Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot browse, believe I am infected [Solved]


  • This topic is locked This topic is locked

#1
gigman

gigman

    Member

  • Member
  • PipPip
  • 11 posts
Hello, I have an HP laptop that cannot browse. I've already tried restoring thinking that maybe that it was a setting, only to find that didn't help. Also tried checking the proxy setting, which is not ticked or anything it in. I also ran TDSS killer from Kaspersky which, what it found, was recommended to skip which is what I did was skip.

Also, I tried to use both ethernet and wireless, both failed to allow me to browse. This happens in safe mode as well.

OTL:
OTL logfile created on: 11/13/2012 8:42:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.20% Memory free
7.74 Gb Paging File | 6.82 Gb Available in Paging File | 88.13% Paging File free
Paging file location(s): c:\pagefile.sys 6000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 80.80 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive F: | 7.49 Gb Total Space | 3.04 Gb Free Space | 40.52% Space Free | Partition Type: FAT32

Computer Name: VESELENAK-PC | User Name: Veselenak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 08:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/10 12:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/04/24 14:05:42 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/04/23 17:49:56 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/29 15:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/04 20:42:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009/09/12 19:08:33 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/09/12 19:08:33 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/09/12 19:08:33 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/09/12 19:08:33 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/09/12 19:08:33 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/09/12 19:08:33 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/09/12 19:08:32 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/09/12 19:08:32 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/09/12 19:08:32 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/09/12 19:08:32 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/09/12 19:08:32 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/09/12 19:08:31 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/09/12 19:08:31 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/09/12 19:08:31 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/09/12 19:08:30 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/09/12 19:08:30 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/09/12 19:08:30 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/09/12 19:08:30 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/09/12 19:08:30 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/09/12 19:08:29 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/09/12 19:08:29 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/09/12 19:08:29 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/09/12 19:08:29 | 000,261,120 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/09/12 19:08:29 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/09/12 19:08:28 | 001,297,408 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/09/12 19:08:28 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/09/12 19:08:28 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/09/12 19:08:28 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/09/12 19:08:28 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/09/12 19:08:28 | 000,097,280 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/09/12 19:08:28 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/09/12 19:08:27 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/09/12 19:08:27 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/09/12 19:08:27 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2007/04/23 20:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 20:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 20:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/04/23 20:11:34 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/02/16 19:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 19:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/05/30 09:25:45 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/23 17:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007/03/29 15:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\VESELE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/11/13 08:38:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E97456B1-F3D7-48C4-B240-13B39E56CFED}\MpKslb9ed92a1.sys -- (MpKslb9ed92a1)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/20 06:40:12 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Veselenak\Desktop\Removal Tools\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
DRV - [2011/05/17 13:49:04 | 000,041,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbkey.sys -- (usbkey)
DRV - [2010/12/03 16:11:36 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2010/12/03 16:11:34 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/12/03 16:11:34 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/12/03 16:11:34 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/12/03 16:11:34 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2010/12/03 16:11:34 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008/12/04 01:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/13 12:00:05 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/07/07 11:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 15:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/31 10:33:10 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/08/17 20:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 20:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 20:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 20:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2007/07/03 18:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 18:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 18:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 18:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/06 23:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 11:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397B1FF6-FD69-4FE0-A47A-F5819D311C88}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C4C231C-BD71-4AC7-A165-5023550969D3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/13 03:05:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/12 16:12:31 | 000,000,000 | ---D | C] -- C:\Users\Veselenak\AppData\Local\temp
[2012/11/12 15:58:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/12 15:03:50 | 000,000,000 | ---D | C] -- C:\Users\Veselenak\Documents\RegRun2
[2012/11/12 14:54:27 | 000,000,000 | ---D | C] -- C:\Users\Veselenak\Desktop\Removal Tools
[2012/11/11 21:27:33 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/11/06 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\Veselenak\Desktop\FirefoxPortable
[2012/11/06 08:28:22 | 020,110,624 | ---- | C] (PortableApps.com) -- C:\Users\Veselenak\Desktop\FirefoxPortable_16.0.2_English.paf.exe

========== Files - Modified Within 30 Days ==========

[2012/11/13 08:43:43 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/13 08:43:43 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/13 08:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/13 08:15:22 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/11/13 08:15:13 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/13 08:15:10 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/13 08:14:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 08:14:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 08:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/13 08:14:05 | 2079,162,368 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/12 15:51:02 | 000,804,246 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/11/12 15:04:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/12 15:04:07 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/11/12 15:04:07 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/11/12 14:35:59 | 000,366,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/11 21:25:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/11 20:35:27 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/11/11 20:35:27 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/11/11 20:35:12 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/06 07:07:40 | 020,110,624 | ---- | M] (PortableApps.com) -- C:\Users\Veselenak\Desktop\FirefoxPortable_16.0.2_English.paf.exe

========== Files Created - No Company Name ==========

[2012/11/12 15:49:14 | 000,804,246 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/11/12 15:08:22 | 2079,162,368 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/12 15:04:07 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/11/11 20:35:12 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/17 13:49:06 | 000,041,176 | ---- | C] () -- C:\Windows\System32\drivers\Usbkey.sys
[2011/05/17 13:49:04 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2011/05/17 13:49:04 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2011/05/17 13:49:04 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2011/05/16 08:15:17 | 000,002,749 | ---- | C] () -- C:\Users\Veselenak\AppData\Local\GenLink-DCP_Connections.xml
[2009/08/18 05:03:22 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/18 05:00:15 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007/10/16 11:38:37 | 000,000,000 | ---- | C] () -- C:\Users\Veselenak\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/02/10 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\Veselenak\AppData\Roaming\DeLorme
[2009/09/12 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Veselenak\AppData\Roaming\Skinux
[2011/05/19 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\Veselenak\AppData\Roaming\Smith Micro
[2007/10/16 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\Veselenak\AppData\Roaming\Template

========== Purity Check ==========



< End of report >

Please let me know if you want the TDSSKiller log. I won't do anything else with it until directed.

EDIT: I also forgot to mention that I have other computers with internet access, if that helps at all?

Edited by gigman, 13 November 2012 - 11:12 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello gigman,

Welcome to Geekstogo.

I guess you will need to download this using one of your other machines and transfer it to the sick one.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for the speedy reply, Emerald! :)

As requested:


ComboFix 12-11-12.03 - Veselenak 11/13/2012 15:06:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1118 [GMT -5:00]
Running from: c:\users\Veselenak\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 20:12 . 2012-11-13 20:12 -------- d-----w- c:\users\Veselenak\AppData\Local\temp
2012-11-13 20:12 . 2012-11-13 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 16:55 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C9A2E08-0736-44AC-8EFA-C441FF693706}\mpengine.dll
2012-11-13 15:07 . 2012-11-13 15:08 -------- d-----w- c:\users\test
2012-11-12 20:04 . 2012-11-12 20:04 2 --shatr- c:\windows\winstart.bat
2012-11-12 02:27 . 2012-11-12 02:27 -------- d-----w- c:\windows\CheckSur
2012-11-06 13:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-11-06 13:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-11-06 13:19 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-11-06 13:19 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-06 13:19 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-06 13:19 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-06 13:18 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 13:18 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-06 13:18 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-11-06 13:18 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-11-06 13:18 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-06 13:18 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-11-06 13:18 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-06 13:18 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-06 13:15 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-06 13:15 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-06 13:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-06 12:48 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-06 12:48 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-11-06 12:48 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-06 12:48 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-06 12:48 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-11-06 12:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-11-06 12:48 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-06 12:47 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-06 12:47 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-04 06:42 13556256 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-04 06:42 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-12-04 06:42 711200 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-04 11:36 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2923107534-3847133274-1826433046-1000]
"EnableNotificationsRef"=dword:00000001
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Veselenak\Desktop\Removal Tools\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 15:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-13 15:14:58
ComboFix-quarantined-files.txt 2012-11-13 20:14
.
Pre-Run: 87,209,148,416 bytes free
Post-Run: 87,974,748,160 bytes free
.
- - End Of File - - DC8154F3945261F09EADED1400B5CCD8
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello gigman,

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    entries to be removed etc
    
    :Files
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt  /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [ResetHosts]
    [emptyflash]
    [emptyjava]
    [CreateRestorePoint]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.
Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Finally in this post

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]When you return please post
  • OTL fix log
  • aswMBR log
  • Farbars Service Scanner.log

  • 0

#5
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Just to be thorough and not miss any details, you want me to make sure the Trace Disk IO Calls has a checkmark in it before hitting scan?
  • 0

#6
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Unfortunately, OTL did not make a log. I still have the original one that I posted above on my desktop though.

aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 16:00:16
-----------------------------
16:00:16.759 OS Version: Windows 6.0.6002 Service Pack 2
16:00:16.759 Number of processors: 2 586 0x6801
16:00:16.759 ComputerName: VESELENAK-PC UserName: Veselenak
16:00:38.272 Initialize success
16:00:56.517 AVAST engine download error: 0
16:01:09.106 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
16:01:09.106 Disk 0 Vendor: ST9160821AS 3.BHD Size: 152627MB BusType: 3
16:01:09.122 Disk 0 MBR read successfully
16:01:09.137 Disk 0 MBR scan
16:01:09.137 Disk 0 unknown MBR code
16:01:09.153 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143996 MB offset 63
16:01:09.169 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8628 MB offset 294905205
16:01:09.215 Disk 0 scanning sectors +312576705
16:01:09.356 Disk 0 scanning C:\Windows\system32\drivers
16:01:19.558 Service scanning
16:01:37.342 Modules scanning
16:01:50.431 Disk 0 trace - called modules:
16:01:50.462 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
16:01:50.462 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e74ac8]
16:01:50.462 3 CLASSPNP.SYS[87bac8b3] -> nt!IofCallDriver -> [0x83e0c658]
16:01:50.477 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x847a8b98]
16:01:50.477 Scan finished successfully
16:02:02.489 Disk 0 MBR has been saved successfully to "C:\Users\Veselenak\Desktop\G2G\MBR.dat"
16:02:02.505 The log file has been saved successfully to "C:\Users\Veselenak\Desktop\G2G\aswMBR.txt"



FSS
Farbar Service Scanner Version: 09-11-2012
Ran by Veselenak (administrator) on 13-11-2012 at 16:02:45
Running from "C:\Users\Veselenak\Desktop\G2G"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-11-06 08:19] - [2012-06-01 19:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Windows\system32\ipnathlp.dll
[2008-10-03 10:08] - [2008-01-19 02:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Unfortunately, OTL did not make a log.


Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Actually though don't worry about it... I see I doubled up on some things that ComboFix had done anyway lol.

Now

I take it you still don't have internet connection so let's do this:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#8
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
To give you a bit of humor to this, I usually see the Recovery Options usually installed by Combofix on the XP bootloader and was looking for that. Layer 8 problem! haha

I also still have this computer in the recovery options, so please let me know from there.

As for the new log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012
Ran by SYSTEM at 13-11-2012 16:21:44
Running from F:\G2G
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKLM\...\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [x]
HKLM\...\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13556256 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKU\test\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKU\test\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [484904 2007-04-19] (Hewlett-Packard Company)
HKU\Veselenak\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [484904 2007-04-19] (Hewlett-Packard Company)
HKLM\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 CLCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe" [262243 2007-04-23] ()
2 CLSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe" [106593 2007-04-23] ()
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [62984 2007-03-14] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================

1 A2DDA; \??\C:\Users\Veselenak\Desktop\Removal Tools\EmsisoftEmergencyKit\Run\a2ddax86.sys [17904 2012-08-20] (Emsi Software GmbH)
1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2010-12-03] (MBB Incorporated)
3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-09-13] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
3 usbkey; C:\Windows\System32\DRIVERS\USBKey.sys [41176 2011-05-17] ()
3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [105856 2010-12-03] (ZTE Incorporated)
3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [105856 2010-12-03] (ZTE Incorporated)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\VESELE~1\AppData\Local\Temp\catchme.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PTDMBus; C:\Windows\System32\DRIVERS\PTDMBus.sys [x]
3 PTDMMdm; C:\Windows\System32\DRIVERS\PTDMMdm.sys [x]
3 PTDMVsp; C:\Windows\System32\DRIVERS\PTDMVsp.sys [x]
3 PTDMWWAN; C:\Windows\System32\DRIVERS\PTDMWWAN.sys [x]
3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-13 16:21 - 2012-11-13 16:21 - 00000000 ____D C:\FRST
2012-11-13 12:55 - 2012-11-13 12:55 - 00000000 ____D C:\_OTL
2012-11-13 12:54 - 2012-11-13 13:02 - 00000000 ____D C:\Users\Veselenak\Desktop\G2G
2012-11-13 12:14 - 2012-11-13 12:14 - 00010099 ____A C:\ComboFix.txt
2012-11-13 12:04 - 2012-11-13 12:15 - 00000000 ____D C:\Qoobox
2012-11-13 12:04 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-13 12:04 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-13 12:04 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-13 12:04 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-13 12:04 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-13 12:04 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-13 12:04 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-13 12:04 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-13 12:03 - 2012-11-12 11:56 - 05000679 ____R (Swearware) C:\Users\Veselenak\Desktop\ComboFix.exe
2012-11-13 08:39 - 2012-11-13 08:39 - 00000882 ____A C:\AdwCleaner[S1].txt
2012-11-13 08:39 - 2012-11-13 08:39 - 00000819 ____A C:\AdwCleaner[R1].txt
2012-11-13 08:35 - 2012-11-13 08:27 - 00541569 ____A C:\Users\Veselenak\Desktop\adwcleaner.exe
2012-11-13 08:35 - 2012-11-13 08:26 - 00881833 ____A C:\Users\Veselenak\Desktop\SecurityCheck.exe
2012-11-13 08:35 - 2012-11-13 08:26 - 00673280 ____A C:\Users\Veselenak\Desktop\RogueKiller.exe
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00000000 ____D C:\Users\test\Application Data\Skinux
2012-11-13 07:10 - 2012-11-13 07:10 - 00000000 ____D C:\Users\test\AppData\Roaming\Skinux
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Local Settings\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Local Settings\Application Data\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Application Data\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\AppData\Roaming\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\AppData\Local\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\Application Data\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\Application Data\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Application Data\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Local\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\AtStart.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\AtStart.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\AtStart.txt
2012-11-13 07:07 - 2012-11-13 07:08 - 00000000 ____D C:\users\test
2012-11-13 07:07 - 2012-11-13 07:07 - 00000020 __ASH C:\Users\test\ntuser.ini
2012-11-13 07:07 - 2012-07-02 05:28 - 00000000 ____D C:\Users\test\Local Settings\Microsoft Help
2012-11-13 07:07 - 2012-07-02 05:28 - 00000000 ____D C:\Users\test\Local Settings\Application Data\Microsoft Help
2012-11-13 07:07 - 2012-07-02 05:28 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2012-11-13 07:07 - 2012-05-30 06:33 - 00000000 ____D C:\Users\test\Application Data\Macromedia
2012-11-13 07:07 - 2012-05-30 06:33 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2012-11-13 07:07 - 2009-08-18 21:12 - 00000000 ____D C:\Users\test\{f9f03520-faa7-4602-ae86-2b7fc1dbcc95}
2012-11-13 07:05 - 2012-11-13 07:05 - 00068806 ____A C:\Users\Veselenak\Desktop\OTL.Txt
2012-11-13 06:18 - 2012-11-13 05:40 - 00602112 ____A (OldTimer Tools) C:\Users\Veselenak\Desktop\OTL.exe
2012-11-13 00:07 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-13 00:07 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-13 00:07 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-13 00:07 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-13 00:07 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-13 00:07 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-13 00:07 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-13 00:07 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-13 00:07 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-13 00:07 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-13 00:07 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-13 00:07 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-13 00:07 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-13 00:07 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-13 00:07 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-13 00:07 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-12 12:58 - 2012-11-13 12:04 - 00000000 ____D C:\Windows\erdnt
2012-11-12 12:49 - 2012-11-12 12:51 - 00804246 ____A C:\Users\All Users\LuUninstall.LiveUpdate
2012-11-12 12:49 - 2012-11-12 12:51 - 00804246 ____A C:\Users\All Users\Application Data\LuUninstall.LiveUpdate
2012-11-12 12:09 - 2012-11-12 12:09 - 00022097 ____A C:\Windows\Partizan.log
2012-11-12 12:08 - 2012-11-12 12:08 - 00000912 ____A C:\Windows\System32\PARTIZAN.TXT
2012-11-12 12:04 - 2012-11-12 12:04 - 00000002 RASHOT C:\Windows\winstart.bat
2012-11-12 12:03 - 2012-11-12 12:06 - 00000000 ____D C:\Users\Veselenak\My Documents\RegRun2
2012-11-12 12:03 - 2012-11-12 12:06 - 00000000 ____D C:\Users\Veselenak\Documents\RegRun2
2012-11-12 11:54 - 2012-11-12 11:57 - 00000000 ____D C:\Users\Veselenak\Desktop\Removal Tools
2012-11-11 18:27 - 2012-11-11 18:27 - 00000000 ____D C:\Windows\CheckSur
2012-11-11 17:35 - 2012-11-11 17:35 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-11 17:35 - 2012-11-11 17:35 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-11 17:35 - 2012-11-11 17:35 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-11 17:35 - 2012-11-11 17:35 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-06 05:28 - 2012-11-06 05:29 - 00000000 ____D C:\Users\Veselenak\Desktop\FirefoxPortable
2012-11-06 05:28 - 2012-11-06 04:07 - 20110624 ____A (PortableApps.com) C:\Users\Veselenak\Desktop\FirefoxPortable_16.0.2_English.paf.exe
2012-11-06 05:20 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-11-06 05:20 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-11-06 05:20 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-11-06 05:19 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-06 05:19 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-06 05:19 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-11-06 05:19 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-06 05:18 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-11-06 05:18 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-06 05:18 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-11-06 05:18 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-11-06 05:18 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-11-06 05:18 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-06 05:18 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-06 05:18 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-11-06 05:15 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-11-06 05:15 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-11-06 05:08 - 2012-01-31 04:44 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-06 04:48 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-11-06 04:48 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-11-06 04:48 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-11-06 04:48 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-11-06 04:48 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-11-06 04:48 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-11-06 04:48 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-11-06 04:47 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-11-06 04:47 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

==================== One Month Modified Files and Folders ========

2012-11-13 16:21 - 2012-11-13 16:21 - 00000000 ____D C:\FRST
2012-11-13 13:17 - 2009-08-18 02:03 - 00028219 ____A C:\Users\All Users\nvModes.001
2012-11-13 13:17 - 2009-08-18 02:03 - 00028219 ____A C:\Users\All Users\Application Data\nvModes.001
2012-11-13 13:17 - 2006-11-02 05:01 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-13 13:17 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-13 13:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-13 13:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-13 13:15 - 2007-09-04 20:22 - 01096821 ____A C:\Windows\WindowsUpdate.log
2012-11-13 13:04 - 2006-11-02 02:33 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-13 13:02 - 2012-11-13 12:54 - 00000000 ____D C:\Users\Veselenak\Desktop\G2G
2012-11-13 12:57 - 2007-08-04 03:16 - 00000000 ____D C:\Windows\SMINST
2012-11-13 12:57 - 2007-08-04 02:40 - 00000147 ____A C:\Users\Public\Documents\hpqp.ini
2012-11-13 12:57 - 2007-08-04 02:40 - 00000147 ____A C:\Users\All Users\Documents\hpqp.ini
2012-11-13 12:55 - 2012-11-13 12:55 - 00000000 ____D C:\_OTL
2012-11-13 12:53 - 2011-05-16 05:14 - 00000000 ____D C:\Users\Veselenak\AppData\Local\Apps\2.0
2012-11-13 12:53 - 2009-08-18 02:00 - 00028219 ____A C:\Users\All Users\nvModes.dat
2012-11-13 12:53 - 2009-08-18 02:00 - 00028219 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-11-13 12:53 - 2007-08-04 02:25 - 00160642 ____A C:\Windows\PFRO.log
2012-11-13 12:37 - 2012-05-30 06:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-13 12:15 - 2012-11-13 12:04 - 00000000 ____D C:\Qoobox
2012-11-13 12:14 - 2012-11-13 12:14 - 00010099 ____A C:\ComboFix.txt
2012-11-13 12:12 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-11-13 12:04 - 2012-11-12 12:58 - 00000000 ____D C:\Windows\erdnt
2012-11-13 08:39 - 2012-11-13 08:39 - 00000882 ____A C:\AdwCleaner[S1].txt
2012-11-13 08:39 - 2012-11-13 08:39 - 00000819 ____A C:\AdwCleaner[R1].txt
2012-11-13 08:27 - 2012-11-13 08:35 - 00541569 ____A C:\Users\Veselenak\Desktop\adwcleaner.exe
2012-11-13 08:26 - 2012-11-13 08:35 - 00881833 ____A C:\Users\Veselenak\Desktop\SecurityCheck.exe
2012-11-13 08:26 - 2012-11-13 08:35 - 00673280 ____A C:\Users\Veselenak\Desktop\RogueKiller.exe
2012-11-13 07:11 - 2009-09-12 16:06 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-11-13 07:11 - 2009-09-12 16:06 - 00000000 ____D C:\Users\All Users\Application Data\ArcSoft
2012-11-13 07:11 - 2007-08-04 01:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00097408 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-13 07:10 - 2012-11-13 07:10 - 00000000 ____D C:\Users\test\Application Data\Skinux
2012-11-13 07:10 - 2012-11-13 07:10 - 00000000 ____D C:\Users\test\AppData\Roaming\Skinux
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Local Settings\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Local Settings\Application Data\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\Application Data\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\AppData\Roaming\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000006 __ASH C:\Users\test\AppData\Local\desktop.ini
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\Application Data\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Local Settings\Application Data\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\Application Data\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Local\QuickPlay
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\AtStart.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\Local Settings\Application Data\AtStart.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\QSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\DSwitch.txt
2012-11-13 07:09 - 2012-11-13 07:09 - 00000000 ____A C:\Users\test\AppData\Local\AtStart.txt
2012-11-13 07:08 - 2012-11-13 07:07 - 00000000 ____D C:\users\test
2012-11-13 07:07 - 2012-11-13 07:07 - 00000020 __ASH C:\Users\test\ntuser.ini
2012-11-13 07:05 - 2012-11-13 07:05 - 00068806 ____A C:\Users\Veselenak\Desktop\OTL.Txt
2012-11-13 06:52 - 2012-05-30 06:32 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-13 06:41 - 2011-02-15 19:00 - 00000000 ____D C:\Users\All Users\Verizon Wireless
2012-11-13 06:41 - 2011-02-15 19:00 - 00000000 ____D C:\Users\All Users\Application Data\Verizon Wireless
2012-11-13 05:40 - 2012-11-13 06:18 - 00602112 ____A (OldTimer Tools) C:\Users\Veselenak\Desktop\OTL.exe
2012-11-13 00:06 - 2007-08-04 02:35 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-13 00:06 - 2007-08-04 02:35 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-13 00:05 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-11-12 13:12 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2012-11-12 13:12 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-11-12 12:57 - 2006-11-02 04:52 - 00059659 ____A C:\Windows\setupact.log
2012-11-12 12:51 - 2012-11-12 12:49 - 00804246 ____A C:\Users\All Users\LuUninstall.LiveUpdate
2012-11-12 12:51 - 2012-11-12 12:49 - 00804246 ____A C:\Users\All Users\Application Data\LuUninstall.LiveUpdate
2012-11-12 12:50 - 2007-10-12 07:23 - 00000000 ____D C:\Program Files\Symantec
2012-11-12 12:50 - 2007-08-04 02:16 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-11-12 12:43 - 2007-08-04 02:58 - 00000000 ____D C:\Program Files\Yahoo!
2012-11-12 12:32 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-11-12 12:09 - 2012-11-12 12:09 - 00022097 ____A C:\Windows\Partizan.log
2012-11-12 12:08 - 2012-11-12 12:08 - 00000912 ____A C:\Windows\System32\PARTIZAN.TXT
2012-11-12 12:06 - 2012-11-12 12:03 - 00000000 ____D C:\Users\Veselenak\My Documents\RegRun2
2012-11-12 12:06 - 2012-11-12 12:03 - 00000000 ____D C:\Users\Veselenak\Documents\RegRun2
2012-11-12 12:04 - 2012-11-12 12:04 - 00000002 RASHOT C:\Windows\winstart.bat
2012-11-12 12:04 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
2012-11-12 12:04 - 2006-11-02 02:23 - 00001688 ____A C:\Windows\System32\autoexec.nt
2012-11-12 11:57 - 2012-11-12 11:54 - 00000000 ____D C:\Users\Veselenak\Desktop\Removal Tools
2012-11-12 11:56 - 2012-11-13 12:03 - 05000679 ____R (Swearware) C:\Users\Veselenak\Desktop\ComboFix.exe
2012-11-12 11:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-12 11:35 - 2006-11-02 04:47 - 00366592 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-11 18:51 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2012-11-11 18:27 - 2012-11-11 18:27 - 00000000 ____D C:\Windows\CheckSur
2012-11-11 17:35 - 2012-11-11 17:35 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-11 17:35 - 2012-11-11 17:35 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-11 17:35 - 2012-11-11 17:35 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-11 17:35 - 2012-11-11 17:35 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-11 17:35 - 2012-11-11 17:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-11 17:35 - 2012-11-11 17:35 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-11 17:35 - 2012-05-30 05:50 - 00006219 ____A C:\Windows\IE9_main.log
2012-11-11 17:35 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-11-11 17:35 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-11-06 05:29 - 2012-11-06 05:28 - 00000000 ____D C:\Users\Veselenak\Desktop\FirefoxPortable
2012-11-06 04:07 - 2012-11-06 05:28 - 20110624 ____A (PortableApps.com) C:\Users\Veselenak\Desktop\FirefoxPortable_16.0.2_English.paf.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-05-29 11:54:56
Restore point made on: 2012-05-30 05:44:49
Restore point made on: 2012-05-30 06:04:35
Restore point made on: 2012-05-30 06:30:15
Restore point made on: 2012-05-30 06:47:20
Restore point made on: 2012-07-02 05:20:48
Restore point made on: 2012-11-04 17:44:54
Restore point made on: 2012-11-05 15:19:13
Restore point made on: 2012-11-06 04:47:54
Restore point made on: 2012-11-06 05:08:44
Restore point made on: 2012-11-11 17:23:43
Restore point made on: 2012-11-12 12:39:59
Restore point made on: 2012-11-12 12:45:09
Restore point made on: 2012-11-12 12:49:08
Restore point made on: 2012-11-12 12:49:50
Restore point made on: 2012-11-13 00:00:39
Restore point made on: 2012-11-13 06:39:53
Restore point made on: 2012-11-13 06:40:52
Restore point made on: 2012-11-13 06:53:19
Restore point made on: 2012-11-13 07:10:57
Restore point made on: 2012-11-13 12:55:59

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1982.31 MB
Available physical RAM: 1506.26 MB
Total Pagefile: 1716.22 MB
Available Pagefile: 1563.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.51 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:140.62 GB) (Free:81.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.49 GB) (Free:3.03 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1528 KB
Disk 1 Online 7692 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 141 GB 32 KB
Partition 2 Primary 8 GB 141 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 141 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 8 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7690 MB 1024 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7690 MB Healthy

=========================================================

Last Boot: 2012-11-13 13:04

==================== End Of Log ============================
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello gigman,

OTL should have created an Extras.txt file on your desktop or where ever you saved OTL when you ran it the first time.

Please post that.
  • 0

#10
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Unfortunately, again, it did not. Would it possibly be located in that other directory you specified earlier that the fix log would be located in?
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Maybe but let's do this:

  • Close all windows and open OTL again.
  • under the Extra Registry heading please check Use SafeList
  • under Processes, Modules, Services, Drivers and Standard Registry check None. Do the same for Files created within and Modified within.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here. The log is saved in the same location as OTL.

  • 0

#12
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 11/13/2012 4:55:00 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Veselenak\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 68.63% Memory free
7.74 Gb Paging File | 7.06 Gb Available in Paging File | 91.21% Paging File free
Paging file location(s): c:\pagefile.sys 6000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 81.65 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.43% Space Free | Partition Type: NTFS

Computer Name: VESELENAK-PC | User Name: Veselenak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2923107534-3847133274-1826433046-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5BC58A37-88F1-48D7-8BE5-98236F326965}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{62DAD364-9054-4450-8B64-1E97F59A49D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{977244DC-0C6F-4602-9E5D-F53F4137696A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DDB79537-BE1B-49D8-9E35-865252F6818E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{038EBA18-7E2B-454A-B1C2-5042400171CE}" = Verizon Wireless AC30 Firmware Updates
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19C01A6B-1D4B-493C-B199-277CD4A75BE8}_is1" = ZTE USB Drivers 1.0.012
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5BB2C4-54F9-4A17-8845-090C7BEC232C}" = ZTE USB Drivers
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{81D0EAC7-B352-4E71-B8A1-461E41029A2E}" = DeLorme Street Atlas USA 2008
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"9D6CCD738961373D843EB8F87CAF18EF31DECBE4" = Windows Driver Package - Microcomputer Applications, Inc. (usbkey) USB (01/19/2007 6.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"HGS - 7kW" = HGS - 7kW
"Home Generator Systems" = Home Generator Systems
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Rhapsody" = Rhapsody
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toolbook 2004 Runtime" = Toolbook 2004 Runtime
"Toolbook Runtime V8.1" = Toolbook Runtime V8.1
"WildTangent hplaptop Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9ec8a61de99b9898" = Annunciator Config
"e71454dffb7f8662" = GenLink

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2012 4:28:06 AM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0x25c, application start time
0x01cdc178c811b1bc.

Error - 11/13/2012 9:15:11 AM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xcc0, application start time
0x01cdc1a0e01cc858.

Error - 11/13/2012 10:39:47 AM | Computer Name = Veselenak-PC | Source = VSS | ID = 8194
Description =

Error - 11/13/2012 10:43:40 AM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0x9fc, application start time
0x01cdc1ad3d6f0721.

Error - 11/13/2012 11:09:43 AM | Computer Name = Veselenak-PC | Source = VSS | ID = 8194
Description =

Error - 11/13/2012 12:33:22 PM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xcd4, application start time
0x01cdc1bc91047694.

Error - 11/13/2012 12:42:11 PM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xc14, application start time
0x01cdc1bdd35f0c0a.

Error - 11/13/2012 4:53:49 PM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xce0, application start time
0x01cdc1e0fac982f4.

Error - 11/13/2012 4:57:52 PM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xce0, application start time
0x01cdc1e18bdd4085.

Error - 11/13/2012 5:44:57 PM | Computer Name = Veselenak-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738,
faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception
code 0xc0000005, fault offset 0x0001af86, process id 0xb94, application start time
0x01cdc1e81c3806ef.

[ System Events ]
Error - 9/18/2009 5:49:39 PM | Computer Name = Veselenak-PC | Source = HTTP | ID = 15016
Description =

Error - 9/18/2009 5:50:07 PM | Computer Name = Veselenak-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/18/2009 6:14:05 PM | Computer Name = Veselenak-PC | Source = HTTP | ID = 15016
Description =

Error - 9/18/2009 6:15:10 PM | Computer Name = Veselenak-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/18/2009 9:21:37 PM | Computer Name = Veselenak-PC | Source = RemoteAccess | ID = 20276
Description = CoId={0C2D374C-DF66-4478-93C1-5549A26A6314}: Layer=PPP: SubLayer=LCP:
The connection attempt failed on port: COM10 because of the authentication protocol
selected. Check to see if the authentication protocol is supported in the operating
systems at the client and server ends of the connection

Error - 9/27/2009 8:29:04 PM | Computer Name = Veselenak-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello gigman,

You may have tried this, if so come back and tell me, if not:

Go to Control Panel > Network and Internet > View network status and tasks > Troubleshoot problems and click on Internet Problems follow any prompts - with luck it will detect and repair.

If you still have a problem do the same but this time click on Network Adapter

Come back and tell me if there is any difference.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Further to my last post.

There is nothing immediately jumping out at me in the way of malware... not to say that it isn't there, just that if there is infection, we aren't seeing it. Also Farbars Services Scanner says it can access the net. It's possible there was infection in the past that has left residual corruption behind. Or, some program is getting in the way e.g. firewall or security program. My last post was aimed at making sure the obvious things had been done before moving on. If there is no change after that then we have a number of other things to eliminate/check out as possible causes:

SOoo assuming no improvement then:

You have had Norton Antivirus on your computer at some stage. It has not been properly removed.

Firstly please go to Start > Control Panel > Add or remove Programs (Programs in Vista & Win 7) and remove all items with Symantec or Norton in the name if any are there.

Then

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Next

Try turning Windows Defender off:

How to turn Windows Defender on or off

Applies to all editions of Windows Vista.

1. Open Windows Defender going to Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

After that

Please download MiniToolBox to your desktop and run it.

Check the following boxes:
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log

Click Go and post the result (Result.txt) back here. A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Finally in this post

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • Result.txt
  • MBAM log
  • also let's see that TDSSKiller report just to make sure we aren't missing something there.


Also please tell me:

1. when this first happened i.e was there a change - say a new program added or an were you browsing at the time or whatever you think might add to our understanding?

2. what browser are you using? Have you tried re-installing it or tried using another browser to see if the problem is specific to that particular one?
  • 0

#15
gigman

gigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
My apologies, I had went to bed earlier due to a DR appointment early this morning.

The troubleshooter did not find anything wrong. I can ping IPs and domain names (and it resolves) just fine. Just when I go to browse, nothing. Get a page cannot be displayed. Which the combination of those made me think I was still infected.

I was actually surfing the internet then up popped the FBI virus and couldn't control anything, booted to safe mode removed it with EMSISOFT Emergency Kit and tried everything else and still couldn't browse. I used my other laptop to update emsisoft as this one couldn't browse.

As for the browsers, I've tried using Chrome, Firefox, Safari, and even Tor (for smiles and grins), none of them worked.

As for Windows Defender, I recieved the following error: "Application failed to initialize: 0x800106ba. A problem caused this programs service to stop. To start the service, restart your computer or search help and support for how to start a service manually."

Went in to services.msc and tried to start the service manually, it started for a second, refreshed the page and it stopped. Tried restarting it, nothing.

Started browsing just before starting MBAM but I am running anyway. Only thing it'll hurt is wasted time lol It is still running MBAM but I will go ahead and post the logs I already have.

There are two TDSSKiller logs (I ran it twice but both times everything was recommended skip)

Minitoolbox:
MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Veselenak (administrator) on 14-11-2012 at 08:36:18
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Veselenak-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter
Physical Address. . . . . . . . . : 00-1A-73-93-E3-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:463e:ab3d:0:58c9:69e6:560d:861f(Preferred)
Temporary IPv6 Address. . . . . . : 2002:463e:ab3d:0:8d1a:6263:802c:b412(Preferred)
Link-local IPv6 Address . . . . . : fe80::58c9:69e6:560d:861f%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.87(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, November 14, 2012 8:19:01 AM
Lease Expires . . . . . . . . . . : Thursday, November 15, 2012 8:19:01 AM
Default Gateway . . . . . . . . . : fe80::7644:1ff:fe93:260a%9
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268442227
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-6F-E6-AE-00-1B-24-8A-42-35
DNS Servers . . . . . . . . . . . : fe80::7644:1ff:fe93:260a%9
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1B-24-8A-42-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{397B1FF6-FD69-4FE0-A47A-F5819D311C88}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{397B1FF6-FD69-4FE0-A47A-F5819D311C88}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fe80::7644:1ff:fe93:260a

Name: google.com
Addresses: 2607:f8b0:4009:802::1004
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.110
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101



Pinging google.com [74.125.225.99] with 32 bytes of data:

Reply from 74.125.225.99: bytes=32 time=25ms TTL=54

Reply from 74.125.225.99: bytes=32 time=25ms TTL=54



Ping statistics for 74.125.225.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 25ms, Average = 25ms

Server: UnKnown
Address: fe80::7644:1ff:fe93:260a

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=120ms TTL=48

Reply from 98.138.253.109: bytes=32 time=179ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 120ms, Maximum = 179ms, Average = 149ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a 73 93 e3 49 ...... Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter
8 ...00 1b 24 8a 42 35 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{397B1FF6-FD69-4FE0-A47A-F5819D311C88}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{397B1FF6-FD69-4FE0-A47A-F5819D311C88}
12 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15 ...00 00 00 00 00 00 00 e0 isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.87 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.87 281
192.168.1.87 255.255.255.255 On-link 192.168.1.87 281
192.168.1.255 255.255.255.255 On-link 192.168.1.87 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.87 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.87 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 4121 ::/0 fe80::7644:1ff:fe93:260a
1 306 ::1/128 On-link
9 33 2002:463e:ab3d::/64 On-link
9 281 2002:463e:ab3d:0:58c9:69e6:560d:861f/128
On-link
9 281 2002:463e:ab3d:0:8d1a:6263:802c:b412/128
On-link
9 281 fe80::/64 On-link
9 281 fe80::58c9:69e6:560d:861f/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2012 08:19:06 AM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xc70, application start time 0xACDaemon.exe0.

Error: (11/13/2012 04:44:57 PM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xb94, application start time 0xACDaemon.exe0.

Error: (11/13/2012 03:57:52 PM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xce0, application start time 0xACDaemon.exe0.

Error: (11/13/2012 03:53:49 PM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xce0, application start time 0xACDaemon.exe0.

Error: (11/13/2012 11:42:11 AM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xc14, application start time 0xACDaemon.exe0.

Error: (11/13/2012 11:33:22 AM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xcd4, application start time 0xACDaemon.exe0.

Error: (11/13/2012 10:09:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4f423bfb-d8bd-4e75-94b6-e835fe751975}

Error: (11/13/2012 09:43:40 AM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0x9fc, application start time 0xACDaemon.exe0.

Error: (11/13/2012 09:39:47 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7f6bc17b-3363-4a40-8a4a-12dddc1f2834}

Error: (11/13/2012 08:15:11 AM) (Source: Application Error) (User: )
Description: Faulting application ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, faulting module ACDaemon.exe, version 1.1.0.47, time stamp 0x4ba19738, exception code 0xc0000005, fault offset 0x0001af86,
process id 0xcc0, application start time 0xACDaemon.exe0.


System errors:
=============
Error: (11/14/2012 08:20:27 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (11/14/2012 08:20:26 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)

Error: (11/14/2012 08:19:09 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/13/2012 04:46:16 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (11/13/2012 04:46:16 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)

Error: (11/13/2012 04:44:57 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/13/2012 04:44:46 PM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (11/13/2012 04:17:21 PM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (11/13/2012 03:59:13 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (11/13/2012 03:59:13 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-11-13 09:51:09.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:09.622
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:09.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:09.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:08.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:08.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:08.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:07.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:07.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 09:51:07.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****

TDSS 1:
09:18:48.0459 3664 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:18:48.0615 3664 ============================================================
09:18:48.0615 3664 Current date / time: 2012/11/13 09:18:48.0615
09:18:48.0615 3664 SystemInfo:
09:18:48.0615 3664
09:18:48.0615 3664 OS Version: 6.0.6002 ServicePack: 2.0
09:18:48.0615 3664 Product type: Workstation
09:18:48.0615 3664 ComputerName: VESELENAK-PC
09:18:48.0615 3664 UserName: Veselenak
09:18:48.0615 3664 Windows directory: C:\Windows
09:18:48.0615 3664 System windows directory: C:\Windows
09:18:48.0615 3664 Processor architecture: Intel x86
09:18:48.0615 3664 Number of processors: 2
09:18:48.0615 3664 Page size: 0x1000
09:18:48.0615 3664 Boot type: Normal boot
09:18:48.0615 3664 ============================================================
09:18:49.0909 3664 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:18:49.0925 3664 Drive \Device\Harddisk1\DR2 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:18:49.0925 3664 ============================================================
09:18:49.0925 3664 \Device\Harddisk0\DR0:
09:18:49.0925 3664 MBR partitions:
09:18:49.0925 3664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1193E536
09:18:49.0925 3664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1193E575, BlocksNum 0x10DA54C
09:18:49.0925 3664 \Device\Harddisk1\DR2:
09:18:49.0925 3664 MBR partitions:
09:18:49.0925 3664 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xF05000
09:18:49.0925 3664 ============================================================
09:18:49.0941 3664 C: <-> \Device\Harddisk0\DR0\Partition1
09:18:49.0972 3664 D: <-> \Device\Harddisk0\DR0\Partition2
09:18:49.0972 3664 ============================================================
09:18:49.0972 3664 Initialize success
09:18:49.0972 3664 ============================================================
09:18:59.0191 1360 ============================================================
09:18:59.0191 1360 Scan started
09:18:59.0191 1360 Mode: Manual; SigCheck; TDLFS;
09:18:59.0191 1360 ============================================================
09:18:59.0550 1360 ================ Scan system memory ========================
09:18:59.0550 1360 System memory - ok
09:18:59.0550 1360 ================ Scan services =============================
09:18:59.0862 1360 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Users\Veselenak\Desktop\Removal Tools\EmsisoftEmergencyKit\Run\a2ddax86.sys
09:18:59.0971 1360 A2DDA - ok
09:19:00.0127 1360 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:19:00.0143 1360 ACDaemon - ok
09:19:00.0252 1360 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:19:00.0283 1360 ACPI - ok
09:19:00.0330 1360 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:19:00.0346 1360 AdobeARMservice - ok
09:19:00.0424 1360 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:19:00.0439 1360 AdobeFlashPlayerUpdateSvc - ok
09:19:00.0486 1360 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:19:00.0517 1360 adp94xx - ok
09:19:00.0549 1360 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:19:00.0580 1360 adpahci - ok
09:19:00.0595 1360 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:19:00.0627 1360 adpu160m - ok
09:19:00.0642 1360 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:19:00.0658 1360 adpu320 - ok
09:19:00.0689 1360 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:19:00.0736 1360 AeLookupSvc - ok
09:19:00.0783 1360 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:19:00.0798 1360 AFD - ok
09:19:00.0861 1360 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:19:00.0876 1360 agp440 - ok
09:19:00.0907 1360 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:19:00.0923 1360 aic78xx - ok
09:19:00.0954 1360 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:19:00.0985 1360 ALG - ok
09:19:01.0001 1360 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
09:19:01.0017 1360 aliide - ok
09:19:01.0048 1360 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:19:01.0063 1360 amdagp - ok
09:19:01.0095 1360 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
09:19:01.0110 1360 amdide - ok
09:19:01.0126 1360 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:19:01.0188 1360 AmdK7 - ok
09:19:01.0219 1360 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:19:01.0235 1360 AmdK8 - ok
09:19:01.0266 1360 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:19:01.0313 1360 Appinfo - ok
09:19:01.0375 1360 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
09:19:01.0391 1360 arc - ok
09:19:01.0422 1360 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:19:01.0438 1360 arcsas - ok
09:19:01.0469 1360 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:19:01.0500 1360 AsyncMac - ok
09:19:01.0547 1360 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:19:01.0563 1360 atapi - ok
09:19:01.0609 1360 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:19:01.0641 1360 AudioEndpointBuilder - ok
09:19:01.0656 1360 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:19:01.0687 1360 Audiosrv - ok
09:19:01.0781 1360 [ 34A0A6386256080F52C74076C6157026 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
09:19:01.0859 1360 BCM43XV - ok
09:19:01.0984 1360 [ 34A0A6386256080F52C74076C6157026 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
09:19:02.0046 1360 BCM43XX - ok
09:19:02.0093 1360 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:19:02.0124 1360 Beep - ok
09:19:02.0171 1360 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:19:02.0218 1360 BFE - ok
09:19:02.0265 1360 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
09:19:02.0421 1360 BITS - ok
09:19:02.0436 1360 blbdrive - ok
09:19:02.0483 1360 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:19:02.0499 1360 bowser - ok
09:19:02.0530 1360 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:19:02.0545 1360 BrFiltLo - ok
09:19:02.0561 1360 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:19:02.0608 1360 BrFiltUp - ok
09:19:02.0655 1360 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:19:02.0686 1360 Browser - ok
09:19:02.0717 1360 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:19:02.0779 1360 Brserid - ok
09:19:02.0779 1360 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:19:02.0842 1360 BrSerWdm - ok
09:19:02.0857 1360 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:19:02.0920 1360 BrUsbMdm - ok
09:19:02.0935 1360 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:19:02.0982 1360 BrUsbSer - ok
09:19:03.0013 1360 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:19:03.0076 1360 BTHMODEM - ok
09:19:03.0107 1360 catchme - ok
09:19:03.0154 1360 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:19:03.0185 1360 cdfs - ok
09:19:03.0232 1360 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:19:03.0263 1360 cdrom - ok
09:19:03.0310 1360 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:19:03.0341 1360 CertPropSvc - ok
09:19:03.0372 1360 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
09:19:03.0419 1360 circlass - ok
09:19:03.0528 1360 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
09:19:03.0544 1360 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
09:19:03.0544 1360 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
09:19:03.0575 1360 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:19:03.0606 1360 CLFS - ok
09:19:03.0653 1360 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:19:03.0669 1360 clr_optimization_v2.0.50727_32 - ok
09:19:03.0684 1360 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
09:19:03.0700 1360 CLSched ( UnsignedFile.Multi.Generic ) - warning
09:19:03.0700 1360 CLSched - detected UnsignedFile.Multi.Generic (1)
09:19:03.0762 1360 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:19:03.0809 1360 CmBatt - ok
09:19:03.0840 1360 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:19:03.0856 1360 cmdide - ok
09:19:03.0903 1360 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:19:03.0918 1360 Compbatt - ok
09:19:03.0918 1360 COMSysApp - ok
09:19:03.0934 1360 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:19:03.0949 1360 crcdisk - ok
09:19:03.0965 1360 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:19:04.0027 1360 Crusoe - ok
09:19:04.0074 1360 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:19:04.0090 1360 CryptSvc - ok
09:19:04.0183 1360 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:19:04.0261 1360 DcomLaunch - ok
09:19:04.0308 1360 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:19:04.0324 1360 DfsC - ok
09:19:04.0480 1360 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:19:04.0636 1360 DFSR - ok
09:19:04.0698 1360 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:19:04.0745 1360 Dhcp - ok
09:19:04.0792 1360 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:19:04.0807 1360 disk - ok
09:19:04.0854 1360 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:19:04.0901 1360 Dnscache - ok
09:19:04.0948 1360 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:19:04.0979 1360 dot3svc - ok
09:19:05.0026 1360 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:19:05.0088 1360 DPS - ok
09:19:05.0119 1360 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:19:05.0166 1360 drmkaud - ok
09:19:05.0229 1360 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:19:05.0275 1360 DXGKrnl - ok
09:19:05.0307 1360 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
09:19:05.0369 1360 E100B - ok
09:19:05.0400 1360 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:19:05.0463 1360 E1G60 - ok
09:19:05.0494 1360 [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr C:\Windows\system32\DRIVERS\eabfiltr.sys
09:19:05.0509 1360 eabfiltr - ok
09:19:05.0556 1360 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:19:05.0587 1360 EapHost - ok
09:19:05.0634 1360 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:19:05.0681 1360 Ecache - ok
09:19:05.0743 1360 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:19:05.0759 1360 ehRecvr - ok
09:19:05.0790 1360 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:19:05.0806 1360 ehSched - ok
09:19:05.0821 1360 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:19:05.0837 1360 ehstart - ok
09:19:05.0884 1360 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:19:05.0931 1360 elxstor - ok
09:19:05.0993 1360 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:19:06.0040 1360 EMDMgmt - ok
09:19:06.0102 1360 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:19:06.0149 1360 EventSystem - ok
09:19:06.0180 1360 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:19:06.0211 1360 exfat - ok
09:19:06.0243 1360 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:19:06.0289 1360 fastfat - ok
09:19:06.0321 1360 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:19:06.0383 1360 fdc - ok
09:19:06.0414 1360 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:19:06.0445 1360 fdPHost - ok
09:19:06.0477 1360 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:19:06.0539 1360 FDResPub - ok
09:19:06.0570 1360 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:19:06.0586 1360 FileInfo - ok
09:19:06.0617 1360 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:19:06.0664 1360 Filetrace - ok
09:19:06.0695 1360 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:19:06.0757 1360 flpydisk - ok
09:19:06.0789 1360 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:19:06.0820 1360 FltMgr - ok
09:19:06.0913 1360 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
09:19:06.0976 1360 FontCache - ok
09:19:07.0054 1360 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:19:07.0069 1360 FontCache3.0.0.0 - ok
09:19:07.0085 1360 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:19:07.0116 1360 Fs_Rec - ok
09:19:07.0163 1360 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:19:07.0179 1360 gagp30kx - ok
09:19:07.0225 1360 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:19:07.0272 1360 gpsvc - ok
09:19:07.0303 1360 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
09:19:07.0303 1360 HBtnKey - ok
09:19:07.0366 1360 [ A08F4808FB19A40792A6056848187AFE ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
09:19:07.0381 1360 HdAudAddService - ok
09:19:07.0428 1360 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:19:07.0537 1360 HDAudBus - ok
09:19:07.0584 1360 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:19:07.0647 1360 HidBth - ok
09:19:07.0662 1360 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:19:07.0725 1360 HidIr - ok
09:19:07.0756 1360 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:19:07.0771 1360 hidserv - ok
09:19:07.0787 1360 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:19:07.0818 1360 HidUsb - ok
09:19:07.0849 1360 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:19:07.0881 1360 hkmsvc - ok
09:19:07.0943 1360 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:19:07.0959 1360 HP Health Check Service - ok
09:19:08.0005 1360 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:19:08.0021 1360 HpCISSs - ok
09:19:08.0068 1360 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:19:08.0083 1360 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
09:19:08.0083 1360 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
09:19:08.0115 1360 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:19:08.0146 1360 HSFHWAZL - ok
09:19:08.0208 1360 [ 0D7A055A840C3099C37D576573A42CD5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:19:08.0271 1360 HSF_DPV - ok
09:19:08.0333 1360 [ BCC074692882C056B0E1AC97F3331A02 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:19:08.0349 1360 HSXHWAZL - ok
09:19:08.0395 1360 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:19:08.0427 1360 HTTP - ok
09:19:08.0442 1360 hwdatacard - ok
09:19:08.0489 1360 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:19:08.0505 1360 i2omp - ok
09:19:08.0551 1360 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:19:08.0583 1360 i8042prt - ok
09:19:08.0645 1360 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
09:19:08.0770 1360 ialm - ok
09:19:08.0817 1360 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:19:08.0832 1360 iaStorV - ok
09:19:08.0910 1360 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:19:08.0910 1360 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:19:08.0910 1360 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:19:08.0973 1360 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:19:09.0066 1360 idsvc - ok
09:19:09.0113 1360 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:19:09.0129 1360 iirsp - ok
09:19:09.0175 1360 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:19:09.0238 1360 IKEEXT - ok
09:19:09.0285 1360 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
09:19:09.0300 1360 intelide - ok
09:19:09.0347 1360 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:19:09.0425 1360 intelppm - ok
09:19:09.0472 1360 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:19:09.0503 1360 IPBusEnum - ok
09:19:09.0534 1360 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:19:09.0597 1360 IpFilterDriver - ok
09:19:09.0643 1360 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:19:09.0659 1360 iphlpsvc - ok
09:19:09.0659 1360 IpInIp - ok
09:19:09.0706 1360 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:19:09.0768 1360 IPMIDRV - ok
09:19:09.0799 1360 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:19:09.0846 1360 IPNAT - ok
09:19:09.0862 1360 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:19:09.0909 1360 IRENUM - ok
09:19:09.0940 1360 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:19:09.0955 1360 isapnp - ok
09:19:10.0002 1360 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:19:10.0033 1360 iScsiPrt - ok
09:19:10.0049 1360 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:19:10.0065 1360 iteatapi - ok
09:19:10.0080 1360 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:19:10.0111 1360 iteraid - ok
09:19:10.0143 1360 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:19:10.0158 1360 kbdclass - ok
09:19:10.0189 1360 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:19:10.0221 1360 kbdhid - ok
09:19:10.0236 1360 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:19:10.0267 1360 KeyIso - ok
09:19:10.0299 1360 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:19:10.0330 1360 KSecDD - ok
09:19:10.0408 1360 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:19:10.0486 1360 KtmRm - ok
09:19:10.0517 1360 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:19:10.0548 1360 LanmanServer - ok
09:19:10.0579 1360 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:19:10.0611 1360 LanmanWorkstation - ok
09:19:10.0673 1360 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:19:10.0689 1360 LightScribeService - ok
09:19:10.0720 1360 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:19:10.0751 1360 lltdio - ok
09:19:10.0798 1360 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:19:10.0845 1360 lltdsvc - ok
09:19:10.0876 1360 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:19:10.0954 1360 lmhosts - ok
09:19:11.0001 1360 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:19:11.0016 1360 LSI_FC - ok
09:19:11.0032 1360 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:19:11.0063 1360 LSI_SAS - ok
09:19:11.0079 1360 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:19:11.0094 1360 LSI_SCSI - ok
09:19:11.0125 1360 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:19:11.0157 1360 luafv - ok
09:19:11.0219 1360 [ 082EA07B461D1D184A82FDCB8B38A753 ] massfilter C:\Windows\system32\drivers\massfilter.sys
09:19:11.0235 1360 massfilter - ok
09:19:11.0250 1360 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:19:11.0266 1360 Mcx2Svc - ok
09:19:11.0281 1360 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:19:11.0297 1360 mdmxsdk - ok
09:19:11.0328 1360 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
09:19:11.0344 1360 megasas - ok
09:19:11.0375 1360 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:19:11.0422 1360 MMCSS - ok
09:19:11.0453 1360 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:19:11.0484 1360 Modem - ok
09:19:11.0515 1360 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:19:11.0547 1360 monitor - ok
09:19:11.0593 1360 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:19:11.0609 1360 mouclass - ok
09:19:11.0625 1360 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
09:19:11.0687 1360 mouhid - ok
09:19:11.0718 1360 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:19:11.0749 1360 MountMgr - ok
09:19:11.0781 1360 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:19:11.0812 1360 MpFilter - ok
09:19:11.0843 1360 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
09:19:11.0859 1360 mpio - ok
09:19:11.0952 1360 [ A69630D039C38018689190234F866D77 ] MpKslb9ed92a1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E97456B1-F3D7-48C4-B240-13B39E56CFED}\MpKslb9ed92a1.sys
09:19:11.0968 1360 MpKslb9ed92a1 - ok
09:19:12.0015 1360 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:19:12.0030 1360 mpsdrv - ok
09:19:12.0077 1360 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:19:12.0139 1360 MpsSvc - ok
09:19:12.0155 1360 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:19:12.0171 1360 Mraid35x - ok
09:19:12.0217 1360 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:19:12.0233 1360 MRxDAV - ok
09:19:12.0264 1360 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:19:12.0280 1360 mrxsmb - ok
09:19:12.0295 1360 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:19:12.0311 1360 mrxsmb10 - ok
09:19:12.0327 1360 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:19:12.0358 1360 mrxsmb20 - ok
09:19:12.0389 1360 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
09:19:12.0405 1360 msahci - ok
09:19:12.0405 1360 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:19:12.0436 1360 msdsm - ok
09:19:12.0483 1360 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:19:12.0545 1360 MSDTC - ok
09:19:12.0592 1360 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:19:12.0623 1360 Msfs - ok
09:19:12.0639 1360 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:19:12.0654 1360 msisadrv - ok
09:19:12.0685 1360 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:19:12.0732 1360 MSiSCSI - ok
09:19:12.0732 1360 msiserver - ok
09:19:12.0779 1360 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:19:12.0810 1360 MSKSSRV - ok
09:19:12.0873 1360 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:19:12.0888 1360 MsMpSvc - ok
09:19:12.0904 1360 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:19:12.0951 1360 MSPCLOCK - ok
09:19:12.0982 1360 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:19:13.0029 1360 MSPQM - ok
09:19:13.0060 1360 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:19:13.0075 1360 MsRPC - ok
09:19:13.0122 1360 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:19:13.0138 1360 mssmbios - ok
09:19:13.0169 1360 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:19:13.0216 1360 MSTEE - ok
09:19:13.0231 1360 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:19:13.0263 1360 Mup - ok
09:19:13.0309 1360 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:19:13.0341 1360 napagent - ok
09:19:13.0387 1360 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:19:13.0403 1360 NativeWifiP - ok
09:19:13.0434 1360 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:19:13.0465 1360 NDIS - ok
09:19:13.0497 1360 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:19:13.0528 1360 NdisTapi - ok
09:19:13.0559 1360 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:19:13.0590 1360 Ndisuio - ok
09:19:13.0637 1360 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:19:13.0653 1360 NdisWan - ok
09:19:13.0684 1360 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:19:13.0731 1360 NDProxy - ok
09:19:13.0762 1360 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:19:13.0809 1360 NetBIOS - ok
09:19:13.0855 1360 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:19:13.0902 1360 netbt - ok
09:19:13.0933 1360 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:19:13.0949 1360 Netlogon - ok
09:19:13.0996 1360 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:19:14.0027 1360 Netman - ok
09:19:14.0074 1360 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:19:14.0121 1360 netprofm - ok
09:19:14.0152 1360 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:19:14.0167 1360 NetTcpPortSharing - ok
09:19:14.0214 1360 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:19:14.0230 1360 nfrd960 - ok
09:19:14.0261 1360 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:19:14.0292 1360 NisDrv - ok
09:19:14.0339 1360 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:19:14.0355 1360 NisSrv - ok
09:19:14.0401 1360 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:19:14.0433 1360 NlaSvc - ok
09:19:14.0479 1360 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:19:14.0495 1360 Npfs - ok
09:19:14.0542 1360 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:19:14.0573 1360 nsi - ok
09:19:14.0589 1360 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:19:14.0635 1360 nsiproxy - ok
09:19:14.0698 1360 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:19:14.0776 1360 Ntfs - ok
09:19:14.0807 1360 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:19:14.0869 1360 ntrigdigi - ok
09:19:14.0916 1360 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:19:14.0947 1360 Null - ok
09:19:15.0010 1360 [ A1108084B0D2FC43DCC401735770E2A3 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:19:15.0057 1360 NVENETFD - ok
09:19:15.0493 1360 [ B36C3B866B0D47E2E2856EC8FD746E39 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:19:15.0915 1360 nvlddmkm - ok
09:19:15.0946 1360 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:19:15.0961 1360 nvraid - ok
09:19:16.0008 1360 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
09:19:16.0024 1360 nvsmu - ok
09:19:16.0055 1360 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:19:16.0071 1360 nvstor - ok
09:19:16.0133 1360 [ CF672C71844A3B407EB86042829BCE09 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:19:16.0164 1360 nvsvc - ok
09:19:16.0195 1360 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:19:16.0211 1360 nv_agp - ok
09:19:16.0258 1360 [ 0973C0C696780161F4526586D5EAC422 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
09:19:16.0273 1360 NWADI - ok
09:19:16.0273 1360 NwlnkFlt - ok
09:19:16.0289 1360 NwlnkFwd - ok
09:19:16.0320 1360 [ 1FDE5B2D61D97D803594DF4B3BC28C4B ] NWUSBCDFIL C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
09:19:16.0336 1360 NWUSBCDFIL - ok
09:19:16.0367 1360 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
09:19:16.0383 1360 NWUSBModem - ok
09:19:16.0414 1360 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
09:19:16.0429 1360 NWUSBPort - ok
09:19:16.0461 1360 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
09:19:16.0492 1360 NWUSBPort2 - ok
09:19:16.0570 1360 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:19:16.0617 1360 odserv - ok
09:19:16.0648 1360 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:19:16.0710 1360 ohci1394 - ok
09:19:16.0788 1360 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:19:16.0804 1360 ose - ok
09:19:16.0866 1360 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:19:16.0913 1360 p2pimsvc - ok
09:19:16.0944 1360 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:19:17.0022 1360 p2psvc - ok
09:19:17.0085 1360 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:19:17.0147 1360 Parport - ok
09:19:17.0178 1360 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:19:17.0194 1360 partmgr - ok
09:19:17.0209 1360 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:19:17.0303 1360 Parvdm - ok
09:19:17.0334 1360 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:19:17.0350 1360 PcaSvc - ok
09:19:17.0397 1360 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:19:17.0412 1360 pci - ok
09:19:17.0443 1360 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
09:19:17.0459 1360 pciide - ok
09:19:17.0475 1360 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:19:17.0490 1360 pcmcia - ok
09:19:17.0553 1360 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:19:17.0709 1360 PEAUTH - ok
09:19:17.0802 1360 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:19:17.0911 1360 pla - ok
09:19:17.0958 1360 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:19:17.0989 1360 PlugPlay - ok
09:19:18.0021 1360 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:19:18.0067 1360 PNRPAutoReg - ok
09:19:18.0114 1360 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:19:18.0145 1360 PNRPsvc - ok
09:19:18.0192 1360 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:19:18.0255 1360 PolicyAgent - ok
09:19:18.0317 1360 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:19:18.0379 1360 PptpMiniport - ok
09:19:18.0411 1360 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
09:19:18.0473 1360 Processor - ok
09:19:18.0504 1360 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:19:18.0535 1360 ProfSvc - ok
09:19:18.0551 1360 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:19:18.0567 1360 ProtectedStorage - ok
09:19:18.0613 1360 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:19:18.0629 1360 PSched - ok
09:19:18.0676 1360 [ 785E1032C8F3C8C60AA8E2B7FE377869 ] PTDMBus C:\Windows\system32\DRIVERS\PTDMBus.sys
09:19:18.0676 1360 PTDMBus - ok
09:19:18.0723 1360 [ 924C2B2DCA76D2BD7D44B3BB968B344F ] PTDMMdm C:\Windows\system32\DRIVERS\PTDMMdm.sys
09:19:18.0738 1360 PTDMMdm - ok
09:19:18.0754 1360 [ 58AD3CCDD567FA45FD94AF15229ACE7C ] PTDMVsp C:\Windows\system32\DRIVERS\PTDMVsp.sys
09:19:18.0754 1360 PTDMVsp - ok
09:19:18.0785 1360 [ 49F773DECBCD6A555C7A8694D37D232E ] PTDMWWAN C:\Windows\system32\DRIVERS\PTDMWWAN.sys
09:19:18.0785 1360 PTDMWWAN - ok
09:19:18.0816 1360 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:19:18.0832 1360 PxHelp20 - ok
09:19:18.0894 1360 [ 175494C00A40925CEB6F71514734E8F2 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:19:18.0894 1360 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
09:19:18.0894 1360 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
09:19:18.0941 1360 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:19:18.0957 1360 QBFCService ( UnsignedFile.Multi.Generic ) - warning
09:19:18.0957 1360 QBFCService - detected UnsignedFile.Multi.Generic (1)
09:19:19.0019 1360 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:19:19.0097 1360 ql2300 - ok
09:19:19.0128 1360 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:19:19.0144 1360 ql40xx - ok
09:19:19.0175 1360 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:19:19.0206 1360 QWAVE - ok
09:19:19.0237 1360 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:19:19.0253 1360 QWAVEdrv - ok
09:19:19.0284 1360 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:19:19.0315 1360 RasAcd - ok
09:19:19.0347 1360 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:19:19.0393 1360 RasAuto - ok
09:19:19.0425 1360 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:19:19.0456 1360 Rasl2tp - ok
09:19:19.0503 1360 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:19:19.0534 1360 RasMan - ok
09:19:19.0565 1360 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:19:19.0581 1360 RasPppoe - ok
09:19:19.0612 1360 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:19:19.0643 1360 RasSstp - ok
09:19:19.0690 1360 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:19:19.0705 1360 rdbss - ok
09:19:19.0737 1360 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:19:19.0783 1360 RDPCDD - ok
09:19:19.0830 1360 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:19:19.0908 1360 rdpdr - ok
09:19:19.0924 1360 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:19:19.0955 1360 RDPENCDD - ok
09:19:20.0002 1360 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:19:20.0017 1360 RDPWD - ok
09:19:20.0080 1360 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:19:20.0111 1360 RemoteAccess - ok
09:19:20.0142 1360 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:19:20.0173 1360 RemoteRegistry - ok
09:19:20.0220 1360 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
09:19:20.0236 1360 rimmptsk - ok
09:19:20.0236 1360 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:19:20.0251 1360 rimsptsk - ok
09:19:20.0283 1360 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
09:19:20.0298 1360 rismxdp - ok
09:19:20.0423 1360 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:19:20.0517 1360 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
09:19:20.0517 1360 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
09:19:20.0563 1360 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:19:20.0579 1360 RpcLocator - ok
09:19:20.0641 1360 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:19:20.0673 1360 RpcSs - ok
09:19:20.0719 1360 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:19:20.0751 1360 rspndr - ok
09:19:20.0766 1360 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:19:20.0782 1360 SamSs - ok
09:19:20.0813 1360 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:19:20.0829 1360 sbp2port - ok
09:19:20.0875 1360 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:19:20.0907 1360 SCardSvr - ok
09:19:20.0953 1360 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:19:21.0063 1360 Schedule - ok
09:19:21.0109 1360 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:19:21.0156 1360 SCPolicySvc - ok
09:19:21.0172 1360 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:19:21.0203 1360 sdbus - ok
09:19:21.0234 1360 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:19:21.0265 1360 SDRSVC - ok
09:19:21.0281 1360 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:19:21.0343 1360 secdrv - ok
09:19:21.0375 1360 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:19:21.0437 1360 seclogon - ok
09:19:21.0468 1360 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:19:21.0499 1360 SENS - ok
09:19:21.0562 1360 [ B97E1D0E59A128394F24E9F31E227EF2 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
09:19:21.0577 1360 Ser2pl - ok
09:19:21.0624 1360 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:19:21.0687 1360 Serenum - ok
09:19:21.0702 1360 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:19:21.0765 1360 Serial - ok
09:19:21.0796 1360 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:19:21.0827 1360 sermouse - ok
09:19:21.0874 1360 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:19:21.0921 1360 SessionEnv - ok
09:19:21.0936 1360 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:19:21.0999 1360 sffdisk - ok
09:19:22.0014 1360 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:19:22.0077 1360 sffp_mmc - ok
09:19:22.0092 1360 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:19:22.0139 1360 sffp_sd - ok
09:19:22.0155 1360 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:19:22.0233 1360 sfloppy - ok
09:19:22.0248 1360 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:19:22.0295 1360 SharedAccess - ok
09:19:22.0326 1360 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:19:22.0373 1360 ShellHWDetection - ok
09:19:22.0389 1360 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:19:22.0404 1360 sisagp - ok
09:19:22.0435 1360 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:19:22.0451 1360 SiSRaid2 - ok
09:19:22.0467 1360 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:19:22.0482 1360 SiSRaid4 - ok
09:19:22.0623 1360 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:19:23.0215 1360 slsvc - ok
09:19:23.0262 1360 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:19:23.0293 1360 SLUINotify - ok
09:19:23.0325 1360 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:19:23.0356 1360 Smb - ok
09:19:23.0371 1360 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:19:23.0387 1360 SNMPTRAP - ok
09:19:23.0418 1360 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:19:23.0449 1360 spldr - ok
09:19:23.0481 1360 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:19:23.0527 1360 Spooler - ok
09:19:23.0559 1360 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:19:23.0590 1360 srv - ok
09:19:23.0621 1360 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:19:23.0637 1360 srv2 - ok
09:19:23.0652 1360 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:19:23.0668 1360 srvnet - ok
09:19:23.0715 1360 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
09:19:23.0730 1360 sscdbus - ok
09:19:23.0761 1360 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:19:23.0777 1360 sscdmdfl - ok
09:19:23.0793 1360 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
09:19:23.0808 1360 sscdmdm - ok
09:19:23.0824 1360 [ 9FA66E361A99F8920C7609BAE6814A0E ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
09:19:23.0855 1360 sscdserd - ok
09:19:23.0902 1360 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:19:23.0933 1360 SSDPSRV - ok
09:19:23.0980 1360 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:19:24.0011 1360 SstpSvc - ok
09:19:24.0058 1360 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:19:24.0120 1360 stisvc - ok
09:19:24.0198 1360 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:19:24.0229 1360 stllssvr - ok
09:19:24.0261 1360 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:19:24.0292 1360 swenum - ok
09:19:24.0339 1360 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:19:24.0385 1360 swprv - ok
09:19:24.0417 1360 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:19:24.0432 1360 Symc8xx - ok
09:19:24.0448 1360 [ FE9F8B3A8BC22D85332B42E92308DDF9 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
09:19:24.0463 1360 SYMDNS - ok
09:19:24.0495 1360 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
09:19:24.0510 1360 SymEvent - ok
09:19:24.0541 1360 [ A0EA9D273889E53CFAABF2444692CCBF ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
09:19:24.0557 1360 SYMFW - ok
09:19:24.0557 1360 SymIM - ok
09:19:24.0573 1360 SymIMMP - ok
09:19:24.0619 1360 [ C94EACA4B522012EE0691F1E79C42A7D ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
09:19:24.0635 1360 SYMNDISV - ok
09:19:24.0666 1360 [ 7C6505EA598E58099D3B7E1F70426864 ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
09:19:24.0682 1360 SYMREDRV - ok
09:19:24.0697 1360 [ E6FF7ACE71D07CA90119F2C6AB592BA4 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
09:19:24.0713 1360 SYMTDI - ok
09:19:24.0729 1360 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:19:24.0744 1360 Sym_hi - ok
09:19:24.0775 1360 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:19:24.0791 1360 Sym_u3 - ok
09:19:24.0853 1360 [ 8327106D1C93E9A7B98E63B9FCC24BB7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:19:24.0869 1360 SynTP - ok
09:19:24.0916 1360 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:19:24.0963 1360 SysMain - ok
09:19:24.0994 1360 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:19:25.0025 1360 TabletInputService - ok
09:19:25.0056 1360 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:19:25.0087 1360 TapiSrv - ok
09:19:25.0119 1360 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:19:25.0165 1360 TBS - ok
09:19:25.0228 1360 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:19:25.0290 1360 Tcpip - ok
09:19:25.0368 1360 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:19:25.0431 1360 Tcpip6 - ok
09:19:25.0477 1360 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:19:25.0493 1360 tcpipreg - ok
09:19:25.0540 1360 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:19:25.0571 1360 TDPIPE - ok
09:19:25.0602 1360 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:19:25.0633 1360 TDTCP - ok
09:19:25.0680 1360 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:19:25.0696 1360 tdx - ok
09:19:25.0743 1360 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:19:25.0758 1360 TermDD - ok
09:19:25.0821 1360 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:19:25.0867 1360 TermService - ok
09:19:25.0899 1360 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:19:25.0914 1360 Themes - ok
09:19:25.0945 1360 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:19:25.0977 1360 THREADORDER - ok
09:19:26.0008 1360 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:19:26.0055 1360 TrkWks - ok
09:19:26.0101 1360 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:19:26.0133 1360 TrustedInstaller - ok
09:19:26.0179 1360 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:19:26.0211 1360 tssecsrv - ok
09:19:26.0242 1360 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:19:26.0257 1360 tunmp - ok
09:19:26.0289 1360 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:19:26.0304 1360 tunnel - ok
09:19:26.0335 1360 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:19:26.0351 1360 uagp35 - ok
09:19:26.0382 1360 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:19:26.0413 1360 udfs - ok
09:19:26.0460 1360 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:19:26.0491 1360 UI0Detect - ok
09:19:26.0523 1360 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:19:26.0538 1360 uliagpkx - ok
09:19:26.0554 1360 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:19:26.0585 1360 uliahci - ok
09:19:26.0601 1360 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:19:26.0616 1360 UlSata - ok
09:19:26.0632 1360 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:19:26.0647 1360 ulsata2 - ok
09:19:26.0679 1360 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:19:26.0725 1360 umbus - ok
09:19:26.0757 1360 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:19:26.0803 1360 upnphost - ok
09:19:26.0850 1360 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:19:26.0881 1360 usbccgp - ok
09:19:26.0913 1360 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:19:26.0975 1360 usbcir - ok
09:19:26.0991 1360 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:19:27.0022 1360 usbehci - ok
09:19:27.0053 1360 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:19:27.0084 1360 usbhub - ok
09:19:27.0131 1360 [ 739EA372279B0434BA26B624CE010D70 ] usbkey C:\Windows\system32\DRIVERS\USBKey.sys
09:19:27.0147 1360 usbkey - ok
09:19:27.0162 1360 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:19:27.0193 1360 usbohci - ok
09:19:27.0225 1360 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:19:27.0287 1360 usbprint - ok
09:19:27.0318 1360 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:19:27.0334 1360 USBSTOR - ok
09:19:27.0365 1360 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:19:27.0427 1360 usbuhci - ok
09:19:27.0459 1360 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:19:27.0490 1360 usbvideo - ok
09:19:27.0521 1360 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:19:27.0552 1360 UxSms - ok
09:19:27.0599 1360 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:19:27.0630 1360 vds - ok
09:19:27.0661 1360 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:19:27.0724 1360 vga - ok
09:19:27.0755 1360 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:19:27.0802 1360 VgaSave - ok
09:19:27.0833 1360 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:19:27.0849 1360 viaagp - ok
09:19:27.0864 1360 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:19:27.0927 1360 ViaC7 - ok
09:19:27.0958 1360 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
09:19:27.0973 1360 viaide - ok
09:19:28.0005 1360 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:19:28.0020 1360 volmgr - ok
09:19:28.0067 1360 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:19:28.0083 1360 volmgrx - ok
09:19:28.0145 1360 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:19:28.0176 1360 volsnap - ok
09:19:28.0223 1360 [ 4B7F8CABBF7261796F12780E911D5F34 ] Vongo Service C:\Program Files\Vongo\VongoService.exe
09:19:28.0270 1360 Vongo Service ( UnsignedFile.Multi.Generic ) - warning
09:19:28.0270 1360 Vongo Service - detected UnsignedFile.Multi.Generic (1)
09:19:28.0285 1360 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:19:28.0301 1360 vsmraid - ok
09:19:28.0363 1360 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:19:28.0488 1360 VSS - ok
09:19:28.0519 1360 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:19:28.0566 1360 W32Time - ok
09:19:28.0597 1360 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:19:28.0691 1360 WacomPen - ok
09:19:28.0722 1360 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:19:28.0753 1360 Wanarp - ok
09:19:28.0769 1360 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:19:28.0785 1360 Wanarpv6 - ok
09:19:28.0831 1360 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:19:28.0863 1360 wcncsvc - ok
09:19:28.0894 1360 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:19:28.0925 1360 WcsPlugInService - ok
09:19:28.0956 1360 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
09:19:28.0972 1360 Wd - ok
09:19:29.0019 1360 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:19:29.0065 1360 Wdf01000 - ok
09:19:29.0097 1360 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:19:29.0143 1360 WdiServiceHost - ok
09:19:29.0159 1360 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:19:29.0190 1360 WdiSystemHost - ok
09:19:29.0237 1360 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:19:29.0268 1360 WebClient - ok
09:19:29.0299 1360 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:19:29.0331 1360 Wecsvc - ok
09:19:29.0377 1360 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:19:29.0424 1360 wercplsupport - ok
09:19:29.0455 1360 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:19:29.0502 1360 WerSvc - ok
09:19:29.0549 1360 [ 3B4522D0E750BAC8FE7AE61622A57014 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:19:29.0611 1360 winachsf - ok
09:19:29.0721 1360 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:19:29.0752 1360 WinDefend - ok
09:19:29.0752 1360 WinHttpAutoProxySvc - ok
09:19:29.0799 1360 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:19:29.0830 1360 Winmgmt - ok
09:19:29.0892 1360 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:19:29.0970 1360 WinRM - ok
09:19:30.0048 1360 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:19:30.0079 1360 Wlansvc - ok
09:19:30.0126 1360 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:19:30.0157 1360 WmiAcpi - ok
09:19:30.0189 1360 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:19:30.0220 1360 wmiApSrv - ok
09:19:30.0282 1360 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:19:30.0376 1360 WMPNetworkSvc - ok
09:19:30.0423 1360 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:19:30.0454 1360 WPCSvc - ok
09:19:30.0485 1360 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:19:30.0516 1360 WPDBusEnum - ok
09:19:30.0547 1360 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:19:30.0579 1360 WpdUsb - ok
09:19:30.0610 1360 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:19:30.0641 1360 ws2ifsl - ok
09:19:30.0672 1360 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:19:30.0688 1360 wscsvc - ok
09:19:30.0703 1360 WSearch - ok
09:19:30.0797 1360 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:19:31.0062 1360 wuauserv - ok
09:19:31.0109 1360 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:19:31.0156 1360 WUDFRd - ok
09:19:31.0234 1360 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:19:31.0265 1360 wudfsvc - ok
09:19:31.0281 1360 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:19:31.0296 1360 XAudio - ok
09:19:31.0343 1360 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:19:31.0359 1360 XAudioService - ok
09:19:31.0405 1360 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys
09:19:31.0421 1360 ZTEusbgps - ok
09:19:31.0452 1360 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:19:31.0483 1360 ZTEusbmdm6k - ok
09:19:31.0499 1360 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:19:31.0530 1360 ZTEusbnmea - ok
09:19:31.0546 1360 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
09:19:31.0561 1360 ZTEusbnmeaext - ok
09:19:31.0608 1360 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:19:31.0624 1360 ZTEusbser6k - ok
09:19:31.0639 1360 ================ Scan global ===============================
09:19:31.0671 1360 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:19:31.0702 1360 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:19:31.0749 1360 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:19:31.0780 1360 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:19:31.0795 1360 [Global] - ok
09:19:31.0795 1360 ================ Scan MBR ==================================
09:19:31.0811 1360 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
09:19:32.0310 1360 \Device\Harddisk0\DR0 - ok
09:19:32.0310 1360 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR2
09:19:40.0297 1360 \Device\Harddisk1\DR2 - ok
09:19:40.0297 1360 ================ Scan VBR ==================================
09:19:40.0313 1360 [ BCDF09F82849C28D2ACCB5448232B7F3 ] \Device\Harddisk0\DR0\Partition1
09:19:40.0329 1360 \Device\Harddisk0\DR0\Partition1 - ok
09:19:40.0375 1360 [ 9F13E1F5862FA79FDD3A427B9E01F318 ] \Device\Harddisk0\DR0\Partition2
09:19:40.0375 1360 \Device\Harddisk0\DR0\Partition2 - ok
09:19:40.0391 1360 [ AD5570E4C866FD887CCB9D5DA30F51A2 ] \Device\Harddisk1\DR2\Partition1
09:19:40.0391 1360 \Device\Harddisk1\DR2\Partition1 - ok
09:19:40.0391 1360 ============================================================
09:19:40.0391 1360 Scan finished
09:19:40.0391 1360 ============================================================
09:19:40.0422 1928 Detected object count: 8
09:19:40.0422 1928 Actual detected object count: 8
09:31:07.0290 1928 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0290 1928 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0290 1928 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0290 1928 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0290 1928 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0290 1928 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0306 1928 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0306 1928 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0306 1928 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0306 1928 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0321 1928 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0321 1928 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0321 1928 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0321 1928 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:07.0337 1928 Vongo Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:07.0337 1928 Vongo Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:09.0256 4024 Deinitialize success

TDSS 2:
15:00:30.0839 1096 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:00:30.0855 1096 ============================================================
15:00:30.0855 1096 Current date / time: 2012/11/12 15:00:30.0855
15:00:30.0855 1096 SystemInfo:
15:00:30.0855 1096
15:00:30.0855 1096 OS Version: 6.0.6002 ServicePack: 2.0
15:00:30.0855 1096 Product type: Workstation
15:00:30.0855 1096 ComputerName: VESELENAK-PC
15:00:30.0855 1096 UserName: Veselenak
15:00:30.0855 1096 Windows directory: C:\Windows
15:00:30.0855 1096 System windows directory: C:\Windows
15:00:30.0855 1096 Processor architecture: Intel x86
15:00:30.0855 1096 Number of processors: 2
15:00:30.0855 1096 Page size: 0x1000
15:00:30.0855 1096 Boot type: Safe boot with network
15:00:30.0855 1096 ============================================================
15:00:31.0588 1096 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:00:31.0604 1096 ============================================================
15:00:31.0604 1096 \Device\Harddisk0\DR0:
15:00:31.0604 1096 MBR partitions:
15:00:31.0604 1096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1193E536
15:00:31.0604 1096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1193E575, BlocksNum 0x10DA54C
15:00:31.0604 1096 ============================================================
15:00:31.0604 1096 C: <-> \Device\Harddisk0\DR0\Partition1
15:00:31.0650 1096 D: <-> \Device\Harddisk0\DR0\Partition2
15:00:31.0650 1096 ============================================================
15:00:31.0650 1096 Initialize success
15:00:31.0650 1096 ============================================================
15:00:37.0547 0612 ============================================================
15:00:37.0547 0612 Scan started
15:00:37.0547 0612 Mode: Manual; SigCheck; TDLFS;
15:00:37.0547 0612 ============================================================
15:00:38.0249 0612 ================ Scan system memory ========================
15:00:38.0249 0612 System memory - ok
15:00:38.0249 0612 ================ Scan services =============================
15:00:38.0405 0612 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:00:38.0608 0612 ACDaemon - ok
15:00:38.0733 0612 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:00:38.0748 0612 ACPI - ok
15:00:38.0811 0612 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:00:38.0826 0612 AdobeARMservice - ok
15:00:38.0889 0612 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:38.0920 0612 AdobeFlashPlayerUpdateSvc - ok
15:00:38.0951 0612 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:00:38.0982 0612 adp94xx - ok
15:00:39.0014 0612 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:00:39.0029 0612 adpahci - ok
15:00:39.0060 0612 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:00:39.0076 0612 adpu160m - ok
15:00:39.0092 0612 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:00:39.0107 0612 adpu320 - ok
15:00:39.0154 0612 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:00:39.0232 0612 AeLookupSvc - ok
15:00:39.0279 0612 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:00:39.0357 0612 AFD - ok
15:00:39.0419 0612 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:00:39.0419 0612 agp440 - ok
15:00:39.0450 0612 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:00:39.0466 0612 aic78xx - ok
15:00:39.0497 0612 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:00:39.0840 0612 ALG - ok
15:00:39.0856 0612 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:00:39.0872 0612 aliide - ok
15:00:39.0918 0612 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:00:39.0934 0612 amdagp - ok
15:00:39.0934 0612 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
15:00:39.0950 0612 amdide - ok
15:00:39.0981 0612 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:00:40.0168 0612 AmdK7 - ok
15:00:40.0199 0612 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:00:40.0246 0612 AmdK8 - ok
15:00:40.0308 0612 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:00:40.0340 0612 Appinfo - ok
15:00:40.0386 0612 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:00:40.0402 0612 arc - ok
15:00:40.0433 0612 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:00:40.0449 0612 arcsas - ok
15:00:40.0480 0612 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:40.0542 0612 AsyncMac - ok
15:00:40.0574 0612 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:00:40.0589 0612 atapi - ok
15:00:40.0636 0612 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:40.0683 0612 AudioEndpointBuilder - ok
15:00:40.0714 0612 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:00:40.0730 0612 Audiosrv - ok
15:00:40.0776 0612 [ 7C813EB232C7AEFA627A12A104DDA221 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
15:00:40.0792 0612 Automatic LiveUpdate Scheduler - ok
15:00:40.0886 0612 [ 34A0A6386256080F52C74076C6157026 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
15:00:40.0964 0612 BCM43XV - ok
15:00:41.0088 0612 [ 34A0A6386256080F52C74076C6157026 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:00:41.0135 0612 BCM43XX - ok
15:00:41.0213 0612 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:00:41.0260 0612 Beep - ok
15:00:41.0322 0612 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:00:41.0385 0612 BFE - ok
15:00:41.0463 0612 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:00:41.0634 0612 BITS - ok
15:00:41.0634 0612 blbdrive - ok
15:00:41.0697 0612 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:00:41.0744 0612 bowser - ok
15:00:41.0790 0612 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:00:41.0822 0612 BrFiltLo - ok
15:00:41.0853 0612 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:00:41.0900 0612 BrFiltUp - ok
15:00:41.0946 0612 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:00:41.0993 0612 Browser - ok
15:00:42.0024 0612 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:00:42.0102 0612 Brserid - ok
15:00:42.0134 0612 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:00:42.0180 0612 BrSerWdm - ok
15:00:42.0196 0612 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:00:42.0258 0612 BrUsbMdm - ok
15:00:42.0258 0612 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:00:42.0336 0612 BrUsbSer - ok
15:00:42.0368 0612 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:00:42.0461 0612 BTHMODEM - ok
15:00:42.0508 0612 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:00:42.0570 0612 cdfs - ok
15:00:42.0617 0612 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:00:42.0648 0612 cdrom - ok
15:00:42.0711 0612 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:00:42.0773 0612 CertPropSvc - ok
15:00:42.0804 0612 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:00:42.0851 0612 circlass - ok
15:00:42.0976 0612 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
15:00:42.0992 0612 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
15:00:42.0992 0612 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
15:00:43.0038 0612 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:00:43.0054 0612 CLFS - ok
15:00:43.0101 0612 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:43.0116 0612 clr_optimization_v2.0.50727_32 - ok
15:00:43.0148 0612 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
15:00:43.0163 0612 CLSched ( UnsignedFile.Multi.Generic ) - warning
15:00:43.0163 0612 CLSched - detected UnsignedFile.Multi.Generic (1)
15:00:43.0210 0612 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:43.0257 0612 CmBatt - ok
15:00:43.0288 0612 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:00:43.0304 0612 cmdide - ok
15:00:43.0335 0612 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:00:43.0335 0612 Compbatt - ok
15:00:43.0350 0612 COMSysApp - ok
15:00:43.0366 0612 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:00:43.0366 0612 crcdisk - ok
15:00:43.0397 0612 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:00:43.0460 0612 Crusoe - ok
15:00:43.0491 0612 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:00:43.0522 0612 CryptSvc - ok
15:00:43.0600 0612 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:00:43.0662 0612 DcomLaunch - ok
15:00:43.0709 0612 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:00:43.0740 0612 DfsC - ok
15:00:43.0865 0612 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:00:44.0052 0612 DFSR - ok
15:00:44.0099 0612 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:00:44.0146 0612 Dhcp - ok
15:00:44.0193 0612 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:00:44.0193 0612 disk - ok
15:00:44.0240 0612 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:00:44.0286 0612 Dnscache - ok
15:00:44.0333 0612 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:00:44.0364 0612 dot3svc - ok
15:00:44.0411 0612 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:00:44.0474 0612 DPS - ok
15:00:44.0505 0612 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:00:44.0552 0612 drmkaud - ok
15:00:44.0614 0612 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:00:44.0661 0612 DXGKrnl - ok
15:00:44.0723 0612 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
15:00:44.0786 0612 E100B - ok
15:00:44.0879 0612 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:00:45.0020 0612 E1G60 - ok
15:00:45.0082 0612 [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr C:\Windows\system32\DRIVERS\eabfiltr.sys
15:00:45.0129 0612 eabfiltr - ok
15:00:45.0160 0612 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:00:45.0191 0612 EapHost - ok
15:00:45.0269 0612 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:00:45.0285 0612 Ecache - ok
15:00:45.0363 0612 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:00:45.0394 0612 ehRecvr - ok
15:00:45.0410 0612 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:00:45.0456 0612 ehSched - ok
15:00:45.0472 0612 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:00:45.0488 0612 ehstart - ok
15:00:45.0534 0612 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:00:45.0550 0612 elxstor - ok
15:00:45.0612 0612 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:00:45.0737 0612 EMDMgmt - ok
15:00:45.0815 0612 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:00:45.0862 0612 EventSystem - ok
15:00:45.0909 0612 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:00:45.0971 0612 exfat - ok
15:00:46.0002 0612 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:00:46.0034 0612 fastfat - ok
15:00:46.0080 0612 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:00:46.0143 0612 fdc - ok
15:00:46.0190 0612 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:00:46.0221 0612 fdPHost - ok
15:00:46.0252 0612 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:00:46.0299 0612 FDResPub - ok
15:00:46.0346 0612 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:00:46.0346 0612 FileInfo - ok
15:00:46.0377 0612 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:00:46.0424 0612 Filetrace - ok
15:00:46.0439 0612 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:46.0517 0612 flpydisk - ok
15:00:46.0564 0612 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:00:46.0580 0612 FltMgr - ok
15:00:46.0658 0612 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
15:00:46.0751 0612 FontCache - ok
15:00:46.0829 0612 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:00:46.0845 0612 FontCache3.0.0.0 - ok
15:00:46.0876 0612 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:00:46.0923 0612 Fs_Rec - ok
15:00:46.0954 0612 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:00:46.0970 0612 gagp30kx - ok
15:00:47.0016 0612 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:00:47.0094 0612 gpsvc - ok
15:00:47.0126 0612 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
15:00:47.0141 0612 HBtnKey - ok
15:00:47.0219 0612 [ A08F4808FB19A40792A6056848187AFE ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
15:00:47.0266 0612 HdAudAddService - ok
15:00:47.0313 0612 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:47.0406 0612 HDAudBus - ok
15:00:47.0453 0612 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:00:47.0516 0612 HidBth - ok
15:00:47.0547 0612 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:00:47.0609 0612 HidIr - ok
15:00:47.0625 0612 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:00:47.0656 0612 hidserv - ok
15:00:47.0687 0612 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:00:47.0703 0612 HidUsb - ok
15:00:47.0750 0612 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:00:47.0796 0612 hkmsvc - ok
15:00:47.0874 0612 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:00:47.0874 0612 HP Health Check Service - ok
15:00:47.0906 0612 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:00:47.0921 0612 HpCISSs - ok
15:00:47.0968 0612 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:00:47.0984 0612 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
15:00:47.0984 0612 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
15:00:48.0015 0612 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:00:48.0062 0612 HSFHWAZL - ok
15:00:48.0124 0612 [ 0D7A055A840C3099C37D576573A42CD5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:00:48.0202 0612 HSF_DPV - ok
15:00:48.0233 0612 [ BCC074692882C056B0E1AC97F3331A02 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:00:48.0296 0612 HSXHWAZL - ok
15:00:48.0342 0612 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:00:48.0436 0612 HTTP - ok
15:00:48.0452 0612 hwdatacard - ok
15:00:48.0498 0612 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:00:48.0514 0612 i2omp - ok
15:00:48.0576 0612 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:48.0592 0612 i8042prt - ok
15:00:48.0686 0612 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:00:48.0857 0612 ialm - ok
15:00:48.0904 0612 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:00:48.0920 0612 iaStorV - ok
15:00:48.0982 0612 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:00:48.0982 0612 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:00:48.0982 0612 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:00:49.0060 0612 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:00:49.0122 0612 idsvc - ok
15:00:49.0169 0612 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:00:49.0185 0612 iirsp - ok
15:00:49.0232 0612 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:00:49.0325 0612 IKEEXT - ok
15:00:49.0341 0612 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
15:00:49.0356 0612 intelide - ok
15:00:49.0372 0612 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:00:49.0450 0612 intelppm - ok
15:00:49.0497 0612 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:00:49.0544 0612 IPBusEnum - ok
15:00:49.0575 0612 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:49.0606 0612 IpFilterDriver - ok
15:00:49.0653 0612 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:00:49.0700 0612 iphlpsvc - ok
15:00:49.0715 0612 IpInIp - ok
15:00:49.0746 0612 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:00:49.0809 0612 IPMIDRV - ok
15:00:49.0840 0612 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:00:49.0902 0612 IPNAT - ok
15:00:49.0934 0612 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:00:49.0965 0612 IRENUM - ok
15:00:49.0996 0612 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:00:50.0012 0612 isapnp - ok
15:00:50.0090 0612 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:00:50.0105 0612 iScsiPrt - ok
15:00:50.0121 0612 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:00:50.0136 0612 iteatapi - ok
15:00:50.0168 0612 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:00:50.0183 0612 iteraid - ok
15:00:50.0246 0612 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:50.0261 0612 kbdclass - ok
15:00:50.0292 0612 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:50.0324 0612 kbdhid - ok
15:00:50.0355 0612 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:00:50.0386 0612 KeyIso - ok
15:00:50.0417 0612 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:00:50.0448 0612 KSecDD - ok
15:00:50.0511 0612 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:00:50.0604 0612 KtmRm - ok
15:00:50.0651 0612 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:00:50.0698 0612 LanmanServer - ok
15:00:50.0729 0612 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:50.0760 0612 LanmanWorkstation - ok
15:00:50.0823 0612 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:00:50.0838 0612 LightScribeService - ok
15:00:50.0948 0612 [ 63ED50A6ED61829C2DEF5B733D258A05 ] LiveUpdate C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
15:00:51.0104 0612 LiveUpdate - ok
15:00:51.0166 0612 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:00:51.0213 0612 lltdio - ok
15:00:51.0260 0612 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:00:51.0306 0612 lltdsvc - ok
15:00:51.0338 0612 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:00:51.0400 0612 lmhosts - ok
15:00:51.0447 0612 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:00:51.0462 0612 LSI_FC - ok
15:00:51.0478 0612 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:00:51.0478 0612 LSI_SAS - ok
15:00:51.0509 0612 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:00:51.0525 0612 LSI_SCSI - ok
15:00:51.0556 0612 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:00:51.0587 0612 luafv - ok
15:00:51.0634 0612 [ 082EA07B461D1D184A82FDCB8B38A753 ] massfilter C:\Windows\system32\drivers\massfilter.sys
15:00:51.0665 0612 massfilter - ok
15:00:51.0696 0612 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:00:51.0712 0612 Mcx2Svc - ok
15:00:51.0743 0612 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:00:51.0759 0612 mdmxsdk - ok
15:00:51.0790 0612 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:00:51.0806 0612 megasas - ok
15:00:51.0821 0612 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:00:51.0884 0612 MMCSS - ok
15:00:51.0915 0612 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:00:51.0962 0612 Modem - ok
15:00:51.0977 0612 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:00:52.0024 0612 monitor - ok
15:00:52.0071 0612 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:00:52.0071 0612 mouclass - ok
15:00:52.0086 0612 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
15:00:52.0149 0612 mouhid - ok
15:00:52.0180 0612 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:00:52.0196 0612 MountMgr - ok
15:00:52.0242 0612 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:00:52.0258 0612 MpFilter - ok
15:00:52.0289 0612 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:00:52.0305 0612 mpio - ok
15:00:52.0336 0612 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:00:52.0367 0612 mpsdrv - ok
15:00:52.0414 0612 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:00:52.0508 0612 MpsSvc - ok
15:00:52.0508 0612 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:00:52.0523 0612 Mraid35x - ok
15:00:52.0554 0612 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:00:52.0586 0612 MRxDAV - ok
15:00:52.0617 0612 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:52.0679 0612 mrxsmb - ok
15:00:52.0710 0612 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:52.0757 0612 mrxsmb10 - ok
15:00:52.0773 0612 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:52.0804 0612 mrxsmb20 - ok
15:00:52.0820 0612 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
15:00:52.0835 0612 msahci - ok
15:00:52.0851 0612 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:00:52.0866 0612 msdsm - ok
15:00:52.0913 0612 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:00:52.0944 0612 MSDTC - ok
15:00:52.0976 0612 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:00:53.0007 0612 Msfs - ok
15:00:53.0022 0612 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:00:53.0038 0612 msisadrv - ok
15:00:53.0085 0612 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:00:53.0116 0612 MSiSCSI - ok
15:00:53.0116 0612 msiserver - ok
15:00:53.0147 0612 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:00:53.0178 0612 MSKSSRV - ok
15:00:53.0241 0612 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:00:53.0256 0612 MsMpSvc - ok
15:00:53.0272 0612 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:53.0303 0612 MSPCLOCK - ok
15:00:53.0334 0612 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:00:53.0366 0612 MSPQM - ok
15:00:53.0397 0612 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:00:53.0412 0612 MsRPC - ok
15:00:53.0444 0612 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:53.0459 0612 mssmbios - ok
15:00:53.0490 0612 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:00:53.0537 0612 MSTEE - ok
15:00:53.0584 0612 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:00:53.0600 0612 Mup - ok
15:00:53.0631 0612 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:00:53.0693 0612 napagent - ok
15:00:53.0740 0612 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:00:53.0756 0612 NativeWifiP - ok
15:00:53.0802 0612 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:00:53.0834 0612 NDIS - ok
15:00:53.0865 0612 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:53.0896 0612 NdisTapi - ok
15:00:53.0943 0612 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:53.0990 0612 Ndisuio - ok
15:00:54.0036 0612 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:54.0068 0612 NdisWan - ok
15:00:54.0114 0612 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:00:54.0146 0612 NDProxy - ok
15:00:54.0177 0612 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:00:54.0224 0612 NetBIOS - ok
15:00:54.0255 0612 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:00:54.0302 0612 netbt - ok
15:00:54.0333 0612 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:00:54.0348 0612 Netlogon - ok
15:00:54.0380 0612 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:00:54.0426 0612 Netman - ok
15:00:54.0458 0612 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:00:54.0504 0612 netprofm - ok
15:00:54.0536 0612 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:54.0551 0612 NetTcpPortSharing - ok
15:00:54.0582 0612 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:00:54.0598 0612 nfrd960 - ok
15:00:54.0645 0612 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:00:54.0660 0612 NisDrv - ok
15:00:54.0723 0612 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:00:54.0738 0612 NisSrv - ok
15:00:54.0770 0612 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:00:54.0816 0612 NlaSvc - ok
15:00:54.0848 0612 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:00:54.0894 0612 Npfs - ok
15:00:54.0926 0612 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:00:54.0957 0612 nsi - ok
15:00:54.0988 0612 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:00:55.0019 0612 nsiproxy - ok
15:00:55.0082 0612 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:00:55.0144 0612 Ntfs - ok
15:00:55.0191 0612 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:00:55.0269 0612 ntrigdigi - ok
15:00:55.0300 0612 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:00:55.0347 0612 Null - ok
15:00:55.0409 0612 [ A1108084B0D2FC43DCC401735770E2A3 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:00:55.0487 0612 NVENETFD - ok
15:00:55.0784 0612 [ B36C3B866B0D47E2E2856EC8FD746E39 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:00:56.0236 0612 nvlddmkm - ok
15:00:56.0283 0612 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:00:56.0298 0612 nvraid - ok
15:00:56.0330 0612 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
15:00:56.0392 0612 nvsmu - ok
15:00:56.0408 0612 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:00:56.0408 0612 nvstor - ok
15:00:56.0454 0612 [ CF672C71844A3B407EB86042829BCE09 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:00:56.0470 0612 nvsvc - ok
15:00:56.0501 0612 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:00:56.0517 0612 nv_agp - ok
15:00:56.0548 0612 [ 0973C0C696780161F4526586D5EAC422 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
15:00:56.0595 0612 NWADI - ok
15:00:56.0595 0612 NwlnkFlt - ok
15:00:56.0610 0612 NwlnkFwd - ok
15:00:56.0657 0612 [ 1FDE5B2D61D97D803594DF4B3BC28C4B ] NWUSBCDFIL C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
15:00:56.0688 0612 NWUSBCDFIL - ok
15:00:56.0735 0612 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
15:00:56.0766 0612 NWUSBModem - ok
15:00:56.0798 0612 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
15:00:56.0813 0612 NWUSBPort - ok
15:00:56.0844 0612 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
15:00:56.0860 0612 NWUSBPort2 - ok
15:00:56.0954 0612 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:00:56.0985 0612 odserv - ok
15:00:57.0016 0612 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:00:57.0047 0612 ohci1394 - ok
15:00:57.0110 0612 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:00:57.0125 0612 ose - ok
15:00:57.0188 0612 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:00:57.0281 0612 p2pimsvc - ok
15:00:57.0328 0612 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:00:57.0359 0612 p2psvc - ok
15:00:57.0375 0612 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:00:57.0437 0612 Parport - ok
15:00:57.0484 0612 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:00:57.0500 0612 partmgr - ok
15:00:57.0500 0612 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:00:57.0578 0612 Parvdm - ok
15:00:57.0609 0612 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:00:57.0624 0612 PcaSvc - ok
15:00:57.0656 0612 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:00:57.0671 0612 pci - ok
15:00:57.0687 0612 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
15:00:57.0702 0612 pciide - ok
15:00:57.0734 0612 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:00:57.0749 0612 pcmcia - ok
15:00:57.0796 0612 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:00:57.0936 0612 PEAUTH - ok
15:00:58.0030 0612 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:00:58.0124 0612 pla - ok
15:00:58.0202 0612 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:00:58.0217 0612 PlugPlay - ok
15:00:58.0264 0612 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:00:58.0280 0612 PNRPAutoReg - ok
15:00:58.0342 0612 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:00:58.0373 0612 PNRPsvc - ok
15:00:58.0404 0612 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:00:58.0451 0612 PolicyAgent - ok
15:00:58.0514 0612 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:00:58.0560 0612 PptpMiniport - ok
15:00:58.0607 0612 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:00:58.0654 0612 Processor - ok
15:00:58.0685 0612 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:00:58.0716 0612 ProfSvc - ok
15:00:58.0732 0612 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:58.0748 0612 ProtectedStorage - ok
15:00:58.0779 0612 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:00:58.0826 0612 PSched - ok
15:00:58.0872 0612 [ 785E1032C8F3C8C60AA8E2B7FE377869 ] PTDMBus C:\Windows\system32\DRIVERS\PTDMBus.sys
15:00:58.0888 0612 PTDMBus - ok
15:00:58.0904 0612 [ 924C2B2DCA76D2BD7D44B3BB968B344F ] PTDMMdm C:\Windows\system32\DRIVERS\PTDMMdm.sys
15:00:58.0935 0612 PTDMMdm - ok
15:00:58.0950 0612 [ 58AD3CCDD567FA45FD94AF15229ACE7C ] PTDMVsp C:\Windows\system32\DRIVERS\PTDMVsp.sys
15:00:58.0966 0612 PTDMVsp - ok
15:00:59.0013 0612 [ 49F773DECBCD6A555C7A8694D37D232E ] PTDMWWAN C:\Windows\system32\DRIVERS\PTDMWWAN.sys
15:00:59.0028 0612 PTDMWWAN - ok
15:00:59.0075 0612 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:00:59.0091 0612 PxHelp20 - ok
15:00:59.0138 0612 [ 175494C00A40925CEB6F71514734E8F2 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:00:59.0169 0612 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:00:59.0169 0612 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:00:59.0200 0612 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:00:59.0231 0612 QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:00:59.0231 0612 QBFCService - detected UnsignedFile.Multi.Generic (1)
15:00:59.0294 0612 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:00:59.0356 0612 ql2300 - ok
15:00:59.0434 0612 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:00:59.0450 0612 ql40xx - ok
15:00:59.0481 0612 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:00:59.0528 0612 QWAVE - ok
15:00:59.0559 0612 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:00:59.0590 0612 QWAVEdrv - ok
15:00:59.0606 0612 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:00:59.0637 0612 RasAcd - ok
15:00:59.0668 0612 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:00:59.0730 0612 RasAuto - ok
15:00:59.0762 0612 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:59.0808 0612 Rasl2tp - ok
15:00:59.0855 0612 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:00:59.0902 0612 RasMan - ok
15:00:59.0949 0612 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:59.0964 0612 RasPppoe - ok
15:00:59.0996 0612 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:01:00.0011 0612 RasSstp - ok
15:01:00.0058 0612 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:01:00.0089 0612 rdbss - ok
15:01:00.0120 0612 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:00.0167 0612 RDPCDD - ok
15:01:00.0198 0612 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:01:00.0276 0612 rdpdr - ok
15:01:00.0292 0612 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:01:00.0339 0612 RDPENCDD - ok
15:01:00.0370 0612 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:01:00.0386 0612 RDPWD - ok
15:01:00.0448 0612 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:01:00.0479 0612 RemoteAccess - ok
15:01:00.0510 0612 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:01:00.0526 0612 RemoteRegistry - ok
15:01:00.0588 0612 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:01:00.0604 0612 rimmptsk - ok
15:01:00.0620 0612 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:01:00.0635 0612 rimsptsk - ok
15:01:00.0651 0612 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:01:00.0682 0612 rismxdp - ok
15:01:00.0791 0612 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:01:00.0916 0612 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
15:01:00.0916 0612 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
15:01:00.0947 0612 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:01:00.0963 0612 RpcLocator - ok
15:01:00.0994 0612 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:01:01.0041 0612 RpcSs - ok
15:01:01.0088 0612 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:01:01.0119 0612 rspndr - ok
15:01:01.0134 0612 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:01:01.0134 0612 SamSs - ok
15:01:01.0166 0612 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:01:01.0181 0612 sbp2port - ok
15:01:01.0212 0612 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:01:01.0244 0612 SCardSvr - ok
15:01:01.0290 0612 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:01:01.0322 0612 Schedule - ok
15:01:01.0384 0612 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:01:01.0400 0612 SCPolicySvc - ok
15:01:01.0446 0612 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:01:01.0462 0612 sdbus - ok
15:01:01.0509 0612 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:01:01.0540 0612 SDRSVC - ok
15:01:01.0556 0612 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:01:01.0634 0612 secdrv - ok
15:01:01.0665 0612 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:01:01.0696 0612 seclogon - ok
15:01:01.0743 0612 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:01:01.0758 0612 SENS - ok
15:01:01.0805 0612 [ B97E1D0E59A128394F24E9F31E227EF2 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
15:01:01.0836 0612 Ser2pl - ok
15:01:01.0868 0612 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:01:01.0930 0612 Serenum - ok
15:01:01.0961 0612 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:01:02.0008 0612 Serial - ok
15:01:02.0024 0612 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:01:02.0055 0612 sermouse - ok
15:01:02.0102 0612 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:01:02.0164 0612 SessionEnv - ok
15:01:02.0195 0612 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:01:02.0258 0612 sffdisk - ok
15:01:02.0289 0612 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:01:02.0351 0612 sffp_mmc - ok
15:01:02.0351 0612 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:01:02.0429 0612 sffp_sd - ok
15:01:02.0445 0612 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:01:02.0507 0612 sfloppy - ok
15:01:02.0538 0612 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:01:02.0601 0612 SharedAccess - ok
15:01:02.0648 0612 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:01:02.0694 0612 ShellHWDetection - ok
15:01:02.0710 0612 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:01:02.0726 0612 sisagp - ok
15:01:02.0757 0612 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:01:02.0772 0612 SiSRaid2 - ok
15:01:02.0788 0612 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:01:02.0804 0612 SiSRaid4 - ok
15:01:02.0944 0612 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:01:03.0209 0612 slsvc - ok
15:01:03.0256 0612 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:01:03.0287 0612 SLUINotify - ok
15:01:03.0334 0612 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:01:03.0350 0612 Smb - ok
15:01:03.0381 0612 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:01:03.0396 0612 SNMPTRAP - ok
15:01:03.0428 0612 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:01:03.0443 0612 spldr - ok
15:01:03.0474 0612 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:01:03.0506 0612 Spooler - ok
15:01:03.0552 0612 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:01:03.0615 0612 srv - ok
15:01:03.0662 0612 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:01:03.0693 0612 srv2 - ok
15:01:03.0708 0612 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:01:03.0724 0612 srvnet - ok
15:01:03.0771 0612 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
15:01:03.0818 0612 sscdbus - ok
15:01:03.0833 0612 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:01:03.0864 0612 sscdmdfl - ok
15:01:03.0896 0612 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
15:01:03.0911 0612 sscdmdm - ok
15:01:03.0927 0612 [ 9FA66E361A99F8920C7609BAE6814A0E ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
15:01:03.0942 0612 sscdserd - ok
15:01:03.0989 0612 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:01:04.0052 0612 SSDPSRV - ok
15:01:04.0098 0612 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:01:04.0114 0612 SstpSvc - ok
15:01:04.0161 0612 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:01:04.0239 0612 stisvc - ok
15:01:04.0301 0612 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:01:04.0317 0612 stllssvr - ok
15:01:04.0348 0612 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:01:04.0364 0612 swenum - ok
15:01:04.0395 0612 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:01:04.0426 0612 swprv - ok
15:01:04.0473 0612 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:01:04.0473 0612 Symc8xx - ok
15:01:04.0488 0612 [ FE9F8B3A8BC22D85332B42E92308DDF9 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
15:01:04.0504 0612 SYMDNS - ok
15:01:04.0535 0612 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
15:01:04.0551 0612 SymEvent - ok
15:01:04.0566 0612 [ A0EA9D273889E53CFAABF2444692CCBF ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
15:01:04.0582 0612 SYMFW - ok
15:01:04.0598 0612 SymIM - ok
15:01:04.0613 0612 SymIMMP - ok
15:01:04.0644 0612 [ C94EACA4B522012EE0691F1E79C42A7D ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
15:01:04.0644 0612 SYMNDISV - ok
15:01:04.0676 0612 [ 7C6505EA598E58099D3B7E1F70426864 ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
15:01:04.0691 0612 SYMREDRV - ok
15:01:04.0707 0612 [ E6FF7ACE71D07CA90119F2C6AB592BA4 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
15:01:04.0722 0612 SYMTDI - ok
15:01:04.0738 0612 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:01:04.0754 0612 Sym_hi - ok
15:01:04.0769 0612 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:01:04.0785 0612 Sym_u3 - ok
15:01:04.0832 0612 [ 8327106D1C93E9A7B98E63B9FCC24BB7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:01:04.0847 0612 SynTP - ok
15:01:04.0910 0612 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:01:04.0972 0612 SysMain - ok
15:01:05.0034 0612 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:01:05.0066 0612 TabletInputService - ok
15:01:05.0097 0612 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:01:05.0144 0612 TapiSrv - ok
15:01:05.0175 0612 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:01:05.0222 0612 TBS - ok
15:01:05.0284 0612 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:01:05.0346 0612 Tcpip - ok
15:01:05.0393 0612 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:01:05.0424 0612 Tcpip6 - ok
15:01:05.0487 0612 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:01:05.0518 0612 tcpipreg - ok
15:01:05.0549 0612 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:01:05.0580 0612 TDPIPE - ok
15:01:05.0612 0612 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:01:05.0627 0612 TDTCP - ok
15:01:05.0658 0612 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:01:05.0690 0612 tdx - ok
15:01:05.0721 0612 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:01:05.0736 0612 TermDD - ok
15:01:05.0783 0612 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:01:05.0830 0612 TermService - ok
15:01:05.0861 0612 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:01:05.0877 0612 Themes - ok
15:01:05.0892 0612 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:01:05.0924 0612 THREADORDER - ok
15:01:05.0955 0612 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:01:05.0986 0612 TrkWks - ok
15:01:06.0033 0612 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:01:06.0064 0612 TrustedInstaller - ok
15:01:06.0095 0612 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:06.0126 0612 tssecsrv - ok
15:01:06.0173 0612 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:01:06.0204 0612 tunmp - ok
15:01:06.0236 0612 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:01:06.0251 0612 tunnel - ok
15:01:06.0282 0612 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:01:06.0298 0612 uagp35 - ok
15:01:06.0329 0612 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:01:06.0360 0612 udfs - ok
15:01:06.0392 0612 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:01:06.0454 0612 UI0Detect - ok
15:01:06.0485 0612 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:01:06.0501 0612 uliagpkx - ok
15:01:06.0516 0612 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:01:06.0548 0612 uliahci - ok
15:01:06.0563 0612 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:01:06.0579 0612 UlSata - ok
15:01:06.0594 0612 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:01:06.0610 0612 ulsata2 - ok
15:01:06.0641 0612 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:01:06.0688 0612 umbus - ok
15:01:06.0719 0612 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:01:06.0766 0612 upnphost - ok
15:01:06.0813 0612 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:06.0844 0612 usbccgp - ok
15:01:06.0891 0612 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:01:06.0938 0612 usbcir - ok
15:01:06.0969 0612 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:01:06.0984 0612 usbehci - ok
15:01:07.0031 0612 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:01:07.0078 0612 usbhub - ok
15:01:07.0109 0612 [ 739EA372279B0434BA26B624CE010D70 ] usbkey C:\Windows\system32\DRIVERS\USBKey.sys
15:01:07.0125 0612 usbkey - ok
15:01:07.0140 0612 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:01:07.0156 0612 usbohci - ok
15:01:07.0187 0612 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:01:07.0234 0612 usbprint - ok
15:01:07.0265 0612 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:07.0296 0612 USBSTOR - ok
15:01:07.0312 0612 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:01:07.0374 0612 usbuhci - ok
15:01:07.0406 0612 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:01:07.0437 0612 usbvideo - ok
15:01:07.0452 0612 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:01:07.0484 0612 UxSms - ok
15:01:07.0530 0612 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:01:07.0577 0612 vds - ok
15:01:07.0640 0612 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:07.0702 0612 vga - ok
15:01:07.0749 0612 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:01:07.0796 0612 VgaSave - ok
15:01:07.0811 0612 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:01:07.0827 0612 viaagp - ok
15:01:07.0842 0612 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:01:07.0889 0612 ViaC7 - ok
15:01:07.0905 0612 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
15:01:07.0920 0612 viaide - ok
15:01:07.0952 0612 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:01:07.0967 0612 volmgr - ok
15:01:08.0014 0612 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:01:08.0030 0612 volmgrx - ok
15:01:08.0061 0612 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:01:08.0076 0612 volsnap - ok
15:01:08.0139 0612 [ 4B7F8CABBF7261796F12780E911D5F34 ] Vongo Service C:\Program Files\Vongo\VongoService.exe
15:01:08.0154 0612 Vongo Service ( UnsignedFile.Multi.Generic ) - warning
15:01:08.0154 0612 Vongo Service - detected UnsignedFile.Multi.Generic (1)
15:01:08.0170 0612 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:01:08.0186 0612 vsmraid - ok
15:01:08.0232 0612 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:01:08.0310 0612 VSS - ok
15:01:08.0404 0612 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:01:08.0435 0612 W32Time - ok
15:01:08.0466 0612 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:01:08.0544 0612 WacomPen - ok
15:01:08.0872 0612 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:01:08.0919 0612 Wanarp - ok
15:01:08.0934 0612 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:01:08.0950 0612 Wanarpv6 - ok
15:01:08.0997 0612 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:01:09.0044 0612 wcncsvc - ok
15:01:09.0075 0612 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:09.0090 0612 WcsPlugInService - ok
15:01:09.0137 0612 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:01:09.0153 0612 Wd - ok
15:01:09.0200 0612 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:01:09.0246 0612 Wdf01000 - ok
15:01:09.0293 0612 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:01:09.0324 0612 WdiServiceHost - ok
15:01:09.0356 0612 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:01:09.0387 0612 WdiSystemHost - ok
15:01:09.0465 0612 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:01:09.0543 0612 WebClient - ok
15:01:09.0590 0612 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:01:09.0636 0612 Wecsvc - ok
15:01:09.0683 0612 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:01:09.0730 0612 wercplsupport - ok
15:01:09.0808 0612 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:01:09.0824 0612 WerSvc - ok
15:01:09.0886 0612 [ 3B4522D0E750BAC8FE7AE61622A57014 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:01:09.0980 0612 winachsf - ok
15:01:10.0026 0612 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:01:10.0058 0612 WinDefend - ok
15:01:10.0058 0612 WinHttpAutoProxySvc - ok
15:01:10.0167 0612 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:01:10.0229 0612 Winmgmt - ok
15:01:10.0307 0612 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:01:10.0401 0612 WinRM - ok
15:01:10.0448 0612 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:01:10.0557 0612 Wlansvc - ok
15:01:10.0604 0612 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:01:10.0635 0612 WmiAcpi - ok
15:01:10.0666 0612 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:01:10.0697 0612 wmiApSrv - ok
15:01:10.0760 0612 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:01:10.0869 0612 WMPNetworkSvc - ok
15:01:10.0916 0612 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:01:10.0947 0612 WPCSvc - ok
15:01:10.0994 0612 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:01:11.0025 0612 WPDBusEnum - ok
15:01:11.0056 0612 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:01:11.0072 0612 WpdUsb - ok
15:01:11.0134 0612 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:01:11.0165 0612 ws2ifsl - ok
15:01:11.0212 0612 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:01:11.0243 0612 wscsvc - ok
15:01:11.0259 0612 WSearch - ok
15:01:11.0337 0612 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:01:11.0462 0612 wuauserv - ok
15:01:11.0524 0612 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:11.0555 0612 WUDFRd - ok
15:01:11.0602 0612 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:01:11.0633 0612 wudfsvc - ok
15:01:11.0633 0612 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:01:11.0649 0612 XAudio - ok
15:01:11.0680 0612 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:01:11.0711 0612 XAudioService - ok
15:01:11.0742 0612 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys
15:01:11.0789 0612 ZTEusbgps - ok
15:01:11.0820 0612 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:01:11.0836 0612 ZTEusbmdm6k - ok
15:01:11.0898 0612 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:01:11.0914 0612 ZTEusbnmea - ok
15:01:11.0930 0612 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
15:01:11.0945 0612 ZTEusbnmeaext - ok
15:01:11.0961 0612 [ D1D32A7FB32603F922F233F86A019C9F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:01:11.0976 0612 ZTEusbser6k - ok
15:01:11.0992 0612 ================ Scan global ===============================
15:01:12.0039 0612 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:01:12.0070 0612 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:01:12.0101 0612 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:01:12.0148 0612 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:01:12.0148 0612 [Global] - ok
15:01:12.0148 0612 ================ Scan MBR ==================================
15:01:12.0164 0612 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
15:01:12.0647 0612 \Device\Harddisk0\DR0 - ok
15:01:12.0647 0612 ================ Scan VBR ==================================
15:01:12.0663 0612 [ BCDF09F82849C28D2ACCB5448232B7F3 ] \Device\Harddisk0\DR0\Partition1
15:01:12.0663 0612 \Device\Harddisk0\DR0\Partition1 - ok
15:01:12.0663 0612 [ 9F13E1F5862FA79FDD3A427B9E01F318 ] \Device\Harddisk0\DR0\Partition2
15:01:12.0663 0612 \Device\Harddisk0\DR0\Partition2 - ok
15:01:12.0663 0612 ============================================================
15:01:12.0663 0612 Scan finished
15:01:12.0663 0612 ============================================================
15:01:12.0678 1684 Detected object count: 8
15:01:12.0678 1684 Actual detected object count: 8
15:03:10.0022 1684 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0022 1684 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0022 1684 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0022 1684 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0037 1684 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0037 1684 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0037 1684 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0037 1684 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0037 1684 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0037 1684 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0037 1684 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0037 1684 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0037 1684 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0037 1684 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:10.0053 1684 Vongo Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:10.0053 1684 Vongo Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:12.0518 0236 Deinitialize success

EDIT:
MBAM:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Veselenak :: VESELENAK-PC [administrator]

11/14/2012 8:40:00 AM
mbam-log-2012-11-14 (08-40-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 392496
Time elapsed: 1 hour(s), 13 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by gigman, 14 November 2012 - 09:41 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP