | 000,026,145 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\lilwayne.jpg
[2012/10/25 16:42:52 | 007,900,160 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/10/25 16:42:52 | 006,107,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/10/23 11:54:51 | 000,082,745 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\horrormovies.jpg
[2012/10/22 02:12:04 | 000,075,322 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\apartments.jpg
[2012/10/22 02:05:54 | 000,049,381 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\attacklife.jpg
[2012/10/17 10:51:17 | 000,116,798 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\lana.jpg
[2012/10/16 11:59:01 | 000,183,161 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\20things.jpg
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Dad\*.tmp files -> C:\Documents and Settings\Dad\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/10 20:15:34 | 000,180,534 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\romneyobama.jpg
[2012/11/10 19:16:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 14:37:25 | 000,070,490 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\godless.jpg
[2012/11/06 00:35:47 | 000,330,077 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\aujyea.jpg
[2012/11/05 22:50:34 | 000,019,971 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\republican.jpg
[2012/11/05 13:07:45 | 000,154,284 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\facebookcover1.jpg
[2012/11/05 13:07:07 | 000,053,366 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\fingercuddles.jpg
[2012/11/05 13:05:26 | 000,143,002 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\gasmask.jpg
[2012/11/05 02:35:42 | 000,018,200 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\character.jpg
[2012/11/02 00:23:46 | 000,016,285 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\moveon2.jpg
[2012/11/01 17:23:30 | 000,039,400 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\openposition.jpg
[2012/10/25 22:42:28 | 000,026,145 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\lilwayne.jpg
[2012/10/22 02:12:04 | 000,075,322 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\apartments.jpg
[2012/10/22 02:05:53 | 000,049,381 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\attacklife.jpg
[2012/10/19 20:17:38 | 000,082,745 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\horrormovies.jpg
[2012/10/16 12:02:18 | 000,116,798 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\lana.jpg
[2012/10/16 11:58:20 | 000,183,161 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\20things.jpg
[2012/08/09 08:56:27 | 000,244,928 | ---- | C] () -- C:\Program Files\MC
[2011/12/23 20:26:29 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/23 20:26:29 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/22 15:21:18 | 000,018,344 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\560078t0v147n064x686a2idy7o4
[2011/12/22 15:21:18 | 000,018,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\560078t0v147n064x686a2idy7o4
[2011/12/14 01:21:14 | 000,013,882 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\440008n6l786o744i221u8vxi2a7
[2011/12/14 01:21:14 | 000,013,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\440008n6l786o744i221u8vxi2a7
[2011/09/06 22:19:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\f877e932
[2011/09/06 21:32:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\efd26137
[2011/09/06 21:32:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\0f0f9ec8
[2011/09/06 21:24:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\877791c8
[2011/02/07 17:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/02/07 17:16:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/02/07 17:16:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2009/07/21 13:57:58 | 000,096,447 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard04.jpg
[2009/07/21 13:56:21 | 000,093,075 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard03.jpg
[2008/11/29 04:39:44 | 000,102,346 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard01.jpg
[2008/10/08 01:43:10 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad\webct_upload_applet.properties
[2008/04/24 05:27:58 | 000,004,774 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard01.gif
[2008/04/02 02:59:49 | 000,171,008 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/24 16:49:53 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/20 04:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\.gtk-bookmarks
[2006/02/20 04:07:26 | 000,329,971 | ---- | C] () -- C:\Documents and Settings\Dad\.fonts.cache-1
[2005/12/13 13:08:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\PFP120JPR.{PB
[2005/12/13 13:08:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\PFP120JCM.{PB
[2005/12/13 13:00:34 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 02:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 08:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/04/21 22:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/17 17:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/01/27 03:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/08/19 11:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2005/12/01 20:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/11/01 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/02/27 14:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/11/05 12:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/10/31 11:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/03/31 23:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/09/04 06:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/21 22:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/06 20:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\acccore
[2008/04/01 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Aim
[2009/04/03 04:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DataLayer
[2012/02/21 12:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DDMSettings
[2010/05/07 01:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Facebook
[2011/11/18 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Igukwu
[2010/12/17 02:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Image Zone Express
[2008/03/31 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\IrfanView
[2008/03/31 23:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia
[2008/03/31 23:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia Multimedia Player
[2008/03/31 23:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\PC Suite
[2008/09/08 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Printer Info Cache
[2009/07/25 00:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Research In Motion
[2011/11/17 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Upl

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB31817$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >




Extras.txt log:
OTL Extras logfile created on: 11/10/2012 9:08:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 294.04 Mb Available Physical Memory | 28.77% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 30.63 Gb Free Space | 43.89% Space Free | Partition Type: NTFS

Computer Name: LIU | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPad.exe (JGsoft - Just Great Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- "C:\Program Files\JGsoft\EditPadLite\EditPad.exe" "%1" (JGsoft - Just Great Software)
txtfile [open] -- "C:\Program Files\JGsoft\EditPadLite\EditPad.exe" "%1" (JGsoft - Just Great Software)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{339C3693-8554-4A25-A664-E0B74D2DFA04}" = Façade
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = IVT BlueSoleil
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2230
"{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}" = HP Smart Web Printing 1.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia PC Suite
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"C2D8F0E2-6978-4409-8351-BA8785DA11EE" = FATE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Setup" = DivX Setup
"EditPad Lite" = JGsoft EditPad Lite 5.4.5
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"FileZilla" = FileZilla (remove only)
"GoGoData Toolbar" = GoGoData Toolbar 3.0.1
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ie8" = Windows Internet Explorer 8
"Image Mapper" = Image Mapper
"incredibar" = Incredibar Toolbar on IE and Chrome
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Video Slice" = River Past Video Slice
"Video-AVI to GIF Converter_is1" = Video-AVI to GIF Converter v2.016 (Release date: 06-02-24)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 6:35:35 AM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/6/2010 11:04:26 PM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/19/2010 11:43:44 PM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

Error - 3/19/2010 11:43:44 PM | Computer Name = LIU | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 8/7/2012 5:54:44 PM | Computer Name = LIU | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 8/29/2012 4:02:26 AM | Computer Name = LIU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.0.4619, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2012 4:02:44 AM | Computer Name = LIU | Source = Application Hang | ID = 1001
Description = Fault bucket -1167296320.

Error - 9/1/2012 3:15:04 AM | Computer Name = LIU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.0.4619, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2012 2:23:02 AM | Computer Name = LIU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2012 2:23:23 AM | Computer Name = LIU | Source = Application Hang | ID = 1001
Description = Fault bucket -1150946237.

Error - 10/1/2012 2:07:13 PM | Computer Name = LIU | Source = Brother BrLog | ID = 1001
Description = STMNW BrtSTMNW: [2012/10/01 11:07:13.703]: [00003716]: Loading WtsapiDll
is Failed !!!!!

Error - 10/19/2012 3:32:45 PM | Computer Name = LIU | Source = Brother BrLog | ID = 1001
Description = STMNW BrtSTMNW: [2012/10/19 12:32:45.195]: [00000732]: Loading WtsapiDll
is Failed !!!!!

Error - 10/24/2012 4:01:12 PM | Computer Name = LIU | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2012 11:59:40 PM | Computer Name = LIU | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

[ System Events ]
Error - 11/10/2012 10:00:26 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/10/2012 10:01:05 PM | Computer Name = LIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2012 10:01:24 PM | Computer Name = LIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 11/10/2012 10:01:25 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 11/10/2012 10:01:25 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 11/10/2012 10:02:05 PM | Computer Name = LIU | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service McUpdMgr.Exe with
arguments "/Embedding" in order to run the server: {C3A036FA-DA7D-45E2-AE16-6CADAAE5D75E}

Error - 11/10/2012 10:02:05 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7000
Description = The McAfee SecurityCenter Update Manager service failed to start due
to the following error: %%2

Error - 11/10/2012 10:03:28 PM | Computer Name = LIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 11/10/2012 10:03:29 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 11/10/2012 10:03:29 PM | Computer Name = LIU | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053



< End of report >


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, there appears to be a zero access type infection there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.netbt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.mrxsmb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.afd)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQpIyCjJ4&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..extensions.enabledAddons: {2816a2d5-e61a-4282-8a58-a629b0da7175}:1.0
FF - prefs.js..extensions.enabledAddons: {6bbc74d6-8173-456d-b61a-e913a8ed4c35}:1.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p="
[2011/08/24 08:43:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
[2011/04/24 21:35:12 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011/09/12 01:10:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
[2012/02/27 14:09:17 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2012/02/27 14:09:04 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\searchplugins\MyStart Search.xml
[2012/07/18 00:15:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\searchplugins\search-the-web.xml
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [] File not found
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
[2011/12/23 20:26:29 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/23 20:26:29 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/22 15:21:18 | 000,018,344 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\560078t0v147n064x686a2idy7o4
[2011/12/22 15:21:18 | 000,018,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\560078t0v147n064x686a2idy7o4
[2011/12/14 01:21:14 | 000,013,882 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\440008n6l786o744i221u8vxi2a7
[2011/12/14 01:21:14 | 000,013,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\440008n6l786o744i221u8vxi2a7
[2011/09/06 22:19:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\f877e932
[2011/09/06 21:32:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\efd26137
[2011/09/06 21:32:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\0f0f9ec8
[2011/09/06 21:24:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\877791c8

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=- 

:Files
C:\Program Files\Incredibar.com

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your prompt and detailed response. I had actually scanned with Malwarebytes right after my post and it found Codec-C.exe (Affiliate.Downloader), which I quarantined. Should I go ahead and follow the instructions you posted above or does that change anything?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No continue with the above please
  • 0

#5
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran OTL (log below) and tried running ComboFix, but it froze at "Attempting to create a new System Restore point." It's been that way for about 2 hours so far. I still have that screen open but I had to get on another computer in order to post this because I can't access the internet from the infected computer now.


OTL logfile created on: 11/12/2012 12:38:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 412.93 Mb Available Physical Memory | 40.40% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 33.11 Gb Free Space | 47.43% Space Free | Partition Type: NTFS

Computer Name: LIU | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/10 21:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2012/10/26 13:29:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/16 21:46:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2010/09/07 07:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/31 10:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/08 14:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 14:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/10 10:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/06/17 05:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/05/03 23:27:32 | 005,044,736 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/30 09:50:20 | 000,274,432 | ---- | M] (GoGoData.com) -- C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
PRC - [2005/01/02 14:55:10 | 000,204,800 | ---- | M] (GoGoData.com) -- C:\Program Files\GoGoData.com\GoGoData Toolbar\AdBusterServer.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/12 11:19:32 | 001,830,400 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12111201\algo.dll
MOD - [2012/11/12 02:09:22 | 001,830,400 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12111200\algo.dll
MOD - [2012/10/26 13:29:56 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/09/07 07:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/27 09:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
MOD - [2007/08/08 14:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MOD - [2005/03/21 14:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2004/12/21 21:48:14 | 000,049,152 | ---- | M] () -- C:\Program Files\GoGoData.com\GoGoData Toolbar\gogohook.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe -- (WUSB54GSv2SVC)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2012/11/11 01:25:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/26 13:29:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/08/27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [On_Demand | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 14:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/12 16:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MA311P~1\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2010/09/07 06:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 06:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 06:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 06:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 06:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 06:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/02/29 15:03:48 | 000,008,944 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/29 15:03:46 | 000,051,440 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/11/01 21:52:04 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/08/10 09:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/07/24 18:04:08 | 000,048,640 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/06/14 20:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/31 14:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 08:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 13:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 13:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 13:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 16:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/26 14:54:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/04/30 17:56:32 | 000,054,784 | R--- | M] (NETGEAR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma311n51.sys -- (MA311)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledAddons: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.428
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62133&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Dad\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/04/13 04:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 00:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 01:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 13:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 13:29:48 | 000,000,000 | ---D | M]

[2008/12/28 00:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2012/11/12 12:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions
[2010/11/02 02:00:43 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2009/02/17 05:23:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\[email protected]
[2012/07/18 10:58:25 | 000,552,766 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}.xpi
[2012/07/24 21:04:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/10 15:47:27 | 000,252,340 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/11/12 12:37:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\searchplugins\search-the-web.xml
[2012/10/30 11:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 13:29:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/30 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/26 13:29:42 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org
[2012/09/30 11:08:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/10/26 13:29:57 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/08/28 23:58:27 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:42:19 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Dad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dad\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Veehd Plugin = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nggibpkldeegooaoeafiingedpapjifl\1.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/12 12:26:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GoGoData AdBuster ) - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\Program Files\GoGoData.com\GoGoData Toolbar\TomahawkBar.dll (GoGoData.com)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GoGoData AdBuster ) - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\Program Files\GoGoData.com\GoGoData Toolbar\TomahawkBar.dll (GoGoData.com)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe (GoGoData.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra 'Tools' menuitem : GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - Reg Error: Value error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238557909203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF4C0F9-2A04-4E44-9018-88573E537B9F}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 12:25:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/11 14:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\tdsskiller
[2012/11/10 21:47:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Start Menu\Programs\Administrative Tools
[2012/11/10 21:45:53 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Dad\Desktop\dds.com
[2012/11/10 21:08:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/11/01 22:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/11/01 22:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Geckofx
[2012/11/01 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/01 22:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/11/01 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/11/01 21:57:01 | 000,659,504 | ---- | C] (FUSENET) -- C:\Documents and Settings\Dad\Desktop\GraboidVideoInstaller-3.6.exe
[2012/10/26 13:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Documents and Settings\Dad\*.tmp files -> C:\Documents and Settings\Dad\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/12 12:34:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/12 12:33:54 | 000,246,304 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2012/11/12 12:32:37 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
[2012/11/12 12:32:35 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 12:31:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 12:30:58 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/12 12:26:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/12 12:05:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/12 02:59:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006UA.job
[2012/11/12 02:59:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006Core1cce1265c6760ec.job
[2012/11/12 02:51:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 14:52:38 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\tdsskiller.zip
[2012/11/10 21:51:43 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\uko076nh.exe
[2012/11/10 21:45:51 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Dad\Desktop\dds.com
[2012/11/10 21:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2012/11/10 20:17:14 | 000,180,534 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\romneyobama.jpg
[2012/11/10 19:16:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 18:58:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/06 14:38:47 | 000,070,490 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\godless.jpg
[2012/11/06 00:35:48 | 000,330,077 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\aujyea.jpg
[2012/11/05 23:11:32 | 000,053,366 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\fingercuddles.jpg
[2012/11/05 22:50:34 | 000,019,971 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\republican.jpg
[2012/11/05 22:09:28 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/05 13:07:45 | 000,154,284 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\facebookcover1.jpg
[2012/11/05 13:05:27 | 000,143,002 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\gasmask.jpg
[2012/11/05 02:35:44 | 000,018,200 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\character.jpg
[2012/11/04 11:09:57 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 11:09:57 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/02 17:30:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LIU-Diana).job
[2012/11/02 00:23:46 | 000,016,285 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\moveon2.jpg
[2012/11/01 21:56:46 | 000,659,504 | ---- | M] (FUSENET) -- C:\Documents and Settings\Dad\Desktop\GraboidVideoInstaller-3.6.exe
[2012/11/01 17:23:31 | 000,039,400 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\openposition.jpg
[2012/11/01 16:24:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
[2012/10/25 22:42:36 | 000,026,145 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\lilwayne.jpg
[2012/10/25 16:42:52 | 007,900,160 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/10/25 16:42:52 | 006,107,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/10/23 11:54:51 | 000,082,745 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\horrormovies.jpg
[2012/10/22 02:12:04 | 000,075,322 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\apartments.jpg
[2012/10/22 02:05:54 | 000,049,381 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\attacklife.jpg
[2012/10/17 10:51:17 | 000,116,798 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\lana.jpg
[2012/10/16 11:59:01 | 000,183,161 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\20things.jpg
[1 C:\Documents and Settings\Dad\*.tmp files -> C:\Documents and Settings\Dad\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 14:52:31 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\tdsskiller.zip
[2012/11/10 21:51:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\uko076nh.exe
[2012/11/10 20:15:34 | 000,180,534 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\romneyobama.jpg
[2012/11/10 19:16:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 14:37:25 | 000,070,490 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\godless.jpg
[2012/11/06 00:35:47 | 000,330,077 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\aujyea.jpg
[2012/11/05 22:50:34 | 000,019,971 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\republican.jpg
[2012/11/05 13:07:45 | 000,154,284 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\facebookcover1.jpg
[2012/11/05 13:07:07 | 000,053,366 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\fingercuddles.jpg
[2012/11/05 13:05:26 | 000,143,002 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\gasmask.jpg
[2012/11/05 02:35:42 | 000,018,200 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\character.jpg
[2012/11/02 00:23:46 | 000,016,285 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\moveon2.jpg
[2012/11/01 17:23:30 | 000,039,400 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\openposition.jpg
[2012/10/25 22:42:28 | 000,026,145 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\lilwayne.jpg
[2012/10/22 02:12:04 | 000,075,322 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\apartments.jpg
[2012/10/22 02:05:53 | 000,049,381 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\attacklife.jpg
[2012/10/19 20:17:38 | 000,082,745 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\horrormovies.jpg
[2012/10/16 12:02:18 | 000,116,798 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\lana.jpg
[2012/10/16 11:58:20 | 000,183,161 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\20things.jpg
[2012/08/09 08:56:27 | 000,244,928 | ---- | C] () -- C:\Program Files\MC
[2011/02/07 17:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/02/07 17:16:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/02/07 17:16:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2009/07/21 13:57:58 | 000,096,447 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard04.jpg
[2009/07/21 13:56:21 | 000,093,075 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard03.jpg
[2008/11/29 04:39:44 | 000,102,346 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard01.jpg
[2008/10/08 01:43:10 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad\webct_upload_applet.properties
[2008/04/24 05:27:58 | 000,004,774 | ---- | C] () -- C:\Documents and Settings\Dad\Clipboard01.gif
[2008/04/02 02:59:49 | 000,171,008 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/24 16:49:53 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/20 04:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\.gtk-bookmarks
[2006/02/20 04:07:26 | 000,329,971 | ---- | C] () -- C:\Documents and Settings\Dad\.fonts.cache-1
[2005/12/13 13:08:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\PFP120JPR.{PB
[2005/12/13 13:08:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\PFP120JCM.{PB
[2005/12/13 13:00:34 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 02:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 08:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/04/21 22:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/17 17:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/01/27 03:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/08/19 11:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2005/12/01 20:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/11/01 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/02/27 14:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/11/05 12:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/10/31 11:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/03/31 23:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/09/04 06:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/21 22:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/06 20:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\acccore
[2008/04/01 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Aim
[2009/04/03 04:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DataLayer
[2012/02/21 12:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DDMSettings
[2010/05/07 01:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Facebook
[2011/11/18 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Igukwu
[2010/12/17 02:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Image Zone Express
[2008/03/31 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\IrfanView
[2008/03/31 23:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia
[2008/03/31 23:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia Multimedia Player
[2008/03/31 23:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\PC Suite
[2008/09/08 01:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Printer Info Cache
[2009/07/25 00:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Research In Motion
[2011/11/17 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Upl

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB31817$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you haven't yet done so then stop Combofix

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#7
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
"Cure" was not available, but here is the report.

12:25:47.0260 3820 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:25:47.0775 3820 ============================================================
12:25:47.0775 3820 Current date / time: 2012/11/13 12:25:47.0775
12:25:47.0775 3820 SystemInfo:
12:25:47.0775 3820
12:25:47.0775 3820 OS Version: 5.1.2600 ServicePack: 3.0
12:25:47.0775 3820 Product type: Workstation
12:25:47.0775 3820 ComputerName: LIU
12:25:47.0775 3820 UserName: Dad
12:25:47.0775 3820 Windows directory: C:\WINDOWS
12:25:47.0775 3820 System windows directory: C:\WINDOWS
12:25:47.0775 3820 Processor architecture: Intel x86
12:25:47.0775 3820 Number of processors: 2
12:25:47.0775 3820 Page size: 0x1000
12:25:47.0775 3820 Boot type: Normal boot
12:25:47.0775 3820 ============================================================
12:25:48.0900 3820 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:25:48.0916 3820 ============================================================
12:25:48.0916 3820 \Device\Harddisk0\DR0:
12:25:48.0931 3820 MBR partitions:
12:25:48.0931 3820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8B9A598
12:25:48.0931 3820 ============================================================
12:25:49.0088 3820 C: <-> \Device\Harddisk0\DR0\Partition1
12:25:49.0088 3820 ============================================================
12:25:49.0088 3820 Initialize success
12:25:49.0088 3820 ============================================================
12:26:07.0556 3064 ============================================================
12:26:07.0556 3064 Scan started
12:26:07.0556 3064 Mode: Manual; SigCheck; TDLFS;
12:26:07.0556 3064 ============================================================
12:26:08.0852 3064 ================ Scan system memory ========================
12:26:08.0868 3064 System memory - ok
12:26:08.0868 3064 ================ Scan services =============================
12:26:09.0431 3064 [ 8D488938E2F7048906F1FBD3AF394887 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
12:26:10.0118 3064 Aavmker4 - ok
12:26:10.0227 3064 [ C7572C802FEC8F539253C2D52BC2972C ] aawservice C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
12:26:10.0274 3064 aawservice - ok
12:26:10.0274 3064 Abiosdsk - ok
12:26:10.0306 3064 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:26:10.0524 3064 abp480n5 - ok
12:26:10.0540 3064 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:26:10.0712 3064 ACPI - ok
12:26:10.0727 3064 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:26:10.0852 3064 ACPIEC - ok
12:26:10.0931 3064 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:26:10.0946 3064 AdobeFlashPlayerUpdateSvc - ok
12:26:10.0977 3064 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:26:11.0149 3064 adpu160m - ok
12:26:11.0165 3064 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:26:11.0306 3064 aec - ok
12:26:11.0337 3064 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:26:11.0352 3064 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:26:11.0352 3064 AegisP - detected UnsignedFile.Multi.Generic (1)
12:26:11.0384 3064 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:26:11.0430 3064 AFD - ok
12:26:11.0462 3064 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:26:11.0477 3064 AFS2K - ok
12:26:11.0509 3064 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:26:11.0634 3064 agp440 - ok
12:26:11.0665 3064 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:26:11.0837 3064 agpCPQ - ok
12:26:11.0868 3064 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:26:11.0962 3064 Aha154x - ok
12:26:11.0993 3064 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:26:12.0196 3064 aic78u2 - ok
12:26:12.0227 3064 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:26:12.0368 3064 aic78xx - ok
12:26:12.0415 3064 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:26:12.0555 3064 Alerter - ok
12:26:12.0571 3064 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:26:12.0712 3064 ALG - ok
12:26:12.0759 3064 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:26:12.0899 3064 AliIde - ok
12:26:12.0930 3064 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:26:13.0071 3064 alim1541 - ok
12:26:13.0102 3064 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:26:13.0243 3064 amdagp - ok
12:26:13.0243 3064 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:26:13.0337 3064 amsint - ok
12:26:13.0430 3064 [ 3A4982DF893F198A2DFBCCD4CE10F93A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:26:13.0462 3064 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
12:26:13.0462 3064 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
12:26:13.0493 3064 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:26:13.0649 3064 AppMgmt - ok
12:26:13.0665 3064 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:26:13.0805 3064 asc - ok
12:26:13.0821 3064 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:26:13.0899 3064 asc3350p - ok
12:26:13.0915 3064 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:26:14.0055 3064 asc3550 - ok
12:26:14.0321 3064 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:26:14.0352 3064 aspnet_state - ok
12:26:14.0384 3064 [ A0D86B8AC93EF95620420C7A24AC5344 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:26:14.0384 3064 aswFsBlk - ok
12:26:14.0430 3064 [ 7D880C76A285A41284D862E2D798EC0D ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
12:26:14.0446 3064 aswMon2 - ok
12:26:14.0477 3064 [ 69823954BBD461A73D69774928C9737E ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
12:26:14.0477 3064 aswRdr - ok
12:26:14.0509 3064 [ 7ECC2776638B04553F9A85BD684C3ABF ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:26:14.0524 3064 aswSP - ok
12:26:14.0555 3064 [ 095ED820A926AA8189180B305E1BCFC9 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:26:14.0555 3064 aswTdi - ok
12:26:14.0602 3064 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:26:14.0743 3064 AsyncMac - ok
12:26:14.0758 3064 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:26:14.0883 3064 atapi - ok
12:26:14.0899 3064 Atdisk - ok
12:26:14.0946 3064 [ 465874CA7CE49A2154104509A5A42936 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:26:15.0024 3064 Ati HotKey Poller - ok
12:26:15.0087 3064 [ 3483E6D18B811229A337FF1D105270D9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
12:26:15.0102 3064 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
12:26:15.0102 3064 ATI Smart - detected UnsignedFile.Multi.Generic (1)
12:26:15.0212 3064 [ 7790F8D1000FCE5CFD33CCF4F861928F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:26:15.0415 3064 ati2mtag - ok
12:26:15.0446 3064 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:26:15.0587 3064 Atmarpc - ok
12:26:15.0633 3064 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:26:15.0774 3064 AudioSrv - ok
12:26:15.0821 3064 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:26:15.0962 3064 audstub - ok
12:26:16.0071 3064 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:26:16.0087 3064 avast! Antivirus - ok
12:26:16.0087 3064 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:26:16.0102 3064 avast! Mail Scanner - ok
12:26:16.0102 3064 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:26:16.0118 3064 avast! Web Scanner - ok
12:26:16.0149 3064 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
12:26:16.0165 3064 BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
12:26:16.0165 3064 BCM42RLY - detected UnsignedFile.Multi.Generic (1)
12:26:16.0180 3064 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:26:16.0337 3064 Beep - ok
12:26:16.0383 3064 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:26:16.0540 3064 BITS - ok
12:26:16.0571 3064 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:26:16.0587 3064 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
12:26:16.0587 3064 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
12:26:16.0618 3064 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:26:16.0743 3064 Browser - ok
12:26:16.0852 3064 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
12:26:16.0868 3064 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:26:16.0868 3064 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
12:26:16.0899 3064 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:26:16.0915 3064 BT ( UnsignedFile.Multi.Generic ) - warning
12:26:16.0915 3064 BT - detected UnsignedFile.Multi.Generic (1)
12:26:16.0946 3064 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
12:26:16.0977 3064 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
12:26:16.0977 3064 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
12:26:17.0008 3064 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:26:17.0149 3064 BthEnum - ok
12:26:17.0165 3064 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
12:26:17.0180 3064 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
12:26:17.0180 3064 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
12:26:17.0212 3064 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:26:17.0212 3064 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
12:26:17.0212 3064 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
12:26:17.0243 3064 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:26:17.0368 3064 BthPan - ok
12:26:17.0399 3064 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:26:17.0430 3064 BTHPORT - ok
12:26:17.0477 3064 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:26:17.0602 3064 BthServ - ok
12:26:17.0618 3064 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:26:17.0758 3064 BTHUSB - ok
12:26:17.0758 3064 bvrp_pci - ok
12:26:17.0805 3064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:26:17.0946 3064 cbidf - ok
12:26:17.0946 3064 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:26:18.0086 3064 cbidf2k - ok
12:26:18.0133 3064 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:26:18.0274 3064 CCDECODE - ok
12:26:18.0290 3064 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:26:18.0352 3064 cd20xrnt - ok
12:26:18.0383 3064 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:26:18.0524 3064 Cdaudio - ok
12:26:18.0555 3064 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:26:18.0680 3064 Cdfs - ok
12:26:18.0680 3064 Changer - ok
12:26:18.0711 3064 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:26:18.0852 3064 CiSvc - ok
12:26:18.0883 3064 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:26:19.0008 3064 ClipSrv - ok
12:26:19.0071 3064 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:26:19.0165 3064 clr_optimization_v2.0.50727_32 - ok
12:26:19.0196 3064 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:26:19.0336 3064 CmdIde - ok
12:26:19.0352 3064 COMSysApp - ok
12:26:19.0383 3064 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:26:19.0540 3064 Cpqarray - ok
12:26:19.0571 3064 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:26:19.0727 3064 CryptSvc - ok
12:26:19.0774 3064 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:26:19.0930 3064 dac2w2k - ok
12:26:19.0946 3064 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:26:20.0102 3064 dac960nt - ok
12:26:20.0133 3064 [ B1AD007F9A7DD8CFC981958D5C167D2D ] DcCam C:\WINDOWS\system32\DRIVERS\DcCam.sys
12:26:20.0165 3064 DcCam - ok
12:26:20.0196 3064 [ 5FD20284CAAF112201311619FF89FA44 ] DcFpoint C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
12:26:20.0227 3064 DcFpoint - ok
12:26:20.0258 3064 [ 867F7E6841B15D32481C3F1B83364E3A ] DCFS2K C:\WINDOWS\system32\drivers\dcfs2k.sys
12:26:20.0274 3064 DCFS2K - ok
12:26:20.0290 3064 [ 1B889AC45FAF088FF2AF690779368956 ] DcLps C:\WINDOWS\system32\DRIVERS\DcLps.sys
12:26:20.0305 3064 DcLps - ok
12:26:20.0368 3064 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:26:20.0399 3064 DcomLaunch - ok
12:26:20.0446 3064 [ 4AFAEA300A82F0470DC8B8ABD619ABA8 ] DcPTP C:\WINDOWS\system32\DRIVERS\DcPTP.sys
12:26:20.0477 3064 DcPTP - ok
12:26:20.0508 3064 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:26:20.0649 3064 Dhcp - ok
12:26:20.0696 3064 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:26:20.0821 3064 Disk - ok
12:26:20.0821 3064 dmadmin - ok
12:26:20.0868 3064 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:26:21.0040 3064 dmboot - ok
12:26:21.0071 3064 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:26:21.0211 3064 dmio - ok
12:26:21.0227 3064 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:26:21.0368 3064 dmload - ok
12:26:21.0414 3064 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:26:21.0539 3064 dmserver - ok
12:26:21.0571 3064 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:26:21.0696 3064 DMusic - ok
12:26:21.0758 3064 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:26:21.0789 3064 Dnscache - ok
12:26:21.0836 3064 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:26:21.0961 3064 Dot3svc - ok
12:26:21.0993 3064 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:26:22.0133 3064 dpti2o - ok
12:26:22.0164 3064 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:26:22.0274 3064 drmkaud - ok
12:26:22.0305 3064 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
12:26:22.0321 3064 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
12:26:22.0321 3064 drvmcdb - detected UnsignedFile.Multi.Generic (1)
12:26:22.0336 3064 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
12:26:22.0352 3064 drvnddm ( UnsignedFile.Multi.Generic ) - warning
12:26:22.0352 3064 drvnddm - detected UnsignedFile.Multi.Generic (1)
12:26:22.0414 3064 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
12:26:22.0430 3064 DSBrokerService - ok
12:26:22.0493 3064 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:26:22.0524 3064 DSproct ( UnsignedFile.Multi.Generic ) - warning
12:26:22.0524 3064 DSproct - detected UnsignedFile.Multi.Generic (1)
12:26:22.0539 3064 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
12:26:22.0571 3064 dsunidrv - ok
12:26:22.0586 3064 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:26:22.0743 3064 E100B - ok
12:26:22.0789 3064 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:26:22.0805 3064 e1express - ok
12:26:22.0836 3064 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:26:22.0961 3064 EapHost - ok
12:26:23.0039 3064 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:26:23.0055 3064 ehRecvr - ok
12:26:23.0086 3064 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:26:23.0118 3064 ehSched - ok
12:26:23.0164 3064 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:26:23.0289 3064 ERSvc - ok
12:26:23.0321 3064 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:26:23.0352 3064 Eventlog - ok
12:26:23.0414 3064 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:26:23.0430 3064 EventSystem - ok
12:26:23.0461 3064 [ 7AE55F93DA22F0732993BCE6093105DD ] Exportit C:\WINDOWS\system32\DRIVERS\exportit.sys
12:26:23.0477 3064 Exportit - ok
12:26:23.0524 3064 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:26:23.0649 3064 Fastfat - ok
12:26:23.0696 3064 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:26:23.0711 3064 FastUserSwitchingCompatibility - ok
12:26:23.0758 3064 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:26:23.0899 3064 Fax - ok
12:26:23.0930 3064 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:26:24.0055 3064 Fdc - ok
12:26:24.0102 3064 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:26:24.0243 3064 Fips - ok
12:26:24.0258 3064 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:26:24.0399 3064 Flpydisk - ok
12:26:24.0446 3064 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:26:24.0571 3064 FltMgr - ok
12:26:24.0649 3064 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:26:24.0649 3064 FontCache3.0.0.0 - ok
12:26:24.0680 3064 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:26:24.0821 3064 Fs_Rec - ok
12:26:24.0867 3064 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:26:25.0008 3064 Ftdisk - ok
12:26:25.0055 3064 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:26:25.0055 3064 GEARAspiWDM - ok
12:26:25.0102 3064 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:26:25.0227 3064 Gpc - ok
12:26:25.0258 3064 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
12:26:25.0274 3064 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:26:25.0274 3064 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
12:26:25.0367 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:26:25.0383 3064 gupdate - ok
12:26:25.0383 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:26:25.0399 3064 gupdatem - ok
12:26:25.0414 3064 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:26:25.0555 3064 HDAudBus - ok
12:26:25.0617 3064 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:26:25.0742 3064 helpsvc - ok
12:26:25.0789 3064 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:26:25.0899 3064 HidServ - ok
12:26:25.0930 3064 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:26:26.0071 3064 HidUsb - ok
12:26:26.0102 3064 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:26:26.0227 3064 hkmsvc - ok
12:26:26.0242 3064 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:26:26.0383 3064 hpn - ok
12:26:26.0477 3064 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
12:26:26.0492 3064 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:26:26.0492 3064 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:26:26.0571 3064 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
12:26:26.0602 3064 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:26:26.0602 3064 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:26:26.0633 3064 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:26:26.0664 3064 HPZid412 - ok
12:26:26.0696 3064 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:26:26.0727 3064 HPZipr12 - ok
12:26:26.0774 3064 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:26:26.0821 3064 HPZius12 - ok
12:26:26.0852 3064 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:26:26.0883 3064 HSFHWBS2 - ok
12:26:26.0930 3064 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:26:27.0024 3064 HSF_DP - ok
12:26:27.0071 3064 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:26:27.0086 3064 HTTP - ok
12:26:27.0133 3064 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:26:27.0274 3064 HTTPFilter - ok
12:26:27.0289 3064 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:26:27.0414 3064 i2omgmt - ok
12:26:27.0430 3064 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:26:27.0571 3064 i2omp - ok
12:26:27.0586 3064 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:26:27.0711 3064 i8042prt - ok
12:26:27.0774 3064 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
12:26:27.0789 3064 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
12:26:27.0789 3064 IAANTMon - detected UnsignedFile.Multi.Generic (1)
12:26:27.0852 3064 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
12:26:27.0930 3064 iastor - ok
12:26:28.0024 3064 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:26:28.0055 3064 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:26:28.0055 3064 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:26:28.0211 3064 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:26:28.0258 3064 idsvc - ok
12:26:28.0305 3064 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:26:28.0445 3064 Imapi - ok
12:26:28.0477 3064 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:26:28.0617 3064 ImapiService - ok
12:26:28.0633 3064 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:26:28.0789 3064 ini910u - ok
12:26:28.0820 3064 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:26:28.0945 3064 IntelIde - ok
12:26:28.0977 3064 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:26:29.0102 3064 intelppm - ok
12:26:29.0117 3064 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:26:29.0258 3064 Ip6Fw - ok
12:26:29.0289 3064 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:26:29.0430 3064 IpFilterDriver - ok
12:26:29.0461 3064 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:26:29.0586 3064 IpInIp - ok
12:26:29.0617 3064 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:26:29.0742 3064 IpNat - ok
12:26:29.0805 3064 [ 97BAD81620E9F115F86D79952C625916 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:26:29.0836 3064 iPod Service - ok
12:26:29.0852 3064 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:26:29.0992 3064 IPSec - ok
12:26:30.0008 3064 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:26:30.0149 3064 IRENUM - ok
12:26:30.0180 3064 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:26:30.0320 3064 isapnp - ok
12:26:30.0461 3064 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:26:30.0477 3064 JavaQuickStarterService - ok
12:26:30.0492 3064 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:26:30.0633 3064 Kbdclass - ok
12:26:30.0664 3064 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:26:30.0805 3064 kbdhid - ok
12:26:30.0820 3064 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:26:30.0961 3064 kmixer - ok
12:26:30.0992 3064 [ 4E1060D2F3B745931CF83B3649BE8A57 ] KodakCCS C:\WINDOWS\system32\drivers\KodakCCS.exe
12:26:31.0023 3064 KodakCCS - ok
12:26:31.0055 3064 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:26:31.0102 3064 KSecDD - ok
12:26:31.0133 3064 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:26:31.0164 3064 lanmanserver - ok
12:26:31.0195 3064 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:26:31.0211 3064 lanmanworkstation - ok
12:26:31.0227 3064 lbrtfdc - ok
12:26:31.0258 3064 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:26:31.0398 3064 LmHosts - ok
12:26:31.0430 3064 [ 1424D699DC7E5C9672E4B93152B68B12 ] MA311 C:\WINDOWS\system32\DRIVERS\ma311n51.sys
12:26:31.0461 3064 MA311 ( UnsignedFile.Multi.Generic ) - warning
12:26:31.0461 3064 MA311 - detected UnsignedFile.Multi.Generic (1)
12:26:31.0570 3064 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
12:26:31.0586 3064 McComponentHostService - ok
12:26:31.0664 3064 [ F73B0F3EBD90B1C87A3B93BE94E831C7 ] McDetect.exe c:\program files\mcafee.com\agent\mcdetect.exe
12:26:31.0680 3064 McDetect.exe ( UnsignedFile.Multi.Generic ) - warning
12:26:31.0680 3064 McDetect.exe - detected UnsignedFile.Multi.Generic (1)
12:26:31.0711 3064 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
12:26:31.0758 3064 McrdSvc - ok
12:26:31.0789 3064 [ A214E217784D1002411DCA8E9793D4A4 ] McTskshd.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
12:26:31.0805 3064 McTskshd.exe ( UnsignedFile.Multi.Generic ) - warning
12:26:31.0805 3064 McTskshd.exe - detected UnsignedFile.Multi.Generic (1)
12:26:31.0820 3064 mcupdmgr.exe - ok
12:26:31.0852 3064 [ BEE76AC58BB524523A84000BA8EFE55A ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:26:31.0867 3064 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
12:26:31.0867 3064 MDC8021X - detected UnsignedFile.Multi.Generic (1)
12:26:31.0898 3064 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:26:31.0898 3064 mdmxsdk - ok
12:26:31.0930 3064 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:26:32.0055 3064 Messenger - ok
12:26:32.0086 3064 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
12:26:32.0102 3064 MHN ( UnsignedFile.Multi.Generic ) - warning
12:26:32.0102 3064 MHN - detected UnsignedFile.Multi.Generic (1)
12:26:32.0117 3064 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:26:32.0133 3064 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:26:32.0133 3064 MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:26:32.0164 3064 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:26:32.0305 3064 mnmdd - ok
12:26:32.0336 3064 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:26:32.0445 3064 mnmsrvc - ok
12:26:32.0477 3064 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:26:32.0602 3064 Modem - ok
12:26:32.0617 3064 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:26:32.0758 3064 MODEMCSA - ok
12:26:32.0773 3064 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:26:32.0914 3064 Mouclass - ok
12:26:33.0164 3064 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:26:33.0320 3064 mouhid - ok
12:26:33.0336 3064 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:26:33.0477 3064 MountMgr - ok
12:26:33.0523 3064 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:26:33.0539 3064 MozillaMaintenance - ok
12:26:33.0586 3064 [ 537B049DBABA4FEBCDAAE711C0F2805B ] MPFIREWL C:\WINDOWS\system32\Drivers\MpFirewall.sys
12:26:33.0602 3064 MPFIREWL ( UnsignedFile.Multi.Generic ) - warning
12:26:33.0602 3064 MPFIREWL - detected UnsignedFile.Multi.Generic (1)
12:26:33.0664 3064 [ 316535E69181703D4CE4623DEA29FECB ] MpfService C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
12:26:33.0711 3064 MpfService ( UnsignedFile.Multi.Generic ) - warning
12:26:33.0711 3064 MpfService - detected UnsignedFile.Multi.Generic (1)
12:26:33.0742 3064 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:26:33.0883 3064 mraid35x - ok
12:26:33.0914 3064 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:26:34.0055 3064 MRxDAV - ok
12:26:34.0086 3064 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:26:34.0226 3064 MSDTC - ok
12:26:34.0258 3064 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:26:34.0367 3064 Msfs - ok
12:26:34.0383 3064 MSIServer - ok
12:26:34.0461 3064 [ 4DB8F824F17B8D9CC5826FBDF0205870 ] MskService C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
12:26:34.0539 3064 MskService ( UnsignedFile.Multi.Generic ) - warning
12:26:34.0539 3064 MskService - detected UnsignedFile.Multi.Generic (1)
12:26:34.0570 3064 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:26:34.0711 3064 MSKSSRV - ok
12:26:34.0742 3064 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:26:34.0851 3064 MSPCLOCK - ok
12:26:34.0883 3064 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:26:35.0023 3064 MSPQM - ok
12:26:35.0055 3064 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:26:35.0180 3064 mssmbios - ok
12:26:35.0195 3064 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:26:35.0320 3064 MSTEE - ok
12:26:35.0367 3064 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:26:35.0414 3064 Mup - ok
12:26:35.0430 3064 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:26:35.0586 3064 NABTSFEC - ok
12:26:35.0617 3064 [ AFFD46144D763D9046673DD2D012CFF9 ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys
12:26:35.0648 3064 NaiAvFilter1 - ok
12:26:35.0695 3064 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:26:35.0836 3064 napagent - ok
12:26:35.0867 3064 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:26:35.0992 3064 NDIS - ok
12:26:36.0023 3064 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:26:36.0164 3064 NdisIP - ok
12:26:36.0211 3064 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:26:36.0242 3064 NdisTapi - ok
12:26:36.0289 3064 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:26:36.0430 3064 Ndisuio - ok
12:26:36.0445 3064 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:26:36.0555 3064 NdisWan - ok
12:26:36.0586 3064 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:26:36.0601 3064 NDProxy - ok
12:26:36.0648 3064 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:26:36.0648 3064 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:26:36.0648 3064 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:26:36.0680 3064 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:26:36.0805 3064 NetBIOS - ok
12:26:36.0851 3064 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:26:36.0976 3064 NetBT - ok
12:26:37.0008 3064 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:26:37.0133 3064 NetDDE - ok
12:26:37.0133 3064 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:26:37.0258 3064 NetDDEdsdm - ok
12:26:37.0273 3064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:26:37.0383 3064 Netlogon - ok
12:26:37.0414 3064 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:26:37.0554 3064 Netman - ok
12:26:37.0664 3064 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:26:37.0679 3064 NetSvc ( UnsignedFile.Multi.Generic ) - warning
12:26:37.0679 3064 NetSvc - detected UnsignedFile.Multi.Generic (1)
12:26:37.0726 3064 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:37.0758 3064 NetTcpPortSharing - ok
12:26:37.0804 3064 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:26:37.0820 3064 Nla - ok
12:26:37.0851 3064 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:26:37.0992 3064 Npfs - ok
12:26:38.0023 3064 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:26:38.0195 3064 Ntfs - ok
12:26:38.0211 3064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:26:38.0336 3064 NtLmSsp - ok
12:26:38.0383 3064 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:26:38.0508 3064 NtmsSvc - ok
12:26:38.0523 3064 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:26:38.0679 3064 Null - ok
12:26:38.0742 3064 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:26:38.0898 3064 nv - ok
12:26:38.0945 3064 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:26:39.0101 3064 NwlnkFlt - ok
12:26:39.0117 3064 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:26:39.0273 3064 NwlnkFwd - ok
12:26:39.0320 3064 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:26:39.0461 3064 Parport - ok
12:26:39.0492 3064 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:26:39.0711 3064 PartMgr - ok
12:26:39.0742 3064 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:26:39.0961 3064 ParVdm - ok
12:26:40.0008 3064 PCANDIS5 - ok
12:26:40.0023 3064 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:26:40.0242 3064 PCI - ok
12:26:40.0258 3064 PCIDump - ok
12:26:40.0304 3064 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:26:40.0508 3064 PCIIde - ok
12:26:40.0554 3064 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:26:40.0773 3064 Pcmcia - ok
12:26:40.0789 3064 PDCOMP - ok
12:26:40.0789 3064 PDFRAME - ok
12:26:40.0804 3064 PDRELI - ok
12:26:40.0820 3064 PDRFRAME - ok
12:26:40.0851 3064 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:26:41.0070 3064 perc2 - ok
12:26:41.0086 3064 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:26:41.0351 3064 perc2hib - ok
12:26:41.0382 3064 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:26:41.0445 3064 PlugPlay - ok
12:26:41.0492 3064 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:26:41.0539 3064 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:26:41.0539 3064 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:26:41.0570 3064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:26:41.0726 3064 PolicyAgent - ok
12:26:41.0773 3064 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:26:42.0023 3064 PptpMiniport - ok
12:26:42.0039 3064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:26:42.0242 3064 ProtectedStorage - ok
12:26:42.0257 3064 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:26:42.0476 3064 PSched - ok
12:26:42.0539 3064 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:26:42.0773 3064 Ptilink - ok
12:26:42.0804 3064 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:26:42.0820 3064 PxHelp20 - ok
12:26:42.0851 3064 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:26:43.0117 3064 ql1080 - ok
12:26:43.0148 3064 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:26:43.0367 3064 Ql10wnt - ok
12:26:43.0398 3064 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:26:43.0601 3064 ql12160 - ok
12:26:43.0648 3064 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:26:43.0867 3064 ql1240 - ok
12:26:43.0898 3064 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:26:44.0117 3064 ql1280 - ok
12:26:44.0132 3064 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:26:44.0398 3064 RasAcd - ok
12:26:44.0445 3064 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:26:44.0664 3064 RasAuto - ok
12:26:44.0679 3064 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:26:44.0898 3064 Rasl2tp - ok
12:26:44.0945 3064 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:26:45.0148 3064 RasMan - ok
12:26:45.0195 3064 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:26:45.0398 3064 RasPppoe - ok
12:26:45.0429 3064 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:26:45.0648 3064 Raspti - ok
12:26:45.0679 3064 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:26:45.0882 3064 Rdbss - ok
12:26:45.0898 3064 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:26:46.0117 3064 RDPCDD - ok
12:26:46.0164 3064 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:26:46.0367 3064 rdpdr - ok
12:26:46.0398 3064 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:26:46.0429 3064 RDPWD - ok
12:26:46.0476 3064 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:26:46.0632 3064 RDSessMgr - ok
12:26:46.0664 3064 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:26:46.0804 3064 redbook - ok
12:26:46.0835 3064 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:26:46.0960 3064 RemoteAccess - ok
12:26:47.0007 3064 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:26:47.0148 3064 RemoteRegistry - ok
12:26:47.0179 3064 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:26:47.0320 3064 RFCOMM - ok
12:26:47.0351 3064 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
12:26:47.0367 3064 RimUsb - ok
12:26:47.0398 3064 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:26:47.0429 3064 RimVSerPort - ok
12:26:47.0476 3064 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:26:47.0601 3064 ROOTMODEM - ok
12:26:47.0695 3064 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
12:26:47.0710 3064 Roxio UPnP Renderer 9 - ok
12:26:47.0788 3064 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
12:26:47.0804 3064 Roxio Upnp Server 9 - ok
12:26:48.0023 3064 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
12:26:48.0038 3064 RoxLiveShare9 - ok
12:26:48.0179 3064 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:26:48.0242 3064 RoxMediaDB9 - ok
12:26:48.0304 3064 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:26:48.0320 3064 RoxWatch9 - ok
12:26:48.0367 3064 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:26:48.0507 3064 RpcLocator - ok
12:26:48.0538 3064 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:26:48.0570 3064 RpcSs - ok
12:26:48.0617 3064 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:26:48.0757 3064 RSVP - ok
12:26:48.0788 3064 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:26:48.0898 3064 SamSs - ok
12:26:48.0945 3064 [ C5D996556C9DF4716A09E7F8C3DDD2CF ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:26:48.0992 3064 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
12:26:48.0992 3064 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
12:26:49.0007 3064 [ 7F1085895E499907F68DF7731924122B ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:26:49.0038 3064 SASENUM ( UnsignedFile.Multi.Generic ) - warning
12:26:49.0038 3064 SASENUM - detected UnsignedFile.Multi.Generic (1)
12:26:49.0054 3064 [ 1380AB4AC393B5D3E21521FCED3CD834 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:26:49.0085 3064 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
12:26:49.0085 3064 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
12:26:49.0117 3064 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:26:49.0257 3064 SCardSvr - ok
12:26:49.0288 3064 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:26:49.0429 3064 Schedule - ok
12:26:49.0476 3064 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:26:49.0601 3064 Secdrv - ok
12:26:49.0632 3064 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:26:49.0757 3064 seclogon - ok
12:26:49.0788 3064 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:26:49.0913 3064 SENS - ok
12:26:49.0960 3064 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
12:26:49.0976 3064 Ser2pl - ok
12:26:50.0023 3064 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:26:50.0163 3064 serenum - ok
12:26:50.0179 3064 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:26:50.0304 3064 Serial - ok
12:26:50.0335 3064 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:26:50.0460 3064 Sfloppy - ok
12:26:50.0507 3064 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:26:50.0648 3064 SharedAccess - ok
12:26:50.0679 3064 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:26:50.0710 3064 ShellHWDetection - ok
12:26:50.0710 3064 Simbad - ok
12:26:50.0757 3064 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:26:50.0898 3064 sisagp - ok
12:26:50.0913 3064 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:26:51.0054 3064 SLIP - ok
12:26:51.0101 3064 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:26:51.0241 3064 SONYPVU1 - ok
12:26:51.0257 3064 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:26:51.0335 3064 Sparrow - ok
12:26:51.0366 3064 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:26:51.0491 3064 splitter - ok
12:26:51.0523 3064 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:26:51.0570 3064 Spooler - ok
12:26:51.0601 3064 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:26:51.0741 3064 sr - ok
12:26:51.0773 3064 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:26:51.0913 3064 srservice - ok
12:26:51.0960 3064 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:26:51.0976 3064 Srv - ok
12:26:52.0023 3064 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:26:52.0054 3064 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
12:26:52.0054 3064 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
12:26:52.0085 3064 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:26:52.0226 3064 SSDPSRV - ok
12:26:52.0226 3064 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
12:26:52.0241 3064 ssrtln ( UnsignedFile.Multi.Generic ) - warning
12:26:52.0241 3064 ssrtln - detected UnsignedFile.Multi.Generic (1)
12:26:52.0288 3064 [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:26:52.0320 3064 STHDA - ok
12:26:52.0366 3064 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:26:52.0491 3064 stisvc - ok
12:26:52.0523 3064 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:26:52.0648 3064 streamip - ok
12:26:52.0663 3064 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:26:52.0788 3064 swenum - ok
12:26:52.0804 3064 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:26:52.0929 3064 swmidi - ok
12:26:52.0945 3064 SwPrv - ok
12:26:52.0976 3064 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:26:53.0101 3064 symc810 - ok
12:26:53.0116 3064 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:26:53.0273 3064 symc8xx - ok
12:26:53.0288 3064 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:26:53.0429 3064 sym_hi - ok
12:26:53.0445 3064 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:26:53.0585 3064 sym_u3 - ok
12:26:53.0601 3064 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:26:53.0757 3064 sysaudio - ok
12:26:53.0788 3064 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:26:53.0898 3064 SysmonLog - ok
12:26:53.0929 3064 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:26:54.0069 3064 TapiSrv - ok
12:26:54.0116 3064 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:26:54.0148 3064 Tcpip - ok
12:26:54.0194 3064 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:26:54.0319 3064 TDPIPE - ok
12:26:54.0351 3064 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:26:54.0476 3064 TDTCP - ok
12:26:54.0507 3064 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:26:54.0632 3064 TermDD - ok
12:26:54.0694 3064 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:26:54.0835 3064 TermService - ok
12:26:54.0898 3064 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
12:26:54.0913 3064 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
12:26:54.0913 3064 tfsnboio - detected UnsignedFile.Multi.Generic (1)
12:26:54.0913 3064 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
12:26:54.0929 3064 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
12:26:54.0929 3064 tfsncofs - detected UnsignedFile.Multi.Generic (1)
12:26:54.0960 3064 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
12:26:54.0960 3064 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
12:26:54.0960 3064 tfsndrct - detected UnsignedFile.Multi.Generic (1)
12:26:54.0976 3064 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
12:26:54.0991 3064 tfsndres ( UnsignedFile.Multi.Generic ) - warning
12:26:54.0991 3064 tfsndres - detected UnsignedFile.Multi.Generic (1)
12:26:55.0007 3064 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
12:26:55.0007 3064 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
12:26:55.0007 3064 tfsnifs - detected UnsignedFile.Multi.Generic (1)
12:26:55.0023 3064 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
12:26:55.0054 3064 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
12:26:55.0054 3064 tfsnopio - detected UnsignedFile.Multi.Generic (1)
12:26:55.0069 3064 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
12:26:55.0085 3064 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
12:26:55.0085 3064 tfsnpool - detected UnsignedFile.Multi.Generic (1)
12:26:55.0116 3064 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
12:26:55.0132 3064 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
12:26:55.0132 3064 tfsnudf - detected UnsignedFile.Multi.Generic (1)
12:26:55.0148 3064 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
12:26:55.0179 3064 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
12:26:55.0179 3064 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
12:26:55.0194 3064 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:26:55.0210 3064 Themes - ok
12:26:55.0257 3064 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:26:55.0382 3064 TlntSvr - ok
12:26:55.0429 3064 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:26:55.0585 3064 TosIde - ok
12:26:55.0601 3064 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:26:55.0741 3064 TrkWks - ok
12:26:55.0773 3064 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:26:55.0913 3064 Udfs - ok
12:26:55.0944 3064 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:26:56.0023 3064 ultra - ok
12:26:56.0069 3064 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:26:56.0194 3064 Update - ok
12:26:56.0226 3064 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:26:56.0366 3064 upnphost - ok
12:26:56.0382 3064 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:26:56.0507 3064 UPS - ok
12:26:56.0538 3064 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:26:56.0679 3064 usbccgp - ok
12:26:56.0710 3064 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:26:56.0835 3064 usbehci - ok
12:26:56.0866 3064 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:26:57.0007 3064 usbhub - ok
12:26:57.0038 3064 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:26:57.0163 3064 usbprint - ok
12:26:57.0194 3064 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:26:57.0319 3064 usbscan - ok
12:26:57.0351 3064 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:26:57.0476 3064 USBSTOR - ok
12:26:57.0507 3064 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:26:57.0632 3064 usbuhci - ok
12:26:57.0647 3064 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
12:26:57.0788 3064 USB_RNDIS - ok
12:26:57.0819 3064 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
12:26:57.0835 3064 VComm ( UnsignedFile.Multi.Generic ) - warning
12:26:57.0835 3064 VComm - detected UnsignedFile.Multi.Generic (1)
12:26:57.0882 3064 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:26:57.0913 3064 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
12:26:57.0913 3064 VcommMgr - detected UnsignedFile.Multi.Generic (1)
12:26:57.0944 3064 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:26:58.0069 3064 VgaSave - ok
12:26:58.0132 3064 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:26:58.0241 3064 viaagp - ok
12:26:58.0257 3064 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:26:58.0397 3064 ViaIde - ok
12:26:58.0429 3064 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:26:58.0429 3064 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
12:26:58.0429 3064 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
12:26:58.0460 3064 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:26:58.0585 3064 VolSnap - ok
12:26:58.0616 3064 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:26:58.0741 3064 VSS - ok
12:26:58.0772 3064 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
12:26:58.0897 3064 w32time - ok
12:26:58.0929 3064 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:26:59.0054 3064 Wanarp - ok
12:26:59.0069 3064 wanatw - ok
12:26:59.0069 3064 WDICA - ok
12:26:59.0101 3064 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:26:59.0241 3064 wdmaud - ok
12:26:59.0257 3064 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:26:59.0413 3064 WebClient - ok
12:26:59.0460 3064 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:26:59.0507 3064 winachsf - ok
12:26:59.0585 3064 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:26:59.0726 3064 winmgmt - ok
12:26:59.0772 3064 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:26:59.0788 3064 WmdmPmSN - ok
12:26:59.0819 3064 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:26:59.0851 3064 Wmi - ok
12:26:59.0882 3064 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:27:00.0022 3064 WmiApSrv - ok
12:27:00.0116 3064 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:27:00.0147 3064 WMPNetworkSvc - ok
12:27:00.0179 3064 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:27:00.0335 3064 WS2IFSL - ok
12:27:00.0382 3064 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:27:00.0491 3064 wscsvc - ok
12:27:00.0522 3064 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:27:00.0647 3064 WSTCODEC - ok
12:27:00.0694 3064 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:27:00.0819 3064 wuauserv - ok
12:27:00.0850 3064 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:27:00.0882 3064 WudfPf - ok
12:27:00.0897 3064 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:27:00.0929 3064 WudfRd - ok
12:27:00.0960 3064 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:27:00.0991 3064 WudfSvc - ok
12:27:01.0054 3064 [ E8C30EF9BBC6DDB71F0F77FA3A96515F ] WUSB54GSv2SVC C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
12:27:01.0069 3064 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - warning
12:27:01.0069 3064 WUSB54GSv2SVC - detected UnsignedFile.Multi.Generic (1)
12:27:01.0100 3064 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:27:01.0241 3064 WZCSVC - ok
12:27:01.0272 3064 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:27:01.0413 3064 xmlprov - ok
12:27:01.0429 3064 ================ Scan global ===============================
12:27:01.0460 3064 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:27:01.0507 3064 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
12:27:01.0522 3064 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
12:27:01.0554 3064 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:27:01.0554 3064 [Global] - ok
12:27:01.0554 3064 ================ Scan MBR ==================================
12:27:01.0569 3064 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
12:27:01.0882 3064 \Device\Harddisk0\DR0 - ok
12:27:01.0882 3064 ================ Scan VBR ==================================
12:27:01.0882 3064 [ 6673119A2FFB216A836088D3B948C06D ] \Device\Harddisk0\DR0\Partition1
12:27:01.0897 3064 \Device\Harddisk0\DR0\Partition1 - ok
12:27:01.0897 3064 ============================================================
12:27:01.0897 3064 Scan finished
12:27:01.0897 3064 ============================================================
12:27:02.0022 1640 Detected object count: 48
12:27:02.0022 1640 Actual detected object count: 48
12:30:38.0373 1640 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0373 1640 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0373 1640 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0373 1640 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0373 1640 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0373 1640 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0373 1640 BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0373 1640 BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 BT ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0389 1640 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0389 1640 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0405 1640 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0405 1640 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 MA311 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 MA311 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 McDetect.exe ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 McDetect.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 McTskshd.exe ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 McTskshd.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0420 1640 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0420 1640 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0436 1640 MPFIREWL ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0436 1640 MPFIREWL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0436 1640 MpfService ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0436 1640 MpfService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0436 1640 MskService ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0436 1640 MskService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0436 1640 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0436 1640 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0436 1640 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0436 1640 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0451 1640 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0451 1640 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0467 1640 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0467 1640 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0483 1640 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0483 1640 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0483 1640 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0483 1640 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0483 1640 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0483 1640 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0483 1640 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0483 1640 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0483 1640 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0483 1640 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:38.0498 1640 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:38.0498 1640 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:14.0544 1568 ============================================================
12:31:14.0544 1568 Scan started
12:31:14.0544 1568 Mode: Manual; SigCheck; TDLFS;
12:31:14.0544 1568 ============================================================
12:31:14.0669 1568 ================ Scan system memory ========================
12:31:14.0669 1568 System memory - ok
12:31:14.0669 1568 ================ Scan services =============================
12:31:15.0200 1568 [ 8D488938E2F7048906F1FBD3AF394887 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
12:31:15.0216 1568 Aavmker4 - ok
12:31:15.0341 1568 [ C7572C802FEC8F539253C2D52BC2972C ] aawservice C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
12:31:15.0372 1568 aawservice - ok
12:31:15.0372 1568 Abiosdsk - ok
12:31:15.0403 1568 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:31:15.0591 1568 abp480n5 - ok
12:31:15.0638 1568 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:31:15.0841 1568 ACPI - ok
12:31:15.0856 1568 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:31:15.0997 1568 ACPIEC - ok
12:31:16.0075 1568 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:16.0091 1568 AdobeFlashPlayerUpdateSvc - ok
12:31:16.0106 1568 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:31:16.0247 1568 adpu160m - ok
12:31:16.0263 1568 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:31:16.0403 1568 aec - ok
12:31:16.0419 1568 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:31:16.0450 1568 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:31:16.0450 1568 AegisP - detected UnsignedFile.Multi.Generic (1)
12:31:16.0497 1568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:31:16.0528 1568 AFD - ok
12:31:16.0559 1568 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:31:16.0591 1568 AFS2K - ok
12:31:16.0622 1568 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:31:16.0747 1568 agp440 - ok
12:31:16.0794 1568 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:31:16.0919 1568 agpCPQ - ok
12:31:16.0950 1568 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:31:17.0013 1568 Aha154x - ok
12:31:17.0044 1568 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:31:17.0200 1568 aic78u2 - ok
12:31:17.0216 1568 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:31:17.0341 1568 aic78xx - ok
12:31:17.0372 1568 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:31:17.0497 1568 Alerter - ok
12:31:17.0512 1568 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:31:17.0653 1568 ALG - ok
12:31:17.0684 1568 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:31:17.0825 1568 AliIde - ok
12:31:17.0856 1568 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:31:17.0981 1568 alim1541 - ok
12:31:18.0028 1568 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:31:18.0153 1568 amdagp - ok
12:31:18.0169 1568 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:31:18.0262 1568 amsint - ok
12:31:18.0325 1568 [ 3A4982DF893F198A2DFBCCD4CE10F93A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:31:18.0356 1568 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
12:31:18.0356 1568 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
12:31:18.0403 1568 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:31:18.0591 1568 AppMgmt - ok
12:31:18.0606 1568 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:31:18.0809 1568 asc - ok
12:31:18.0825 1568 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:31:18.0903 1568 asc3350p - ok
12:31:18.0919 1568 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:31:19.0028 1568 asc3550 - ok
12:31:19.0309 1568 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:31:19.0309 1568 aspnet_state - ok
12:31:19.0356 1568 [ A0D86B8AC93EF95620420C7A24AC5344 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:31:19.0372 1568 aswFsBlk - ok
12:31:19.0403 1568 [ 7D880C76A285A41284D862E2D798EC0D ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
12:31:19.0419 1568 aswMon2 - ok
12:31:19.0450 1568 [ 69823954BBD461A73D69774928C9737E ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
12:31:19.0466 1568 aswRdr - ok
12:31:19.0497 1568 [ 7ECC2776638B04553F9A85BD684C3ABF ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:31:19.0497 1568 aswSP - ok
12:31:19.0528 1568 [ 095ED820A926AA8189180B305E1BCFC9 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:31:19.0544 1568 aswTdi - ok
12:31:19.0559 1568 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:31:19.0700 1568 AsyncMac - ok
12:31:19.0716 1568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:31:19.0841 1568 atapi - ok
12:31:19.0841 1568 Atdisk - ok
12:31:19.0903 1568 [ 465874CA7CE49A2154104509A5A42936 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:31:19.0966 1568 Ati HotKey Poller - ok
12:31:20.0028 1568 [ 3483E6D18B811229A337FF1D105270D9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
12:31:20.0044 1568 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
12:31:20.0044 1568 ATI Smart - detected UnsignedFile.Multi.Generic (1)
12:31:20.0153 1568 [ 7790F8D1000FCE5CFD33CCF4F861928F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:31:20.0278 1568 ati2mtag - ok
12:31:20.0309 1568 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:31:20.0434 1568 Atmarpc - ok
12:31:20.0481 1568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:31:20.0622 1568 AudioSrv - ok
12:31:20.0653 1568 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:31:20.0794 1568 audstub - ok
12:31:20.0887 1568 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:31:20.0903 1568 avast! Antivirus - ok
12:31:20.0903 1568 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:31:20.0919 1568 avast! Mail Scanner - ok
12:31:20.0919 1568 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:31:20.0934 1568 avast! Web Scanner - ok
12:31:20.0965 1568 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
12:31:20.0981 1568 BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
12:31:20.0981 1568 BCM42RLY - detected UnsignedFile.Multi.Generic (1)
12:31:21.0028 1568 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:31:21.0169 1568 Beep - ok
12:31:21.0215 1568 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:31:21.0356 1568 BITS - ok
12:31:21.0387 1568 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:31:21.0387 1568 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0387 1568 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
12:31:21.0419 1568 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:31:21.0559 1568 Browser - ok
12:31:21.0637 1568 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
12:31:21.0653 1568 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0653 1568 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
12:31:21.0684 1568 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:31:21.0715 1568 BT ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0715 1568 BT - detected UnsignedFile.Multi.Generic (1)
12:31:21.0747 1568 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
12:31:21.0762 1568 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0762 1568 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
12:31:21.0794 1568 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:31:21.0934 1568 BthEnum - ok
12:31:21.0950 1568 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
12:31:21.0965 1568 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0965 1568 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
12:31:21.0997 1568 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:31:21.0997 1568 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
12:31:21.0997 1568 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
12:31:22.0012 1568 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:31:22.0137 1568 BthPan - ok
12:31:22.0184 1568 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:31:22.0215 1568 BTHPORT - ok
12:31:22.0262 1568 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:31:22.0372 1568 BthServ - ok
12:31:22.0403 1568 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:31:22.0544 1568 BTHUSB - ok
12:31:22.0544 1568 bvrp_pci - ok
12:31:22.0590 1568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:31:22.0715 1568 cbidf - ok
12:31:22.0731 1568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:31:22.0856 1568 cbidf2k - ok
12:31:22.0903 1568 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:31:23.0028 1568 CCDECODE - ok
12:31:23.0059 1568 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:31:23.0137 1568 cd20xrnt - ok
12:31:23.0169 1568 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:31:23.0309 1568 Cdaudio - ok
12:31:23.0340 1568 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:31:23.0465 1568 Cdfs - ok
12:31:23.0481 1568 Changer - ok
12:31:23.0512 1568 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:31:23.0637 1568 CiSvc - ok
12:31:23.0669 1568 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:31:23.0794 1568 ClipSrv - ok
12:31:23.0856 1568 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:23.0872 1568 clr_optimization_v2.0.50727_32 - ok
12:31:23.0903 1568 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:31:24.0043 1568 CmdIde - ok
12:31:24.0059 1568 COMSysApp - ok
12:31:24.0090 1568 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:31:24.0231 1568 Cpqarray - ok
12:31:24.0262 1568 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:31:24.0403 1568 CryptSvc - ok
12:31:24.0434 1568 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:31:24.0559 1568 dac2w2k - ok
12:31:24.0590 1568 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:31:24.0715 1568 dac960nt - ok
12:31:24.0747 1568 [ B1AD007F9A7DD8CFC981958D5C167D2D ] DcCam C:\WINDOWS\system32\DRIVERS\DcCam.sys
12:31:24.0778 1568 DcCam - ok
12:31:24.0809 1568 [ 5FD20284CAAF112201311619FF89FA44 ] DcFpoint C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
12:31:24.0856 1568 DcFpoint - ok
12:31:24.0872 1568 [ 867F7E6841B15D32481C3F1B83364E3A ] DCFS2K C:\WINDOWS\system32\drivers\dcfs2k.sys
12:31:24.0887 1568 DCFS2K - ok
12:31:24.0903 1568 [ 1B889AC45FAF088FF2AF690779368956 ] DcLps C:\WINDOWS\system32\DRIVERS\DcLps.sys
12:31:24.0934 1568 DcLps - ok
12:31:24.0965 1568 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:31:24.0997 1568 DcomLaunch - ok
12:31:25.0028 1568 [ 4AFAEA300A82F0470DC8B8ABD619ABA8 ] DcPTP C:\WINDOWS\system32\DRIVERS\DcPTP.sys
12:31:25.0059 1568 DcPTP - ok
12:31:25.0090 1568 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:31:25.0231 1568 Dhcp - ok
12:31:25.0247 1568 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:31:25.0372 1568 Disk - ok
12:31:25.0372 1568 dmadmin - ok
12:31:25.0418 1568 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:31:25.0590 1568 dmboot - ok
12:31:25.0606 1568 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:31:25.0731 1568 dmio - ok
12:31:25.0762 1568 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:31:25.0903 1568 dmload - ok
12:31:25.0934 1568 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:31:26.0059 1568 dmserver - ok
12:31:26.0090 1568 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:31:26.0231 1568 DMusic - ok
12:31:26.0262 1568 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:31:26.0293 1568 Dnscache - ok
12:31:26.0356 1568 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:31:26.0465 1568 Dot3svc - ok
12:31:26.0497 1568 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:31:26.0637 1568 dpti2o - ok
12:31:26.0684 1568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:31:26.0793 1568 drmkaud - ok
12:31:26.0825 1568 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
12:31:26.0840 1568 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
12:31:26.0840 1568 drvmcdb - detected UnsignedFile.Multi.Generic (1)
12:31:26.0856 1568 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
12:31:26.0872 1568 drvnddm ( UnsignedFile.Multi.Generic ) - warning
12:31:26.0872 1568 drvnddm - detected UnsignedFile.Multi.Generic (1)
12:31:26.0918 1568 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
12:31:26.0934 1568 DSBrokerService - ok
12:31:26.0997 1568 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:31:27.0012 1568 DSproct ( UnsignedFile.Multi.Generic ) - warning
12:31:27.0012 1568 DSproct - detected UnsignedFile.Multi.Generic (1)
12:31:27.0059 1568 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
12:31:27.0090 1568 dsunidrv - ok
12:31:27.0106 1568 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:31:27.0246 1568 E100B - ok
12:31:27.0278 1568 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:31:27.0293 1568 e1express - ok
12:31:27.0325 1568 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:31:27.0465 1568 EapHost - ok
12:31:27.0528 1568 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:31:27.0559 1568 ehRecvr - ok
12:31:27.0575 1568 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:31:27.0606 1568 ehSched - ok
12:31:27.0637 1568 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:31:27.0762 1568 ERSvc - ok
12:31:27.0809 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:31:27.0856 1568 Eventlog - ok
12:31:27.0903 1568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:31:27.0934 1568 EventSystem - ok
12:31:27.0965 1568 [ 7AE55F93DA22F0732993BCE6093105DD ] Exportit C:\WINDOWS\system32\DRIVERS\exportit.sys
12:31:27.0965 1568 Exportit - ok
12:31:28.0012 1568 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:31:28.0153 1568 Fastfat - ok
12:31:28.0200 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:31:28.0231 1568 FastUserSwitchingCompatibility - ok
12:31:28.0262 1568 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:31:28.0403 1568 Fax - ok
12:31:28.0418 1568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:31:28.0543 1568 Fdc - ok
12:31:28.0590 1568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:31:28.0715 1568 Fips - ok
12:31:28.0746 1568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:31:28.0871 1568 Flpydisk - ok
12:31:28.0918 1568 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:31:29.0028 1568 FltMgr - ok
12:31:29.0106 1568 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:31:29.0121 1568 FontCache3.0.0.0 - ok
12:31:29.0153 1568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:31:29.0293 1568 Fs_Rec - ok
12:31:29.0325 1568 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:31:29.0450 1568 Ftdisk - ok
12:31:29.0496 1568 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:31:29.0496 1568 GEARAspiWDM - ok
12:31:29.0543 1568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:31:29.0653 1568 Gpc - ok
12:31:29.0684 1568 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
12:31:29.0700 1568 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:31:29.0700 1568 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
12:31:29.0793 1568 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:31:29.0793 1568 gupdate - ok
12:31:29.0809 1568 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:31:29.0825 1568 gupdatem - ok
12:31:29.0840 1568 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:31:29.0981 1568 HDAudBus - ok
12:31:30.0059 1568 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:31:30.0200 1568 helpsvc - ok
12:31:30.0231 1568 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:31:30.0371 1568 HidServ - ok
12:31:30.0403 1568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:31:30.0543 1568 HidUsb - ok
12:31:30.0574 1568 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:31:30.0809 1568 hkmsvc - ok
12:31:30.0809 1568 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:31:30.0949 1568 hpn - ok
12:31:31.0028 1568 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
12:31:31.0043 1568 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:31:31.0043 1568 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:31:31.0121 1568 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
12:31:31.0153 1568 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:31:31.0153 1568 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:31:31.0184 1568 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:31:31.0215 1568 HPZid412 - ok
12:31:31.0246 1568 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:31:31.0278 1568 HPZipr12 - ok
12:31:31.0324 1568 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:31:31.0356 1568 HPZius12 - ok
12:31:31.0403 1568 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:31:31.0434 1568 HSFHWBS2 - ok
12:31:31.0481 1568 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:31:31.0512 1568 HSF_DP - ok
12:31:31.0574 1568 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:31:31.0590 1568 HTTP - ok
12:31:31.0621 1568 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:31:31.0746 1568 HTTPFilter - ok
12:31:31.0793 1568 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:31:31.0903 1568 i2omgmt - ok
12:31:31.0949 1568 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:31:32.0074 1568 i2omp - ok
12:31:32.0106 1568 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:31:32.0246 1568 i8042prt - ok
12:31:32.0309 1568 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
12:31:32.0324 1568 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
12:31:32.0324 1568 IAANTMon - detected UnsignedFile.Multi.Generic (1)
12:31:32.0387 1568 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
12:31:32.0449 1568 iastor - ok
12:31:32.0543 1568 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:31:32.0559 1568 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:31:32.0559 1568 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:31:32.0715 1568 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:31:32.0746 1568 idsvc - ok
12:31:32.0793 1568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:31:32.0918 1568 Imapi - ok
12:31:32.0965 1568 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:31:33.0090 1568 ImapiService - ok
12:31:33.0121 1568 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:31:33.0246 1568 ini910u - ok
12:31:33.0278 1568 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:31:33.0403 1568 IntelIde - ok
12:31:33.0449 1568 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:31:33.0559 1568 intelppm - ok
12:31:33.0574 1568 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:31:33.0715 1568 Ip6Fw - ok
12:31:33.0746 1568 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:31:33.0871 1568 IpFilterDriver - ok
12:31:33.0902 1568 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:31:34.0012 1568 IpInIp - ok
12:31:34.0043 1568 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:31:34.0168 1568 IpNat - ok
12:31:34.0231 1568 [ 97BAD81620E9F115F86D79952C625916 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:31:34.0246 1568 iPod Service - ok
12:31:34.0262 1568 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:31:34.0387 1568 IPSec - ok
12:31:34.0402 1568 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:31:34.0527 1568 IRENUM - ok
12:31:34.0559 1568 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:31:34.0699 1568 isapnp - ok
12:31:34.0840 1568 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:31:34.0856 1568 JavaQuickStarterService - ok
12:31:34.0887 1568 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:31:35.0027 1568 Kbdclass - ok
12:31:35.0074 1568 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:31:35.0184 1568 kbdhid - ok
12:31:35.0215 1568 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:31:35.0356 1568 kmixer - ok
12:31:35.0387 1568 [ 4E1060D2F3B745931CF83B3649BE8A57 ] KodakCCS C:\WINDOWS\system32\drivers\KodakCCS.exe
12:31:35.0418 1568 KodakCCS - ok
12:31:35.0465 1568 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:31:35.0496 1568 KSecDD - ok
12:31:35.0527 1568 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:31:35.0559 1568 lanmanserver - ok
12:31:35.0590 1568 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:31:35.0606 1568 lanmanworkstation - ok
12:31:35.0621 1568 lbrtfdc - ok
12:31:35.0652 1568 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:31:35.0777 1568 LmHosts - ok
12:31:35.0824 1568 [ 1424D699DC7E5C9672E4B93152B68B12 ] MA311 C:\WINDOWS\system32\DRIVERS\ma311n51.sys
12:31:35.0840 1568 MA311 ( UnsignedFile.Multi.Generic ) - warning
12:31:35.0840 1568 MA311 - detected UnsignedFile.Multi.Generic (1)
12:31:35.0949 1568 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
12:31:35.0965 1568 McComponentHostService - ok
12:31:36.0059 1568 [ F73B0F3EBD90B1C87A3B93BE94E831C7 ] McDetect.exe c:\program files\mcafee.com\agent\mcdetect.exe
12:31:36.0059 1568 McDetect.exe ( UnsignedFile.Multi.Generic ) - warning
12:31:36.0059 1568 McDetect.exe - detected UnsignedFile.Multi.Generic (1)
12:31:36.0090 1568 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
12:31:36.0137 1568 McrdSvc - ok
12:31:36.0168 1568 [ A214E217784D1002411DCA8E9793D4A4 ] McTskshd.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
12:31:36.0184 1568 McTskshd.exe ( UnsignedFile.Multi.Generic ) - warning
12:31:36.0184 1568 McTskshd.exe - detected UnsignedFile.Multi.Generic (1)
12:31:36.0184 1568 mcupdmgr.exe - ok
12:31:36.0231 1568 [ BEE76AC58BB524523A84000BA8EFE55A ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:31:36.0246 1568 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
12:31:36.0246 1568 MDC8021X - detected UnsignedFile.Multi.Generic (1)
12:31:36.0262 1568 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:31:36.0277 1568 mdmxsdk - ok
12:31:36.0309 1568 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:31:36.0418 1568 Messenger - ok
12:31:36.0449 1568 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
12:31:36.0465 1568 MHN ( UnsignedFile.Multi.Generic ) - warning
12:31:36.0465 1568 MHN - detected UnsignedFile.Multi.Generic (1)
12:31:36.0496 1568 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:31:36.0496 1568 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:31:36.0496 1568 MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:31:36.0527 1568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:31:36.0652 1568 mnmdd - ok
12:31:36.0684 1568 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:31:36.0809 1568 mnmsrvc - ok
12:31:36.0840 1568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:31:36.0949 1568 Modem - ok
12:31:36.0965 1568 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:31:37.0105 1568 MODEMCSA - ok
12:31:37.0121 1568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:31:37.0262 1568 Mouclass - ok
12:31:37.0277 1568 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:31:37.0418 1568 mouhid - ok
12:31:37.0449 1568 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:31:37.0590 1568 MountMgr - ok
12:31:37.0637 1568 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:31:37.0652 1568 MozillaMaintenance - ok
12:31:37.0684 1568 [ 537B049DBABA4FEBCDAAE711C0F2805B ] MPFIREWL C:\WINDOWS\system32\Drivers\MpFirewall.sys
12:31:37.0715 1568 MPFIREWL ( UnsignedFile.Multi.Generic ) - warning
12:31:37.0715 1568 MPFIREWL - detected UnsignedFile.Multi.Generic (1)
12:31:37.0777 1568 [ 316535E69181703D4CE4623DEA29FECB ] MpfService C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
12:31:37.0824 1568 MpfService ( UnsignedFile.Multi.Generic ) - warning
12:31:37.0824 1568 MpfService - detected UnsignedFile.Multi.Generic (1)
12:31:37.0855 1568 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:31:37.0980 1568 mraid35x - ok
12:31:38.0012 1568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:31:38.0152 1568 MRxDAV - ok
12:31:38.0184 1568 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:31:38.0324 1568 MSDTC - ok
12:31:38.0340 1568 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:31:38.0465 1568 Msfs - ok
12:31:38.0465 1568 MSIServer - ok
12:31:38.0559 1568 [ 4DB8F824F17B8D9CC5826FBDF0205870 ] MskService C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
12:31:38.0621 1568 MskService ( UnsignedFile.Multi.Generic ) - warning
12:31:38.0621 1568 MskService - detected UnsignedFile.Multi.Generic (1)
12:31:38.0668 1568 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:31:38.0777 1568 MSKSSRV - ok
12:31:38.0793 1568 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:31:38.0902 1568 MSPCLOCK - ok
12:31:38.0918 1568 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:31:39.0059 1568 MSPQM - ok
12:31:39.0090 1568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:31:39.0199 1568 mssmbios - ok
12:31:39.0215 1568 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:31:39.0355 1568 MSTEE - ok
12:31:39.0387 1568 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:31:39.0402 1568 Mup - ok
12:31:39.0434 1568 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:31:39.0559 1568 NABTSFEC - ok
12:31:39.0605 1568 [ AFFD46144D763D9046673DD2D012CFF9 ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys
12:31:39.0637 1568 NaiAvFilter1 - ok
12:31:39.0668 1568 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:31:39.0809 1568 napagent - ok
12:31:39.0824 1568 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:31:39.0949 1568 NDIS - ok
12:31:39.0965 1568 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:31:40.0090 1568 NdisIP - ok
12:31:40.0137 1568 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:31:40.0168 1568 NdisTapi - ok
12:31:40.0199 1568 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:31:40.0324 1568 Ndisuio - ok
12:31:40.0340 1568 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:31:40.0465 1568 NdisWan - ok
12:31:40.0496 1568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:31:40.0512 1568 NDProxy - ok
12:31:40.0558 1568 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:31:40.0558 1568 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:31:40.0558 1568 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:31:40.0574 1568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:31:40.0699 1568 NetBIOS - ok
12:31:40.0746 1568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:31:40.0855 1568 NetBT - ok
12:31:40.0887 1568 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:31:40.0996 1568 NetDDE - ok
12:31:41.0012 1568 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:31:41.0137 1568 NetDDEdsdm - ok
12:31:41.0168 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:31:41.0277 1568 Netlogon - ok
12:31:41.0308 1568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:31:41.0433 1568 Netman - ok
12:31:41.0543 1568 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:31:41.0558 1568 NetSvc ( UnsignedFile.Multi.Generic ) - warning
12:31:41.0558 1568 NetSvc - detected UnsignedFile.Multi.Generic (1)
12:31:41.0605 1568 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:41.0621 1568 NetTcpPortSharing - ok
12:31:41.0683 1568 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:31:41.0699 1568 Nla - ok
12:31:41.0730 1568 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:31:41.0855 1568 Npfs - ok
12:31:41.0902 1568 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:31:42.0058 1568 Ntfs - ok
12:31:42.0074 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:31:42.0199 1568 NtLmSsp - ok
12:31:42.0246 1568 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:31:42.0371 1568 NtmsSvc - ok
12:31:42.0387 1568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:31:42.0512 1568 Null - ok
12:31:42.0574 1568 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:31:42.0715 1568 nv - ok
12:31:42.0746 1568 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:31:42.0887 1568 NwlnkFlt - ok
12:31:42.0918 1568 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:31:43.0027 1568 NwlnkFwd - ok
12:31:43.0058 1568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:31:43.0199 1568 Parport - ok
12:31:43.0215 1568 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:31:43.0340 1568 PartMgr - ok
12:31:43.0355 1568 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:31:43.0480 1568 ParVdm - ok
12:31:43.0511 1568 PCANDIS5 - ok
12:31:43.0543 1568 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:31:43.0683 1568 PCI - ok
12:31:43.0683 1568 PCIDump - ok
12:31:43.0715 1568 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:31:43.0855 1568 PCIIde - ok
12:31:43.0871 1568 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:31:43.0996 1568 Pcmcia - ok
12:31:43.0996 1568 PDCOMP - ok
12:31:44.0011 1568 PDFRAME - ok
12:31:44.0011 1568 PDRELI - ok
12:31:44.0027 1568 PDRFRAME - ok
12:31:44.0043 1568 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:31:44.0168 1568 perc2 - ok
12:31:44.0199 1568 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:31:44.0324 1568 perc2hib - ok
12:31:44.0371 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:31:44.0386 1568 PlugPlay - ok
12:31:44.0433 1568 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:31:44.0449 1568 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:31:44.0449 1568 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:31:44.0480 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:31:44.0605 1568 PolicyAgent - ok
12:31:44.0652 1568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:31:44.0761 1568 PptpMiniport - ok
12:31:44.0777 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:31:44.0886 1568 ProtectedStorage - ok
12:31:44.0918 1568 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:31:45.0043 1568 PSched - ok
12:31:45.0090 1568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:31:45.0230 1568 Ptilink - ok
12:31:45.0277 1568 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:31:45.0293 1568 PxHelp20 - ok
12:31:45.0308 1568 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:31:45.0433 1568 ql1080 - ok
12:31:45.0465 1568 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:31:45.0605 1568 Ql10wnt - ok
12:31:45.0636 1568 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:31:45.0761 1568 ql12160 - ok
12:31:45.0793 1568 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:31:45.0918 1568 ql1240 - ok
12:31:45.0949 1568 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:31:46.0090 1568 ql1280 - ok
12:31:46.0121 1568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:31:46.0246 1568 RasAcd - ok
12:31:46.0277 1568 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:31:46.0418 1568 RasAuto - ok
12:31:46.0449 1568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:31:46.0574 1568 Rasl2tp - ok
12:31:46.0605 1568 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:31:46.0730 1568 RasMan - ok
12:31:46.0746 1568 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:31:46.0871 1568 RasPppoe - ok
12:31:46.0886 1568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:31:47.0011 1568 Raspti - ok
12:31:47.0027 1568 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:31:47.0152 1568 Rdbss - ok
12:31:47.0168 1568 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:31:47.0277 1568 RDPCDD - ok
12:31:47.0324 1568 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:31:47.0464 1568 rdpdr - ok
12:31:47.0496 1568 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:31:47.0543 1568 RDPWD - ok
12:31:47.0589 1568 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:31:47.0699 1568 RDSessMgr - ok
12:31:47.0730 1568 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:31:47.0855 1568 redbook - ok
12:31:47.0886 1568 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:31:48.0027 1568 RemoteAccess - ok
12:31:48.0058 1568 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:31:48.0199 1568 RemoteRegistry - ok
12:31:48.0230 1568 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:31:48.0355 1568 RFCOMM - ok
12:31:48.0402 1568 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
12:31:48.0418 1568 RimUsb - ok
12:31:48.0449 1568 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:31:48.0480 1568 RimVSerPort - ok
12:31:48.0511 1568 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:31:48.0621 1568 ROOTMODEM - ok
12:31:48.0746 1568 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
12:31:48.0761 1568 Roxio UPnP Renderer 9 - ok
12:31:48.0839 1568 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
12:31:48.0855 1568 Roxio Upnp Server 9 - ok
12:31:49.0058 1568 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
12:31:49.0074 1568 RoxLiveShare9 - ok
12:31:49.0214 1568 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:31:49.0261 1568 RoxMediaDB9 - ok
12:31:49.0339 1568 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:31:49.0355 1568 RoxWatch9 - ok
12:31:49.0418 1568 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:31:49.0527 1568 RpcLocator - ok
12:31:49.0558 1568 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:31:49.0589 1568 RpcSs - ok
12:31:49.0636 1568 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:31:49.0761 1568 RSVP - ok
12:31:49.0777 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:31:49.0902 1568 SamSs - ok
12:31:49.0949 1568 [ C5D996556C9DF4716A09E7F8C3DDD2CF ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:31:49.0964 1568 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
12:31:49.0964 1568 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
12:31:49.0996 1568 [ 7F1085895E499907F68DF7731924122B ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:31:50.0011 1568 SASENUM ( UnsignedFile.Multi.Generic ) - warning
12:31:50.0011 1568 SASENUM - detected UnsignedFile.Multi.Generic (1)
12:31:50.0042 1568 [ 1380AB4AC393B5D3E21521FCED3CD834 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:31:50.0058 1568 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
12:31:50.0058 1568 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
12:31:50.0105 1568 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:31:50.0230 1568 SCardSvr - ok
12:31:50.0277 1568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:31:50.0417 1568 Schedule - ok
12:31:50.0449 1568 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:31:50.0574 1568 Secdrv - ok
12:31:50.0605 1568 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:31:50.0730 1568 seclogon - ok
12:31:50.0761 1568 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:31:50.0886 1568 SENS - ok
12:31:50.0902 1568 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
12:31:50.0933 1568 Ser2pl - ok
12:31:50.0980 1568 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:31:51.0105 1568 serenum - ok
12:31:51.0152 1568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:31:51.0261 1568 Serial - ok
12:31:51.0292 1568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:31:51.0417 1568 Sfloppy - ok
12:31:51.0464 1568 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:31:51.0605 1568 SharedAccess - ok
12:31:51.0636 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:31:51.0636 1568 ShellHWDetection - ok
12:31:51.0652 1568 Simbad - ok
12:31:51.0683 1568 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:31:51.0792 1568 sisagp - ok
12:31:51.0824 1568 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:31:51.0949 1568 SLIP - ok
12:31:51.0996 1568 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:31:52.0105 1568 SONYPVU1 - ok
12:31:52.0136 1568 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:31:52.0214 1568 Sparrow - ok
12:31:52.0230 1568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:31:52.0355 1568 splitter - ok
12:31:52.0386 1568 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:31:52.0417 1568 Spooler - ok
12:31:52.0449 1568 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:31:52.0558 1568 sr - ok
12:31:52.0589 1568 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:31:52.0714 1568 srservice - ok
12:31:52.0746 1568 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:31:52.0761 1568 Srv - ok
12:31:52.0792 1568 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:31:52.0808 1568 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
12:31:52.0808 1568 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
12:31:52.0839 1568 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:31:52.0964 1568 SSDPSRV - ok
12:31:52.0980 1568 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
12:31:52.0996 1568 ssrtln ( UnsignedFile.Multi.Generic ) - warning
12:31:52.0996 1568 ssrtln - detected UnsignedFile.Multi.Generic (1)
12:31:53.0042 1568 [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:31:53.0074 1568 STHDA - ok
12:31:53.0120 1568 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:31:53.0245 1568 stisvc - ok
12:31:53.0277 1568 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:31:53.0402 1568 streamip - ok
12:31:53.0417 1568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:31:53.0542 1568 swenum - ok
12:31:53.0574 1568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:31:53.0699 1568 swmidi - ok
12:31:53.0714 1568 SwPrv - ok
12:31:53.0745 1568 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:31:53.0870 1568 symc810 - ok
12:31:53.0902 1568 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:31:54.0027 1568 symc8xx - ok
12:31:54.0042 1568 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:31:54.0183 1568 sym_hi - ok
12:31:54.0214 1568 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:31:54.0324 1568 sym_u3 - ok
12:31:54.0339 1568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:31:54.0480 1568 sysaudio - ok
12:31:54.0511 1568 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:31:54.0620 1568 SysmonLog - ok
12:31:54.0683 1568 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:31:54.0808 1568 TapiSrv - ok
12:31:54.0855 1568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:31:54.0886 1568 Tcpip - ok
12:31:54.0902 1568 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:31:55.0042 1568 TDPIPE - ok
12:31:55.0058 1568 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:31:55.0199 1568 TDTCP - ok
12:31:55.0214 1568 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:31:55.0355 1568 TermDD - ok
12:31:55.0386 1568 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:31:55.0527 1568 TermService - ok
12:31:55.0589 1568 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
12:31:55.0589 1568 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0589 1568 tfsnboio - detected UnsignedFile.Multi.Generic (1)
12:31:55.0605 1568 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
12:31:55.0620 1568 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0620 1568 tfsncofs - detected UnsignedFile.Multi.Generic (1)
12:31:55.0652 1568 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
12:31:55.0652 1568 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0652 1568 tfsndrct - detected UnsignedFile.Multi.Generic (1)
12:31:55.0683 1568 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
12:31:55.0699 1568 tfsndres ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0699 1568 tfsndres - detected UnsignedFile.Multi.Generic (1)
12:31:55.0699 1568 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
12:31:55.0714 1568 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0714 1568 tfsnifs - detected UnsignedFile.Multi.Generic (1)
12:31:55.0730 1568 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
12:31:55.0761 1568 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0761 1568 tfsnopio - detected UnsignedFile.Multi.Generic (1)
12:31:55.0777 1568 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
12:31:55.0792 1568 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0792 1568 tfsnpool - detected UnsignedFile.Multi.Generic (1)
12:31:55.0824 1568 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
12:31:55.0839 1568 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0839 1568 tfsnudf - detected UnsignedFile.Multi.Generic (1)
12:31:55.0855 1568 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
12:31:55.0886 1568 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
12:31:55.0886 1568 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
12:31:55.0917 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:31:55.0933 1568 Themes - ok
12:31:55.0964 1568 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:31:56.0105 1568 TlntSvr - ok
12:31:56.0136 1568 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:31:56.0261 1568 TosIde - ok
12:31:56.0292 1568 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:31:56.0433 1568 TrkWks - ok
12:31:56.0448 1568 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:31:56.0589 1568 Udfs - ok
12:31:56.0620 1568 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:31:56.0667 1568 ultra - ok
12:31:56.0714 1568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:31:56.0839 1568 Update - ok
12:31:56.0870 1568 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:31:56.0995 1568 upnphost - ok
12:31:57.0027 1568 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:31:57.0152 1568 UPS - ok
12:31:57.0198 1568 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:31:57.0323 1568 usbccgp - ok
12:31:57.0370 1568 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:31:57.0495 1568 usbehci - ok
12:31:57.0511 1568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:31:57.0652 1568 usbhub - ok
12:31:57.0698 1568 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:31:57.0823 1568 usbprint - ok
12:31:57.0855 1568 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:31:57.0980 1568 usbscan - ok
12:31:58.0011 1568 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:31:58.0136 1568 USBSTOR - ok
12:31:58.0167 1568 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:31:58.0277 1568 usbuhci - ok
12:31:58.0292 1568 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
12:31:58.0433 1568 USB_RNDIS - ok
12:31:58.0464 1568 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
12:31:58.0464 1568 VComm ( UnsignedFile.Multi.Generic ) - warning
12:31:58.0464 1568 VComm - detected UnsignedFile.Multi.Generic (1)
12:31:58.0480 1568 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:31:58.0511 1568 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
12:31:58.0511 1568 VcommMgr - detected UnsignedFile.Multi.Generic (1)
12:31:58.0542 1568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:31:58.0667 1568 VgaSave - ok
12:31:58.0714 1568 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:31:58.0839 1568 viaagp - ok
12:31:58.0855 1568 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:31:58.0980 1568 ViaIde - ok
12:31:59.0011 1568 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:31:59.0011 1568 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
12:31:59.0011 1568 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
12:31:59.0027 1568 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:31:59.0152 1568 VolSnap - ok
12:31:59.0198 1568 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:31:59.0323 1568 VSS - ok
12:31:59.0339 1568 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
12:31:59.0464 1568 w32time - ok
12:31:59.0480 1568 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:31:59.0620 1568 Wanarp - ok
12:31:59.0620 1568 wanatw - ok
12:31:59.0636 1568 WDICA - ok
12:31:59.0651 1568 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:31:59.0792 1568 wdmaud - ok
12:31:59.0839 1568 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:31:59.0964 1568 WebClient - ok
12:32:00.0011 1568 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:32:00.0042 1568 winachsf - ok
12:32:00.0105 1568 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:32:00.0230 1568 winmgmt - ok
12:32:00.0292 1568 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:32:00.0308 1568 WmdmPmSN - ok
12:32:00.0339 1568 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:32:00.0401 1568 Wmi - ok
12:32:00.0433 1568 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:32:00.0573 1568 WmiApSrv - ok
12:32:00.0667 1568 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:32:00.0698 1568 WMPNetworkSvc - ok
12:32:00.0730 1568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:32:00.0870 1568 WS2IFSL - ok
12:32:00.0901 1568 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:32:01.0026 1568 wscsvc - ok
12:32:01.0058 1568 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:32:01.0183 1568 WSTCODEC - ok
12:32:01.0230 1568 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:32:01.0370 1568 wuauserv - ok
12:32:01.0417 1568 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:32:01.0433 1568 WudfPf - ok
12:32:01.0448 1568 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:32:01.0464 1568 WudfRd - ok
12:32:01.0495 1568 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:32:01.0526 1568 WudfSvc - ok
12:32:01.0589 1568 [ E8C30EF9BBC6DDB71F0F77FA3A96515F ] WUSB54GSv2SVC C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
12:32:01.0620 1568 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - warning
12:32:01.0620 1568 WUSB54GSv2SVC - detected UnsignedFile.Multi.Generic (1)
12:32:01.0651 1568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:32:01.0776 1568 WZCSVC - ok
12:32:01.0808 1568 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:32:01.0917 1568 xmlprov - ok
12:32:01.0933 1568 ================ Scan global ===============================
12:32:01.0964 1568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:32:02.0011 1568 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
12:32:02.0026 1568 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
12:32:02.0058 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:32:02.0058 1568 [Global] - ok
12:32:02.0058 1568 ================ Scan MBR ==================================
12:32:02.0073 1568 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
12:32:02.0401 1568 \Device\Harddisk0\DR0 - ok
12:32:02.0401 1568 ================ Scan VBR ==================================
12:32:02.0401 1568 [ 6673119A2FFB216A836088D3B948C06D ] \Device\Harddisk0\DR0\Partition1
12:32:02.0401 1568 \Device\Harddisk0\DR0\Partition1 - ok
12:32:02.0401 1568 ============================================================
12:32:02.0401 1568 Scan finished
12:32:02.0401 1568 ============================================================
12:32:02.0417 3868 Detected object count: 48
12:32:02.0417 3868 Actual detected object count: 48
12:33:49.0116 3868 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0116 3868 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0116 3868 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0116 3868 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0116 3868 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0116 3868 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 BT ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0132 3868 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0132 3868 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0147 3868 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0147 3868 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0147 3868 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0147 3868 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0147 3868 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0147 3868 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0147 3868 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0147 3868 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 MA311 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 MA311 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0163 3868 McDetect.exe ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0163 3868 McDetect.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 McTskshd.exe ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 McTskshd.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 MPFIREWL ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 MPFIREWL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0179 3868 MpfService ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0179 3868 MpfService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 MskService ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 MskService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0194 3868 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0194 3868 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0210 3868 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0210 3868 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0225 3868 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0225 3868 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0241 3868 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0241 3868 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0241 3868 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0241 3868 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0241 3868 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:33:49.0241 3868 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:49.0241 3868 WUSB54GSv2SVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No they are all good, there is one that I need to remove though .. So this time could you run Combofix from safe mode please
  • 0

#9
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran ComboFix in Safe Mode and it was exactly as you said; a message popped up stating that my computer is infected with Rootkit.ZeroAccess


ComboFix 12-11-12.03 - Dad 11/13/2012 22:06:22.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.785 [GMT -8:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dad\Application Data\887511809.log
c:\documents and settings\Dad\ymlktgnggx.tmp
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome.manifest
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome\xulcache.jar
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\defaults\preferences\xulcache.js
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\install.rdf
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome.manifest
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome\xulcache.jar
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\defaults\preferences\xulcache.js
c:\documents and settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\install.rdf
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome.manifest
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome\xulcache.jar
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\defaults\preferences\xulcache.js
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\install.rdf
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome.manifest
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome\xulcache.jar
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\defaults\preferences\xulcache.js
c:\documents and settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\x1tgwatz.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mowkrse7.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\install.rdf
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome.manifest
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\chrome\xulcache.jar
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\defaults\preferences\xulcache.js
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{2816a2d5-e61a-4282-8a58-a629b0da7175}\install.rdf
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome.manifest
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\chrome\xulcache.jar
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\defaults\preferences\xulcache.js
c:\documents and settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\extensions\{6bbc74d6-8173-456d-b61a-e913a8ed4c35}\install.rdf
c:\windows\$NtUninstallKB31817$
c:\windows\$NtUninstallKB31817$\2671063501
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-12 20:25 . 2012-11-12 20:25 -------- d-----w- C:\_OTL
2012-11-02 06:09 . 2012-11-02 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc
2012-11-02 06:09 . 2012-11-02 06:09 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Geckofx
2012-11-02 06:03 . 2012-11-02 06:03 -------- d-----w- c:\program files\VideoLAN
2012-11-02 06:03 . 2012-11-05 11:45 -------- d-----w- c:\program files\Graboid
2012-11-02 06:02 . 2012-11-05 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-11 09:25 . 2012-04-04 17:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 09:25 . 2011-06-10 17:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2009-01-01 10:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 22:32 . 2012-09-30 19:08 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 22:32 . 2012-01-14 10:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 20:51 . 2012-09-30 19:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-26 21:29 . 2012-10-26 21:29 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"GoGoTray.exe"="c:\program files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe" [2005-01-30 274432]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-2 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/22/2008 3:21 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 3:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/22/2008 3:21 AM 17744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/21/2010 10:25 PM 24652]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/1/2006 9:39 PM 41025]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/7/2011 5:16 PM 245760]
S3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [12/7/2005 7:36 PM 54784]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 09:25]
.
2012-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 12:53]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 12:53]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006Core1cce1265c6760ec.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-16 23:39]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120863220-2349552293-3391666452-1006UA.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-16 23:39]
.
2012-11-03 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (LIU-Diana).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-12-02 02:18]
.
2012-11-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2012-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-120863220-2349552293-3391666452-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - ExtSQL: 2012-09-30 12:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-30 12:35; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQpIyCjJ4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 78879e37000000000000000c416d74b4
FF - user.js: extensions.incredibar_i.hardId - 78879e37000000000000000c416d74b4
FF - user.js: extensions.incredibar_i.instlDay - 15397
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2714:09
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQpIyCjJ4
FF - user.js: extensions.incredibar_i.upn2n - 92542449449195750
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 48
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadLite\EditPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
AddRemove-26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3 - c:\program files\WildTangent\Apps\GameChannel\Games\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\Uninstall.exe
AddRemove-C2D8F0E2-6978-4409-8351-BA8785DA11EE - c:\program files\WildTangent\Apps\GameChannel\Games\C2D8F0E2-6978-4409-8351-BA8785DA11EE\Uninstall.exe
AddRemove-D1A6F3FD-7B40-443F-8767-BADB25A0D222 - c:\program files\WildTangent\Apps\GameChannel\Games\D1A6F3FD-7B40-443F-8767-BADB25A0D222\Uninstall.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\WININET.dll
c:\program files\GoGoData.com\GoGoData Toolbar\gogohook.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-11-13 23:08:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-14 07:08
.
Pre-Run: 35,820,277,760 bytes free
Post-Run: 34,970,267,648 bytes free
.
- - End Of File - - E04553ADC7093C96ACB73A95F3199CEA
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That killed it

How is the computer behaving now ?

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#11
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I think it's behaving okay except the bottom bar freezes now when I try to shut down/restart and I have to do that with CTRL+Alt+Delete.


# AdwCleaner v2.007 - Logfile created 11/14/2012 at 11:42:25
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dad - LIU
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\FCTB
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\prefs.js

C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\oqmr0fv7.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Search the Web");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10606");
Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");
Deleted : user_pref("extensions.incredibar_i.hardId", "78879e37000000000000000c416d74b4");
Deleted : user_pref("extensions.incredibar_i.id", "78879e37000000000000000c416d74b4");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15397");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "48");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQpIyCjJ4&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQpIyCjJ4");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92542449449195750");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2714:09:17");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 14);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 14);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1352752676626");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "81807430");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "af7df7317862a07d247270fdfd6ebbe42c8[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=");

Profile name : default
File : C:\Documents and Settings\Sisters\Application Data\Mozilla\Firefox\Profiles\xlb48ixf.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Dad_2\Application Data\Mozilla\Firefox\Profiles\78eaa2be.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Di\Application Data\Mozilla\Firefox\Profiles\ysgzx40d.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11450 octets] - [14/11/2012 11:42:25]

########## EOF - C:\AdwCleaner[S1].txt - [11511 octets] ##########
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you mean it hangs when shutting down ?
  • 0

#13
nachtkitten

nachtkitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, when I try to shut down using the Start menu, the whole bottom bar disappears, then freezes. I wait a bit then press CTRL+Alt+Delete and have to shut down/restart from there. Not a big deal though as long as my computer is virus free. :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I will do now is clear my rubbish away and then we will investigate what is blocking the shutdown

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

Investigation now :)

I see you also have McAfee on the system as well as Avast, which one is the main antivirus that you use
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP