Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I don't know what I have, it's malware please read! [Solve

Started by Bigbug12 , Nov 20 2012 06:44 PM

  • This topic is locked This topic is locked

#1
Bigbug12
Posted 20 November 2012 - 06:44 PM

Bigbug12

    Member

  • Member
  • PipPip
  • 34 posts
Both of my Laptops are Hijacked. Will not let me do a clean install in windows no mater what I do. Not able to change boot order, HDD has a + next to it can't change. Just ran OTL will attach. It's on the Computer both nothing seem to see it! Also I'm not able to find my post! Thanks Walt

Attached Files

  • Attached File  OTL.Txt   71.87KB   139 downloads

  • 0

Advertisements

#2
Bigbug12
Posted 22 November 2012 - 09:25 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Please let me know if my posts are being posted?? and where to find it?
Ive posted before and I can't find my post!! I think that malware is not sending it. I tried run these programs and they eater don't find the Malware or it will not let the programs run!! adwcleaner found this IDP.Trojan.97AC54E5 and tried removing it.
and did not.
It has imbeded it self in Windows Changed boot order +HDD has a + next to it and I'm not able to change it or do a Fresh install. Just ran a OTL log attached.

OTL logfile created on: 11/22/2012 6:51:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Walt\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.22% Memory free
6.13 Gb Paging File | 4.54 Gb Available in Paging File | 74.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 161.13 Gb Total Space | 58.54 Gb Free Space | 36.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.83 Gb Free Space | 98.25% Space Free | Partition Type: NTFS
Drive E: | 126.80 Gb Total Space | 24.82 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive I: | 1.94 Gb Total Space | 1.53 Gb Free Space | 79.09% Space Free | Partition Type: FAT32

Computer Name: WALT-PC | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 08:56:20 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2012/11/20 15:52:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walt\Downloads\OTL.exe
PRC - [2012/11/19 18:11:46 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/24 09:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/07/01 15:53:00 | 008,400,184 | ---- | M] (CJSC Returnil Software) -- C:\Program Files\Returnil\RSS\rvsgui.exe
PRC - [2011/07/01 15:52:58 | 001,801,504 | ---- | M] (CJSC Returnil Software) -- C:\Program Files\Returnil\RSS\rvsmon.exe
PRC - [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/19 18:11:45 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/24 09:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - [2012/11/19 18:11:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/01 15:52:58 | 001,801,504 | ---- | M] (CJSC Returnil Software) [Auto | Running] -- C:\Program Files\Returnil\RSS\rvsmon.exe -- (RVSMONBL)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/07/01 15:41:20 | 000,058,808 | ---- | M] (CJSC Returnil Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rvsystem.sys -- (rvsystem)
DRV - [2011/06/24 13:50:34 | 000,020,648 | ---- | M] (CJSC Returnil Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rvsmonn2.sys -- (rvsmonn)
DRV - [2011/06/24 13:50:32 | 001,091,992 | ---- | M] (CJSC Returnil Software) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\rvseng.sys -- (rvseng)
DRV - [2011/06/24 13:50:30 | 000,043,712 | ---- | M] (CJSC Returnil Software) [File_System | System | Running] -- C:\Windows\System32\drivers\rvsmonf.sys -- (rvsmonf)
DRV - [2011/06/24 13:50:28 | 000,276,104 | ---- | M] (CJSC Returnil Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\rvsmon.sys -- (rvsmon)
DRV - [2008/05/21 04:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 18:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/17 18:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walt\AppData\Roaming\Mozilla\Extensions
[2012/11/17 18:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBCBF211-222D-4619-A62C-4048F21C8DCD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/06 09:58:23 | 000,000,095 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 16:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/21 10:33:43 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Template
[2012/11/21 09:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/21 09:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/11/21 09:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/11/21 09:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series User Registration
[2012/11/21 08:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/11/21 08:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series Manual
[2012/11/21 08:55:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/11/21 08:53:40 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012/11/21 08:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series
[2012/11/21 08:51:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/11/21 08:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/11/21 07:10:25 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Returnil
[2012/11/21 07:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Returnil
[2012/11/21 07:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Returnil
[2012/11/21 07:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Returnil
[2012/11/20 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\AVG2013
[2012/11/20 09:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/20 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\TuneUp Software
[2012/11/20 09:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/11/20 09:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/11/20 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\Rental
[2012/11/20 09:18:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/20 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\MFAData
[2012/11/20 09:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/11/20 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Avg2013
[2012/11/20 09:06:39 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\New Folder
[2012/11/19 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Macromedia
[2012/11/19 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Macromedia
[2012/11/19 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Adobe
[2012/11/19 18:11:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/11/19 18:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/18 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\GooredFix Backups
[2012/11/18 08:45:46 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Skype
[2012/11/18 08:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/18 08:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/18 08:45:33 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/18 08:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/17 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Mozilla
[2012/11/17 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Mozilla
[2012/11/17 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/17 18:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/17 18:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/17 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\MozillaFirefoxPackages
[2012/11/17 07:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/11/17 07:00:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2012/11/17 07:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/11/17 06:59:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/11/17 06:57:58 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/17 06:57:58 | 000,000,000 | R--D | C] -- C:\Users\Walt\Searches
[2012/11/17 06:57:58 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/17 06:57:44 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Identities
[2012/11/17 06:57:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\Contacts
[2012/11/17 06:57:41 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\VirtualStore
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Temporary Internet Files
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Templates
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Start Menu
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\SendTo
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Recent
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\PrintHood
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\NetHood
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Videos
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Pictures
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Music
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\My Documents
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Local Settings
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\History
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Cookies
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Application Data
[2012/11/17 06:57:30 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Application Data
[2012/11/17 06:57:29 | 000,000,000 | --SD | C] -- C:\Users\Walt\AppData\Roaming\Microsoft
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Videos
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Saved Games
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Pictures
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Music
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Links
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Favorites
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Downloads
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Documents
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\Desktop
[2012/11/17 06:57:29 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/17 06:57:29 | 000,000,000 | -H-D | C] -- C:\Users\Walt\AppData
[2012/11/17 06:57:29 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Temp
[2012/11/17 06:57:29 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Microsoft
[2012/11/17 06:57:29 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Media Center Programs
[2012/11/17 06:54:12 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/11/17 06:45:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/17 06:34:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/17 06:32:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/17 06:32:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/11/17 06:10:50 | 000,000,000 | ---D | C] -- C:\Windows.old.002
[2012/11/09 08:06:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/11/09 06:04:11 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012/11/08 22:30:02 | 000,000,000 | ---D | C] -- C:\Intel
[2012/11/08 20:37:22 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/11/08 12:03:46 | 000,000,000 | ---D | C] -- C:\From Studio 11-8-12
[2012/11/08 11:50:49 | 000,000,000 | R--D | C] -- C:\Music
[2012/11/08 11:47:42 | 000,000,000 | ---D | C] -- C:\Dell
[2012/11/08 11:12:10 | 000,000,000 | ---D | C] -- C:\Welding Welding City
[2012/11/08 11:11:44 | 000,000,000 | ---D | C] -- C:\MyPhotos
[2012/11/08 11:11:32 | 000,000,000 | ---D | C] -- C:\LINA
[2012/11/08 11:08:40 | 000,000,000 | ---D | C] -- C:\Desk TopPrograms
[2012/11/08 10:02:11 | 000,000,000 | ---D | C] -- C:\Wolfgang Amadeus Mozart
[2012/11/08 10:01:22 | 000,000,000 | ---D | C] -- C:\Various Artists
[2012/11/08 10:01:22 | 000,000,000 | ---D | C] -- C:\Unknown Artist
[2012/11/08 10:01:16 | 000,000,000 | ---D | C] -- C:\Unknown
[2012/11/08 10:00:54 | 000,000,000 | ---D | C] -- C:\New Folder
[2012/11/08 10:00:48 | 000,000,000 | ---D | C] -- C:\Luciano Pavarotti
[2012/11/08 10:00:42 | 000,000,000 | ---D | C] -- C:\JOSEPH HAYDN
[2012/11/08 10:00:42 | 000,000,000 | ---D | C] -- C:\iTunes
[2012/11/08 10:00:35 | 000,000,000 | ---D | C] -- C:\Herbert von Karajan
[2012/11/08 10:00:28 | 000,000,000 | ---D | C] -- C:\Bob & Tom
[2012/11/08 10:00:28 | 000,000,000 | ---D | C] -- C:\ADMusic
[2012/11/08 09:59:23 | 002,207,983 | ---- | C] (Adrosoft ) -- C:\DualAudioRecorder15(1).exe
[2012/11/08 09:59:22 | 002,543,819 | ---- | C] (Advanced Sound Recorder ) -- C:\asrsetup.exe
[2012/11/08 09:59:19 | 019,368,984 | ---- | C] (IObit ) -- C:\asc-setup.exe
[2012/11/08 09:59:18 | 019,369,080 | ---- | C] (IObit ) -- C:\asc6-setup-final.exe
[2012/11/08 09:59:17 | 012,603,960 | ---- | C] (Eastman Kodak Company) -- C:\aio_install.exe
[2012/11/08 09:59:16 | 007,070,005 | ---- | C] (AIMP DevTeam) -- C:\aimp_3.10.1074.exe
[2012/11/08 09:59:15 | 001,865,577 | ---- | C] (Adrosoft ) -- C:\ADStreamRecorder435.exe
[2012/11/08 09:59:15 | 001,865,577 | ---- | C] (Adrosoft ) -- C:\ADStreamRecorder435(1).exe
[2012/11/08 09:59:14 | 002,056,938 | ---- | C] (Adrosoft ) -- C:\ADSoundRecorder544.exe
[2012/11/08 09:59:10 | 002,378,424 | ---- | C] (The Weather Channel Interactive) -- C:\weathersp3_StubInstaller.exe
[2012/11/08 09:58:58 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2012/11/08 09:58:58 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetup(1).exe
[2012/11/08 09:58:57 | 002,146,968 | ---- | C] (AirInstaller Inc.) -- C:\setup.exe
[2012/11/08 09:58:43 | 033,739,272 | ---- | C] (n-Track Software) -- C:\nTrackSetup(1).exe
[2012/11/08 09:58:38 | 033,739,272 | ---- | C] (n-Track Software) -- C:\nTrackSetup.exe
[2012/11/08 09:58:29 | 009,831,514 | ---- | C] (E-Soft) -- C:\InternetMusicCapture6254Setup.exe
[2012/11/08 09:58:18 | 002,207,983 | ---- | C] (Adrosoft ) -- C:\DualAudioRecorder15.exe
[2012/11/08 09:56:50 | 000,000,000 | ---D | C] -- C:\Wondershare
[2012/11/08 09:56:47 | 000,000,000 | ---D | C] -- C:\Windows Media Player
[2012/11/08 09:56:40 | 000,000,000 | ---D | C] -- C:\WinCapture Pro 2009
[2012/11/08 09:56:40 | 000,000,000 | ---D | C] -- C:\Turbosnap
[2012/11/08 09:56:38 | 000,000,000 | R--D | C] -- C:\Skype
[2012/11/08 09:55:28 | 000,000,000 | ---D | C] -- C:\ScanSoft
[2012/11/08 09:55:27 | 000,000,000 | ---D | C] -- C:\registration_files
[2012/11/08 09:55:27 | 000,000,000 | ---D | C] -- C:\registration Ymail_files
[2012/11/08 09:54:51 | 000,000,000 | ---D | C] -- C:\Real
[2012/11/08 09:54:50 | 000,000,000 | ---D | C] -- C:\PS5 Extended
[2012/11/08 09:54:44 | 000,000,000 | ---D | C] -- C:\Printer Dock
[2012/11/08 09:53:21 | 000,000,000 | ---D | C] -- C:\Photoshop
[2012/11/08 09:53:02 | 000,000,000 | ---D | C] -- C:\Paragon.Drive.Backup.Professional.v9.0.Incl.Keymaker-CORE
[2012/11/08 09:53:02 | 000,000,000 | ---D | C] -- C:\Nuance
[2012/11/08 09:52:15 | 000,000,000 | ---D | C] -- C:\Norton Ghost
[2012/11/08 09:52:14 | 000,000,000 | ---D | C] -- C:\My Widgets
[2012/11/08 09:52:12 | 000,000,000 | ---D | C] -- C:\My n-Track Recordings
[2012/11/08 09:51:51 | 000,000,000 | ---D | C] -- C:\Movie Maker
[2012/11/08 09:51:50 | 000,000,000 | ---D | C] -- C:\Microsoft Visual Studio
[2012/11/08 09:51:00 | 000,000,000 | ---D | C] -- C:\Microsoft Office
[2012/11/08 09:50:57 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/11/08 09:50:15 | 000,000,000 | ---D | C] -- C:\Magic Burning Studio
[2012/11/08 09:49:05 | 000,000,000 | ---D | C] -- C:\Kodak EasyShare software
[2012/11/08 09:48:35 | 000,000,000 | ---D | C] -- C:\Kodak
[2012/11/08 09:48:34 | 000,000,000 | ---D | C] -- C:\Joboshare_DVD_Copy_v2.7.1.1218
[2012/11/08 09:48:33 | 000,000,000 | ---D | C] -- C:\iPod
[2012/11/08 09:48:25 | 000,000,000 | ---D | C] -- C:\Holl figurince
[2012/11/08 09:47:47 | 000,000,000 | ---D | C] -- C:\For Sale Items
[2012/11/08 09:47:47 | 000,000,000 | ---D | C] -- C:\FOOD recepies
[2012/11/08 09:47:46 | 000,000,000 | ---D | C] -- C:\BlazeVideo
[2012/11/08 09:47:38 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/11/08 09:47:38 | 000,000,000 | ---D | C] -- C:\AD Audio Recorder

========== Files - Modified Within 30 Days ==========

[2012/11/22 06:52:41 | 000,594,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/22 06:52:41 | 000,100,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/22 06:49:15 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 06:49:15 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 06:12:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/22 05:45:31 | 000,000,680 | ---- | M] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/22 05:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 11:30:14 | 000,271,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/21 10:33:25 | 000,000,000 | ---- | M] () -- C:\Users\Walt\AppData\Roaming\wklnhst.dat
[2012/11/21 09:18:14 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/21 09:00:43 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/21 09:00:26 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/21 08:56:34 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/21 08:55:59 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/21 07:09:53 | 000,001,924 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RSS.lnk
[2012/11/20 09:28:43 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/18 08:45:34 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/17 18:34:15 | 000,000,870 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/17 18:34:15 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 07:20:38 | 000,000,943 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/17 06:49:07 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/17 06:48:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/09 06:06:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/11/09 06:06:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/11/04 09:42:17 | 000,959,633 | ---- | M] () -- C:\record027.mp3
[2012/11/03 21:16:33 | 044,799,303 | ---- | M] () -- C:\Super.80_SOFT-BEST.NET_.part3.rar
[2012/11/03 17:47:25 | 071,680,000 | ---- | M] () -- C:\Super.80_SOFT-BEST.NET_.part2.rar
[2012/11/03 17:01:10 | 033,739,272 | ---- | M] (n-Track Software) -- C:\nTrackSetup(1).exe
[2012/11/03 17:00:19 | 033,739,272 | ---- | M] (n-Track Software) -- C:\nTrackSetup.exe
[2012/11/03 16:56:42 | 002,543,819 | ---- | M] (Advanced Sound Recorder ) -- C:\asrsetup.exe
[2012/11/03 16:43:09 | 010,440,467 | ---- | M] () -- C:\x-sound-recorder.exe
[2012/11/03 16:36:57 | 001,865,577 | ---- | M] (Adrosoft ) -- C:\ADStreamRecorder435(1).exe
[2012/11/03 16:36:26 | 002,207,983 | ---- | M] (Adrosoft ) -- C:\DualAudioRecorder15(1).exe
[2012/11/03 16:23:30 | 007,070,005 | ---- | M] (AIMP DevTeam) -- C:\aimp_3.10.1074.exe
[2012/11/03 14:12:47 | 001,865,577 | ---- | M] (Adrosoft ) -- C:\ADStreamRecorder435.exe
[2012/11/03 14:12:26 | 002,056,938 | ---- | M] (Adrosoft ) -- C:\ADSoundRecorder544.exe
[2012/11/03 14:12:02 | 002,207,983 | ---- | M] (Adrosoft ) -- C:\DualAudioRecorder15.exe
[2012/11/03 14:05:35 | 006,535,512 | ---- | M] () -- C:\SuperMp3Download-4.8.6.6.Setup.exe
[2012/11/03 14:01:45 | 009,831,514 | ---- | M] (E-Soft) -- C:\InternetMusicCapture6254Setup.exe
[2012/11/03 08:04:28 | 000,204,844 | ---- | M] () -- C:\record026.mp3
[2012/11/03 08:03:15 | 000,309,290 | ---- | M] () -- C:\record025.mp3
[2012/11/03 08:02:38 | 000,150,510 | ---- | M] () -- C:\record024.mp3
[2012/11/03 08:02:25 | 000,173,498 | ---- | M] () -- C:\record023.mp3
[2012/11/03 08:01:30 | 000,255,000 | ---- | M] () -- C:\record022.mp3
[2012/10/31 17:44:19 | 003,648,784 | ---- | M] () -- C:\record021.mp3
[2012/10/31 14:45:40 | 000,509,910 | ---- | M] () -- C:\record020.mp3
[2012/10/31 14:37:23 | 000,114,939 | ---- | M] () -- C:\record019.mp3
[2012/10/31 14:37:15 | 005,592,294 | ---- | M] () -- C:\record018.mp3
[2012/10/31 14:29:58 | 000,240,371 | ---- | M] () -- C:\record015.mp3
[2012/10/31 14:26:56 | 004,739,657 | ---- | M] () -- C:\record017.mp3
[2012/10/31 14:22:24 | 003,878,661 | ---- | M] () -- C:\record016.mp3
[2012/10/31 14:11:00 | 008,434,417 | ---- | M] () -- C:\record014.mp3
[2012/10/31 14:02:15 | 006,421,943 | ---- | M] () -- C:\record013.mp3
[2012/10/31 13:56:18 | 004,697,861 | ---- | M] () -- C:\record012.mp3
[2012/10/31 13:50:52 | 005,406,302 | ---- | M] () -- C:\record011.mp3
[2012/10/31 13:34:23 | 005,947,559 | ---- | M] () -- C:\record010.mp3
[2012/10/31 13:28:20 | 004,430,367 | ---- | M] () -- C:\record009.mp3
[2012/10/31 13:24:25 | 004,919,380 | ---- | M] () -- C:\record008.mp3
[2012/10/31 13:19:45 | 010,513,763 | ---- | M] () -- C:\record007.mp3
[2012/10/31 13:10:30 | 000,219,428 | ---- | M] () -- C:\record006.mp3
[2012/10/31 13:09:19 | 000,202,711 | ---- | M] () -- C:\record005.mp3
[2012/10/31 13:07:28 | 004,777,273 | ---- | M] () -- C:\record004.mp3
[2012/10/31 12:43:44 | 003,019,755 | ---- | M] () -- C:\record003.mp3
[2012/10/31 12:38:59 | 003,103,347 | ---- | M] () -- C:\record002.mp3
[2012/10/31 12:29:19 | 004,670,694 | ---- | M] () -- C:\record001.mp3
[2012/10/30 08:10:34 | 130,612,797 | ---- | M] () -- C:\heli-x-windows.zip
[2012/10/30 03:41:18 | 006,190,628 | ---- | M] () -- C:\fmsdisk01.exe
[2012/10/29 17:19:28 | 002,146,968 | ---- | M] (AirInstaller Inc.) -- C:\setup.exe
[2012/10/24 11:48:20 | 000,046,707 | ---- | M] () -- C:\registration.htm
[2012/10/24 11:47:49 | 000,046,771 | ---- | M] () -- C:\registration Ymail.htm
[2012/10/23 17:15:38 | 000,946,352 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup(1).exe
[2012/10/23 16:33:05 | 000,946,352 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2012/10/23 07:50:40 | 019,368,984 | ---- | M] (IObit ) -- C:\asc-setup.exe

========== Files Created - No Company Name ==========

[2012/11/21 10:33:25 | 000,000,000 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\wklnhst.dat
[2012/11/21 09:59:35 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/11/21 09:50:52 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/11/21 09:18:14 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/21 09:00:43 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/21 09:00:26 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/21 08:56:34 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/21 08:55:59 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/21 07:09:53 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RSS.lnk
[2012/11/20 09:28:43 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/20 07:28:37 | 001,634,417 | ---- | C] () -- C:\Users\Walt\Desktop\DSCF4590.JPG
[2012/11/20 07:28:29 | 001,542,616 | ---- | C] () -- C:\Users\Walt\Desktop\DSCF4596.JPG
[2012/11/20 07:28:28 | 001,518,256 | ---- | C] () -- C:\Users\Walt\Desktop\DSCF4597.JPG
[2012/11/19 18:11:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 08:45:34 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/17 18:34:15 | 000,000,870 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/17 18:34:15 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/17 18:34:15 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 07:20:38 | 000,000,943 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/17 06:57:59 | 000,000,949 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/17 06:57:57 | 000,000,944 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/17 06:57:42 | 000,000,915 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/11/17 06:57:36 | 000,000,680 | ---- | C] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/17 06:57:29 | 000,000,258 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/17 06:57:29 | 000,000,240 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/17 06:48:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/17 06:32:17 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version
[2012/11/09 06:06:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/11/09 06:06:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/11/08 11:12:13 | 000,000,665 | ---- | C] () -- C:\Sample Pictures.lnk
[2012/11/08 11:12:12 | 001,561,148 | ---- | C] () -- C:\DSCF4230.JPG
[2012/11/08 11:12:12 | 001,550,040 | ---- | C] () -- C:\DSCF4231.JPG
[2012/11/08 11:12:11 | 001,586,967 | ---- | C] () -- C:\DSCF4229.JPG
[2012/11/08 11:12:11 | 001,582,004 | ---- | C] () -- C:\DSCF4228.JPG
[2012/11/08 11:12:11 | 001,579,915 | ---- | C] () -- C:\DSCF4225.JPG
[2012/11/08 11:12:11 | 001,551,018 | ---- | C] () -- C:\DSCF4224.JPG
[2012/11/08 11:12:11 | 001,527,543 | ---- | C] () -- C:\DSCF4227.JPG
[2012/11/08 11:12:11 | 001,523,860 | ---- | C] () -- C:\DSCF4226.JPG
[2012/11/08 10:02:22 | 008,434,417 | ---- | C] () -- C:\record014.mp3
[2012/11/08 10:02:22 | 006,421,943 | ---- | C] () -- C:\record013.mp3
[2012/11/08 10:02:21 | 004,697,861 | ---- | C] () -- C:\record012.mp3
[2012/11/08 10:02:20 | 005,947,559 | ---- | C] () -- C:\record010.mp3
[2012/11/08 10:02:20 | 005,406,302 | ---- | C] () -- C:\record011.mp3
[2012/11/08 10:02:19 | 004,919,380 | ---- | C] () -- C:\record008.mp3
[2012/11/08 10:02:19 | 004,430,367 | ---- | C] () -- C:\record009.mp3
[2012/11/08 10:02:18 | 010,513,763 | ---- | C] () -- C:\record007.mp3
[2012/11/08 10:02:18 | 004,777,273 | ---- | C] () -- C:\record004.mp3
[2012/11/08 10:02:18 | 000,219,428 | ---- | C] () -- C:\record006.mp3
[2012/11/08 10:02:18 | 000,202,711 | ---- | C] () -- C:\record005.mp3
[2012/11/08 10:02:17 | 003,103,347 | ---- | C] () -- C:\record002.mp3
[2012/11/08 10:02:17 | 003,019,755 | ---- | C] () -- C:\record003.mp3
[2012/11/08 10:02:16 | 004,670,694 | ---- | C] () -- C:\record001.mp3
[2012/11/08 10:00:28 | 000,959,633 | ---- | C] () -- C:\record027.mp3
[2012/11/08 10:00:28 | 000,309,290 | ---- | C] () -- C:\record025.mp3
[2012/11/08 10:00:28 | 000,255,000 | ---- | C] () -- C:\record022.mp3
[2012/11/08 10:00:28 | 000,204,844 | ---- | C] () -- C:\record026.mp3
[2012/11/08 10:00:28 | 000,173,498 | ---- | C] () -- C:\record023.mp3
[2012/11/08 10:00:28 | 000,150,510 | ---- | C] () -- C:\record024.mp3
[2012/11/08 10:00:27 | 005,592,294 | ---- | C] () -- C:\record018.mp3
[2012/11/08 10:00:27 | 004,739,657 | ---- | C] () -- C:\record017.mp3
[2012/11/08 10:00:27 | 003,648,784 | ---- | C] () -- C:\record021.mp3
[2012/11/08 10:00:27 | 000,509,910 | ---- | C] () -- C:\record020.mp3
[2012/11/08 10:00:27 | 000,114,939 | ---- | C] () -- C:\record019.mp3
[2012/11/08 10:00:26 | 003,878,661 | ---- | C] () -- C:\record016.mp3
[2012/11/08 10:00:26 | 000,240,371 | ---- | C] () -- C:\record015.mp3
[2012/11/08 09:59:11 | 010,440,467 | ---- | C] () -- C:\x-sound-recorder.exe
[2012/11/08 09:59:09 | 006,535,512 | ---- | C] () -- C:\SuperMp3Download-4.8.6.6.Setup.exe
[2012/11/08 09:59:04 | 044,799,303 | ---- | C] () -- C:\Super.80_SOFT-BEST.NET_.part3.rar
[2012/11/08 09:58:58 | 071,680,000 | ---- | C] () -- C:\Super.80_SOFT-BEST.NET_.part2.rar
[2012/11/08 09:58:20 | 130,612,797 | ---- | C] () -- C:\heli-x-windows.zip
[2012/11/08 09:58:19 | 006,190,628 | ---- | C] () -- C:\fmsdisk01.exe
[2012/11/08 09:56:56 | 001,093,403 | ---- | C] () -- C:\100_1262.JPG
[2012/11/08 09:47:38 | 001,748,473 | ---- | C] () -- C:\Rental Application Andrew Sumski.jpg
[2012/11/08 09:47:38 | 001,457,759 | ---- | C] () -- C:\Rental Application 1.jpg
[2012/11/08 09:47:38 | 000,046,771 | ---- | C] () -- C:\registration Ymail.htm
[2012/11/08 09:47:37 | 000,046,707 | ---- | C] () -- C:\registration.htm
[2012/11/08 09:47:34 | 050,000,000 | ---- | C] () -- C:\Photoshop_Brushes[1].part01.rar

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/01/20 18:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 18:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 18:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/20 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\Walt\AppData\Roaming\AVG2013
[2012/11/21 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\Walt\AppData\Roaming\Returnil
[2012/11/21 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Walt\AppData\Roaming\Template
[2012/11/20 09:28:40 | 000,000,000 | ---D | M] -- C:\Users\Walt\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

#3
Jasmyne
Posted 23 November 2012 - 07:49 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • Please follow my instructions carefully and in the order they are posted.
  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • lease note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean. Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!
With that all stated, let's get started! :)

While I'm looking over your OTL log could you please post the Extra.txt file that would have been created when you ran OTL? It should be saved the same place that OTL is (C:\Users\Walt\Downloads).

Thank you.
  • 0

#4
Bigbug12
Posted 24 November 2012 - 06:51 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Please Do I do a NEW post??? Or will it be deleted. Also what do mean by PM me?? Thank you Walt
Moderator: Posted 22 November 2012 - 10:37 AM
I'm sorry but what you need to do is start a new topic in the malware forum and post your log in that topic. We do not use those logs in the tech forums. We are not allowed to assist in malware topics outside of the malware forum and then only a malware tech can assist you there.

NO I’m not being Helped! My post was eliminated as you can see! I‘m real frustrated it takes me forever to type the typing gets deleted and moved around so it takes a long time!! hing is getting best of me!!This t

Posted Yesterday, 07:54 PM
Duplicate topic being helped in second posting.
Posts that are not replied to after 4 days will be closed, PM me or any Moderator to reactivate
Please continue working with me until I declare your computer clean, the absence of symptoms does NOT necessarily mean it is clean!
If I have not responded within 48 hours please PM me.

Hi
I tried running the Malware programs you suggested and they eater will not run or they get redirected by the Malware when I try to down load!! Hijackthis, OTM, rkill, rss-2011, est when I tried running it got mad and locked the computer up. Also I think it’s deleting some of my emails also, I know when I type it keeps deleting and moving the typing. Ran OTL and pasted data.

TL logfile created on: 11/23/2012 5:08:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.06% Memory free
6.13 Gb Paging File | 5.06 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.80 Gb Total Space | 107.47 Gb Free Space | 84.76% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.03 Gb Free Space | 0.29% Space Free | Partition Type: NTFS
Drive E: | 161.13 Gb Total Space | 57.20 Gb Free Space | 35.50% Space Free | Partition Type: NTFS
Drive G: | 246.72 Mb Total Space | 101.16 Mb Free Space | 41.00% Space Free | Partition Type: FAT

Computer Name: WALT-PC | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 16:28:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2012/11/23 08:25:00 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/24 09:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/05 07:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/03/23 18:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:24:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [1999/03/17 21:38:10 | 008,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/23 08:24:59 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/22 18:06:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:08 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:08 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:07 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:06 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:06 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:06 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:05 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:05 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:05 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:04 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/11/22 18:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/11/22 18:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/11/22 18:06:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/11/22 18:06:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/11/22 18:06:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/11/22 18:06:00 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/11/22 18:06:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/11/22 18:06:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/11/22 18:06:00 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/11/22 18:06:00 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/11/22 18:05:59 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/11/22 18:05:59 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/11/22 18:05:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll
MOD - [2012/11/22 18:05:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/11/22 18:05:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/11/22 18:05:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/11/22 18:05:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/11/22 18:05:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/11/22 18:05:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/10/24 09:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/07/03 23:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/20 18:52:50 | 013,193,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45ee94a63c463b93e3ff694c6ecd0820\System.Windows.Forms.ni.dll
MOD - [2008/01/20 18:52:15 | 001,667,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a35f567c4c67d6b1ca9a0023852847a2\System.Drawing.ni.dll
MOD - [2008/01/20 18:52:13 | 012,513,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
MOD - [2008/01/20 18:52:00 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
MOD - [2008/01/20 18:51:50 | 005,771,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\02cf61328d59df9b3ec09544f449a781\System.Xml.ni.dll
MOD - [2008/01/20 18:51:43 | 001,011,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15366cc16c2550064601b5167821667d\System.Configuration.ni.dll
MOD - [2008/01/20 18:51:40 | 008,265,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\267d4c344058092e6950c11594244f90\System.ni.dll
MOD - [2008/01/20 18:51:31 | 011,722,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll
MOD - [2008/01/20 18:51:31 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e2170385d6492ce6539124c5a3b361a8\Accessibility.ni.dll
MOD - [1999/02/01 15:39:14 | 000,073,785 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\BLNMGR.DLL
MOD - [1999/02/01 12:10:52 | 000,057,403 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\BLNMGRPS.DLL


========== Services (SafeList) ==========

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/05 07:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/09/19 01:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/07/04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/03 17:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/21 04:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/22 18:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/22 18:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walt\AppData\Roaming\Mozilla\Extensions
[2012/11/22 18:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66FBD479-4180-483A-A99C-B886392491DD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series User Registration
[2012/11/23 13:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/11/23 13:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series Manual
[2012/11/23 13:33:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/11/23 13:33:18 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012/11/23 13:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series
[2012/11/23 13:32:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/11/23 13:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/11/23 13:30:04 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/11/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Macromedia
[2012/11/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Macromedia
[2012/11/23 08:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/11/23 08:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/11/23 08:39:36 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft Web Folders
[2012/11/23 08:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/23 08:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/11/23 08:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/11/23 08:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/11/23 08:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/23 08:24:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/11/22 20:43:37 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\NPE
[2012/11/22 20:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/11/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Adobe
[2012/11/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Adobe
[2012/11/22 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/22 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/22 20:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/22 18:54:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Skype
[2012/11/22 18:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/22 18:54:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/22 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/22 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Mozilla
[2012/11/22 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Mozilla
[2012/11/22 18:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/22 18:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/22 18:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\ATI
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\ATI
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/22 18:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/22 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/22 18:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/22 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/11/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/11/22 17:53:23 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2012/11/22 17:53:23 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/11/22 17:53:23 | 000,043,008 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2012/11/22 17:53:23 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2012/11/22 17:53:23 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/11/22 17:53:10 | 000,000,000 | ---D | C] -- C:\dell
[2012/11/22 17:52:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2012/11/22 17:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/11/22 17:40:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\Searches
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/22 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Identities
[2012/11/22 17:39:26 | 000,000,000 | R--D | C] -- C:\Users\Walt\Contacts
[2012/11/22 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\VirtualStore
[2012/11/22 17:39:18 | 000,000,000 | --SD | C] -- C:\Users\Walt\AppData\Roaming\Microsoft
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Videos
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Saved Games
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Pictures
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Music
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Links
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Favorites
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Downloads
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Documents
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Desktop
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Temporary Internet Files
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Templates
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Start Menu
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\SendTo
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Recent
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\PrintHood
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\NetHood
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Videos
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Pictures
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Music
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\My Documents
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Local Settings
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\History
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Cookies
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Application Data
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Application Data
[2012/11/22 17:39:18 | 000,000,000 | -H-D | C] -- C:\Users\Walt\AppData
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Temp
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Microsoft
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Media Center Programs
[2012/11/22 17:36:28 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/11/22 17:27:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/22 17:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/22 17:21:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/22 17:20:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/11/22 17:00:00 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/11/22 16:34:58 | 004,424,392 | ---- | C] (AVG Technologies) -- C:\avg_free_stb_all_2013_2793_cnet.exe
[2012/11/22 16:34:40 | 029,304,496 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetupFull.exe
[2012/11/22 15:33:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/11/23 16:28:54 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/23 16:28:54 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 16:26:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 16:26:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 16:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 13:35:26 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/23 13:34:59 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/23 13:34:48 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/23 13:34:08 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/23 13:33:51 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/23 08:41:21 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/11/23 08:41:05 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/11/23 08:25:01 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/23 08:25:01 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/23 06:45:22 | 3184,410,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 20:36:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/22 18:54:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/22 18:49:42 | 000,000,870 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 18:49:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/22 18:19:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/11/22 17:39:52 | 000,000,680 | ---- | M] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/22 17:33:01 | 000,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/22 17:30:40 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/20 09:17:56 | 004,424,392 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_2013_2793_cnet.exe
[2012/11/18 08:44:02 | 029,304,496 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetupFull.exe

========== Files Created - No Company Name ==========

[2012/11/23 13:35:26 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/23 13:34:59 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/23 13:34:48 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/23 13:34:08 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/23 13:33:51 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/23 08:41:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/11/23 08:41:05 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/11/23 08:41:05 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/11/23 08:25:01 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/23 08:25:01 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/22 20:36:37 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/22 20:36:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/11/22 18:54:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/22 18:49:42 | 000,000,870 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 18:49:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/22 18:19:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/22 18:19:34 | 3184,410,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/22 18:03:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/11/22 18:03:44 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2012/11/22 18:03:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/11/22 18:03:44 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2012/11/22 18:03:44 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2012/11/22 18:03:43 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/11/22 18:03:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2012/11/22 18:03:43 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012/11/22 18:03:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2012/11/22 18:03:43 | 000,013,052 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/11/22 17:56:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OA001PC.bmp
[2012/11/22 17:56:42 | 000,022,951 | ---- | C] () -- C:\Windows\System32\drivers\OA001PC.jpg
[2012/11/22 17:56:42 | 000,005,777 | ---- | C] () -- C:\Windows\OA001.uns
[2012/11/22 17:39:43 | 000,000,949 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/22 17:39:41 | 000,000,944 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/22 17:39:26 | 000,000,915 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/11/22 17:39:22 | 000,000,680 | ---- | C] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/22 17:39:18 | 000,000,258 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/22 17:39:18 | 000,000,240 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/22 17:20:56 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/01/20 18:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 18:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 18:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
0
  • 0

#5
Jasmyne
Posted 25 November 2012 - 03:58 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Are the 2 OTL logs you've posted from both of your laptops? If so we'll work on one at a time so there's not confusion. One fix for one computer could cause more problems with the other as every infection is different and every computer is different.

If you're having trouble finding your posts, check your email that you registered on the site with, you should be getting an email notification each time your post is replied to. :) If you don't see them in your Inbox be sure to check your spam folder.

Also, when you're logged in to the site you can click on "My Profile" on the top right hand side and when you are viewing your profile you can look at "Topics" or "Posts" tabs in the middle to see the topics you've started and the posts you've made.

Hopefully that will make finding your posts a little easier in the future.

Now, to get started please try to run a RogueKiller Scan.

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#6
Bigbug12
Posted 25 November 2012 - 07:29 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Scan -- Date : 11/25/2012 17:19:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\alt\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Walt\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] e82e832a414ac1f1cd4b184a5ee47b01
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 21270060 | Size: 294841 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_11252012_02d1719.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt ; RKreport[3]_S_11252012_02d1719.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Remove -- Date : 11/25/2012 17:20:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\alt\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Walt\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] e82e832a414ac1f1cd4b184a5ee47b01
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 21270060 | Size: 294841 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_11252012_02d1720.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt ; RKreport[3]_S_11252012_02d1719.txt ; RKreport[4]_D_11252012_02d1720.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/25/2012 17:22:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\alt\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Walt\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 11 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 6 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[5]_SC_11252012_02d1722.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt ; RKreport[3]_S_11252012_02d1719.txt ; RKreport[4]_D_11252012_02d1720.txt ; RKreport[5]_SC_11252012_02d1722.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/25/2012 17:24:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\alt\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Walt\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[6]_SC_11252012_02d1724.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt ; RKreport[3]_S_11252012_02d1719.txt ; RKreport[4]_D_11252012_02d1720.txt ; RKreport[5]_SC_11252012_02d1722.txt ;
RKreport[6]_SC_11252012_02d1724.txt
  • 0

#7
Jasmyne
Posted 25 November 2012 - 07:34 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

Are the 2 OTL logs you've posted from both of your laptops? If so we'll work on one at a time so there's not confusion. One fix for one computer could cause more problems with the other as every infection is different and every computer is different.


Would you let me know about the two prior OTL logs? Also if they are from different computers could you let me know which log is from the computer you just ran RogueKiller on? If you're not sure just run another OTL scan and post it. :)

Jasmyne
  • 0

#8
Bigbug12
Posted 26 November 2012 - 04:57 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thank you for combining all the posts!!!
No all the information is from the Studio Windows Vista. Adding first 3 Reports also from Studio.

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/23/2012 17:43:39

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 47 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 472 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1]_SC_11232012_02d1743.txt >>
RKreport[1]_SC_11232012_02d1743.txt


RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/23/2012 17:44:40

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[2]_SC_11232012_02d1744.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt



RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Walt [Admin rights]
Mode : Scan -- Date : 11/25/2012 17:19:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\alt\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Walt\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] e82e832a414ac1f1cd4b184a5ee47b01
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 21270060 | Size: 294841 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_11252012_02d1719.txt >>
RKreport[1]_SC_11232012_02d1743.txt ; RKreport[2]_SC_11232012_02d1744.txt ; RKreport[3]_S_11252012_02d1719.txt
  • 0

#9
Jasmyne
Posted 27 November 2012 - 11:27 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Okay, let's dig a little deeper and see what we can find.

Step 1 Run MBRCheck.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2 Run ComboFix.

Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 3 OTL Scan

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under Extra Registry choose Use Safelist
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    %SYSTEMDRIVE%\*.exe
/md5start
WMIADAP.EXE
notepad.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
  • Then click the Run Scan button at the top
  • Let the program run, it will produce two logs, please post both of those in your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. MBRCheck
2. ComboFix Log
3. OTL Custom Scan
4. Extras.txt from OTL
  • 0

#10
Bigbug12
Posted 27 November 2012 - 12:46 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 142):
0x81A4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81A1B000 \SystemRoot\system32\hal.dll
0x80601000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80669000 \SystemRoot\system32\PSHED.dll
0x8067A000 \SystemRoot\system32\BOOTVID.dll
0x80682000 \SystemRoot\system32\CLFS.SYS
0x806C3000 \SystemRoot\system32\CI.dll
0x8980B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89887000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89894000 \SystemRoot\system32\drivers\acpi.sys
0x898DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x898E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x898EB000 \SystemRoot\system32\drivers\pci.sys
0x89912000 \SystemRoot\System32\drivers\partmgr.sys
0x89921000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x89924000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8992E000 \SystemRoot\system32\drivers\volmgr.sys
0x8993D000 \SystemRoot\System32\drivers\volmgrx.sys
0x89987000 \SystemRoot\System32\drivers\mountmgr.sys
0x89997000 \SystemRoot\system32\drivers\atapi.sys
0x8999F000 \SystemRoot\system32\drivers\ataport.SYS
0x899BD000 \SystemRoot\system32\drivers\msahci.sys
0x899C7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x899D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x899E5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89A0C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89A7D000 \SystemRoot\system32\drivers\ndis.sys
0x89B88000 \SystemRoot\system32\drivers\msrpc.sys
0x89BB3000 \SystemRoot\system32\drivers\NETIO.SYS
0x89C0C000 \SystemRoot\System32\drivers\tcpip.sys
0x89CF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89E09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89F18000 \SystemRoot\system32\drivers\volsnap.sys
0x89F51000 \SystemRoot\System32\Drivers\spldr.sys
0x89F59000 \SystemRoot\System32\Drivers\mup.sys
0x89F68000 \SystemRoot\System32\drivers\ecache.sys
0x89F8F000 \SystemRoot\system32\drivers\disk.sys
0x89FA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89FC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x89FEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89FF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E408000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x89D0E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E99F000 \SystemRoot\System32\drivers\watchdog.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9BE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89DAD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E9C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EA0D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8ED95000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EDA5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EDB3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EDCD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EDDE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EE09000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8EE5B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EE6E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EE79000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EE84000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EE9C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EEAB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EEB4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EEB8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EEE6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EF27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EF32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EF49000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF54000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EF77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EF86000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EF9A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EFBF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EFC1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EFEB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EDF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F00A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F03E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F04F000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F08E000 \SystemRoot\system32\drivers\portcls.sys
0x8F0BB000 \SystemRoot\system32\drivers\drmk.sys
0x8F0E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F0F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F0F9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F102000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F112000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F119000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x8F15D000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x8F181000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F189000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F192000 \SystemRoot\System32\Drivers\Null.SYS
0x8F199000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F1A9000 \SystemRoot\System32\drivers\vga.sys
0x8F1B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F1D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F1DE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F1E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F1EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E9D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F000000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E9E6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89DEB000 \SystemRoot\system32\DRIVERS\smb.sys
0x92A02000 \SystemRoot\system32\drivers\afd.sys
0x92A4A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92A7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92A92000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92AA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92AB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92AEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92AF9000 \SystemRoot\System32\Drivers\dfsc.sys
0x92B10000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92B1D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92B28000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x94870000 \SystemRoot\System32\win32k.sys
0x92B32000 \SystemRoot\System32\drivers\Dxapi.sys
0x92B3C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94A90000 \SystemRoot\System32\TSDDD.dll
0x94AB0000 \SystemRoot\System32\cdd.dll
0x92B4B000 \SystemRoot\system32\drivers\luafv.sys
0x9A601000 \SystemRoot\system32\drivers\spsys.sys
0x9A6B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A6C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A6EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A6F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A707000 \SystemRoot\system32\drivers\HTTP.sys
0x9A772000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A78F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A7A8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A7BD000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A7DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x92B66000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x92B9F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x92BB7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BA04000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BA68000 \SystemRoot\system32\drivers\peauth.sys
0x9BB46000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BB50000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9BB5C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9BB84000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D60000 \Windows\System32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
408 C:\Windows\System32\smss.exe
476 csrss.exe
536 C:\Windows\System32\wininit.exe
548 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\Ati2evxx.exe
1044 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\SLsvc.exe
1292 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\Ati2evxx.exe
1736 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\taskeng.exe
1952 C:\Windows\System32\dwm.exe
484 C:\Windows\explorer.exe
528 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1128 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
1424 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
468 C:\Windows\System32\svchost.exe
2056 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\taskeng.exe
2156 C:\Windows\System32\svchost.exe
2252 C:\Windows\System32\SearchIndexer.exe
2744 C:\Program Files\Windows Defender\MSASCui.exe
2760 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2776 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2828 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2888 C:\Program Files\Windows Sidebar\sidebar.exe
2920 C:\Program Files\Skype\Phone\Skype.exe
2952 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
2976 C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
3148 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4084 C:\Windows\System32\wuauclt.exe
3612 C:\Windows\System32\wsqmcons.exe
3328 C:\Program Files\Mozilla Firefox\firefox.exe
2752 C:\Program Files\Mozilla Firefox\plugin-container.exe
2292 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
2224 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
2708 C:\Users\Walt\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000002a`d1582a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`08e00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`891cd600 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: DE05

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
ComboFix 12-11-27.01 - Walt 11/27/2012 10:24:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.2003 [GMT -8:00]
Running from: c:\users\Walt\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-27 18:29 . 2012-11-27 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 00:22 . 2012-11-27 00:22 -------- d-----w- c:\programdata\ArcSoft
2012-11-27 00:21 . 2012-11-27 00:22 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-11-27 00:21 . 2012-11-27 00:21 -------- d-----w- c:\program files\ArcSoft
2012-11-27 00:20 . 2012-11-27 00:21 -------- d-----w- c:\windows\LastGood.Tmp
2012-11-27 00:19 . 2012-11-27 00:20 -------- d-----w- c:\program files\Common Files\Kodak
2012-11-27 00:18 . 2008-03-11 03:18 422400 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-11-27 00:18 . 2012-11-27 00:20 -------- d-----w- c:\program files\Kodak
2012-11-27 00:14 . 2012-11-27 00:24 -------- d-----w- c:\programdata\Kodak
2012-11-26 22:25 . 2012-11-26 22:25 -------- d-----w- c:\programdata\FLEXnet
2012-11-26 22:20 . 2012-11-26 22:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-11-23 21:33 . 2012-11-23 21:33 -------- d-----w- c:\programdata\CanonBJ
2012-11-23 21:33 . 2009-03-24 13:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1.DLL
2012-11-23 21:33 . 2009-03-24 13:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1.DLL
2012-11-23 21:33 . 2012-11-23 21:33 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-11-23 21:33 . 2009-03-24 13:00 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2012-11-23 21:33 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA1.DLL
2012-11-23 21:32 . 2012-11-23 21:35 -------- d-----w- c:\program files\Canon
2012-11-23 16:25 . 2012-11-23 16:25 -------- d-----w- c:\programdata\McAfee Security Scan
2012-11-23 16:25 . 2012-11-26 16:25 -------- d-----w- c:\program files\McAfee Security Scan
2012-11-23 16:25 . 2012-11-23 16:25 -------- d-----w- c:\programdata\McAfee
2012-11-23 16:24 . 2012-11-23 16:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-23 16:24 . 2012-11-23 16:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-23 16:24 . 2012-11-23 16:24 -------- d-----w- c:\windows\system32\Macromed
2012-11-23 04:43 . 2012-11-23 04:43 -------- d-----w- c:\programdata\Norton
2012-11-23 04:36 . 2012-11-26 22:20 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-23 02:54 . 2012-11-23 02:54 -------- d-----w- c:\program files\Common Files\Skype
2012-11-23 02:54 . 2012-11-23 02:54 -------- d-----r- c:\program files\Skype
2012-11-23 02:54 . 2012-11-23 02:54 -------- d-----w- c:\programdata\Skype
2012-11-23 02:49 . 2012-11-23 02:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-23 02:21 . 2012-11-23 02:21 -------- d-----w- c:\programdata\ATI
2012-11-23 02:19 . 2012-11-23 02:19 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-23 02:04 . 2012-11-23 02:05 -------- d-----w- c:\program files\ATI Technologies
2012-11-23 02:04 . 2012-11-23 02:04 -------- d-----w- c:\program files\ATI
2012-11-23 01:59 . 2012-11-23 01:59 -------- d-----w- c:\program files\Intel
2012-11-23 01:56 . 2012-11-27 00:21 -------- d-----w- c:\program files\Common Files\InstallShield
2012-11-23 01:56 . 2008-09-19 09:03 277440 ----a-w- c:\windows\system32\drivers\OA001Vid.sys
2012-11-23 01:56 . 2008-08-21 09:01 24576 ----a-w- c:\windows\system32\OA001Srv.exe
2012-11-23 01:56 . 2008-08-02 01:18 94208 ----a-w- c:\windows\CtDrvIns.exe
2012-11-23 01:56 . 2008-06-04 01:30 144672 ----a-w- c:\windows\system32\drivers\OA001Ufd.sys
2012-11-23 01:56 . 2008-04-15 09:01 53248 ----a-w- c:\windows\system32\OA001Pin.dll
2012-11-23 01:56 . 2008-04-15 09:01 32768 ----a-w- c:\windows\OA001Cfg.exe
2012-11-23 01:56 . 2007-12-21 09:00 31256 ----a-w- c:\windows\system32\OA001Pin.crl
2012-11-23 01:56 . 2007-06-08 09:00 148056 ----a-w- c:\windows\system32\drivers\OA001Afx.sys
2012-11-23 01:53 . 2012-11-27 00:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-11-23 01:53 . 2008-02-16 02:01 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-11-23 01:53 . 2007-07-30 19:54 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-11-23 01:53 . 2007-07-30 18:42 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-11-23 01:53 . 2007-07-25 20:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-11-23 01:53 . 2004-09-04 11:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-11-23 01:53 . 2012-11-23 01:53 -------- d-----w- C:\dell
2012-11-23 01:52 . 2012-11-23 01:52 -------- d-----w- c:\windows\system32\vmm32
2012-11-23 01:52 . 2012-11-23 01:52 -------- d-----w- c:\program files\Dell
2012-11-23 01:40 . 2012-11-27 00:23 -------- d-sh--w- c:\windows\Installer
2012-11-23 01:39 . 2012-11-27 00:21 -------- d-----w- c:\users\Walt
2012-11-23 01:36 . 2012-11-23 02:19 -------- d-----w- c:\windows\Debug
2012-11-23 01:21 . 2012-11-23 01:33 -------- d-----w- c:\windows\Panther
2012-11-23 01:20 . 2012-11-23 01:20 -------- d-----w- c:\windows\system32\OEM
2012-11-23 01:00 . 2012-11-23 01:00 -------- d-----w- C:\Windows.old
2012-11-23 00:34 . 2012-11-20 17:17 4424392 ----a-w- C:\avg_free_stb_all_2013_2793_cnet.exe
2012-11-23 00:34 . 2012-11-18 16:44 29304496 ----a-w- C:\SkypeSetupFull.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 17:50 . 2012-11-23 02:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Walt\AppData\Roaming\Mozilla\Firefox\Profiles\tp3uxg83.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 10:29
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-27 10:30:31
ComboFix-quarantined-files.txt 2012-11-27 18:30
.
Pre-Run: 108,566,753,280 bytes free
Post-Run: 108,557,639,680 bytes free
.
- - End Of File - - 3F090CCBFC8D41CAE8B024B28729900F
OTL logfile created on: 11/27/2012 10:38:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Walt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.99% Memory free
6.13 Gb Paging File | 5.07 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.80 Gb Total Space | 102.15 Gb Free Space | 80.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.55 Gb Free Space | 5.48% Space Free | Partition Type: NTFS
Drive E: | 161.13 Gb Total Space | 56.81 Gb Free Space | 35.26% Space Free | Partition Type: NTFS
Drive G: | 1.94 Gb Total Space | 1.53 Gb Free Space | 79.09% Space Free | Partition Type: FAT32

Computer Name: WALT-PC | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 16:28:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walt\Desktop\OTL.exe
PRC - [2012/11/23 08:25:00 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/24 09:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/05 07:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/03/23 18:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:24:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe
PRC - [2008/01/20 18:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/20 18:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2008/01/20 18:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [1999/03/17 21:38:10 | 008,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/26 16:24:46 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012/11/26 16:24:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012/11/26 16:24:45 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2012/11/26 16:24:45 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012/11/26 16:24:45 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2012/11/26 16:24:44 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2012/11/26 16:24:44 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2012/11/26 16:24:44 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2012/11/26 16:24:44 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2012/11/26 16:24:43 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2012/11/26 16:24:43 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2012/11/26 16:24:39 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012/11/26 16:24:39 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012/11/26 16:24:39 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012/11/26 16:24:37 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012/11/26 16:24:36 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012/11/26 16:24:36 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012/11/26 16:24:36 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012/11/26 16:24:35 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012/11/26 16:24:34 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012/11/26 16:24:33 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012/11/26 16:24:33 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012/11/26 16:24:33 | 000,261,120 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012/11/26 16:24:32 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012/11/26 16:24:31 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012/11/26 16:24:31 | 000,097,280 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012/11/26 16:24:30 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012/11/26 16:24:30 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012/11/26 16:24:30 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012/11/26 16:24:29 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012/11/26 16:24:23 | 001,297,408 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012/11/26 16:24:19 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012/11/26 16:24:18 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2012/11/26 16:24:13 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2012/11/23 08:24:59 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/22 18:06:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:08 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:08 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:07 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:06 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:06 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:06 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:05 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:05 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:05 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012/11/22 18:06:04 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/11/22 18:06:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/11/22 18:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/11/22 18:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/11/22 18:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/11/22 18:06:03 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/11/22 18:06:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/11/22 18:06:02 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/11/22 18:06:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/11/22 18:06:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/11/22 18:06:00 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/11/22 18:06:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/11/22 18:06:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/11/22 18:06:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/11/22 18:06:00 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/11/22 18:06:00 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/11/22 18:06:00 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/11/22 18:06:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/11/22 18:05:59 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/11/22 18:05:59 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/11/22 18:05:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll
MOD - [2012/11/22 18:05:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/11/22 18:05:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/11/22 18:05:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/11/22 18:05:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/11/22 18:05:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/11/22 18:05:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/11/22 18:05:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/10/24 09:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/07/03 23:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/20 18:52:50 | 013,193,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45ee94a63c463b93e3ff694c6ecd0820\System.Windows.Forms.ni.dll
MOD - [2008/01/20 18:52:15 | 001,667,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a35f567c4c67d6b1ca9a0023852847a2\System.Drawing.ni.dll
MOD - [2008/01/20 18:52:13 | 012,513,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
MOD - [2008/01/20 18:52:00 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
MOD - [2008/01/20 18:51:50 | 005,771,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\02cf61328d59df9b3ec09544f449a781\System.Xml.ni.dll
MOD - [2008/01/20 18:51:43 | 001,011,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15366cc16c2550064601b5167821667d\System.Configuration.ni.dll
MOD - [2008/01/20 18:51:40 | 008,265,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\267d4c344058092e6950c11594244f90\System.ni.dll
MOD - [2008/01/20 18:51:31 | 011,722,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll
MOD - [2008/01/20 18:51:31 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e2170385d6492ce6539124c5a3b361a8\Accessibility.ni.dll
MOD - [1999/02/01 15:39:14 | 000,073,785 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\BLNMGR.DLL
MOD - [1999/02/01 12:10:52 | 000,057,403 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\BLNMGRPS.DLL


========== Services (SafeList) ==========

SRV - [2012/11/26 14:20:14 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/05 07:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Walt\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2008/09/19 01:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/07/04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/03 17:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/21 04:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/26 16:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/22 18:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walt\AppData\Roaming\Mozilla\Extensions
[2012/11/22 18:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/27 10:29:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66FBD479-4180-483A-A99C-B886392491DD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 10:30:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/27 10:30:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/27 10:30:32 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\temp
[2012/11/27 10:23:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 10:23:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 10:23:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 10:23:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 10:22:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/26 16:26:20 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\KodakGallery
[2012/11/26 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Skinux
[2012/11/26 16:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/26 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/26 16:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/26 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Walt\Documents\My Print Creations
[2012/11/26 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\ArcSoft
[2012/11/26 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\ArcSoft
[2012/11/26 16:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
[2012/11/26 16:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/11/26 16:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/11/26 16:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/11/26 16:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/11/26 16:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/11/26 16:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/11/26 16:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/11/26 16:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/11/26 16:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/11/26 15:54:49 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\New Folder (2)
[2012/11/26 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\New Folder
[2012/11/26 14:35:34 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\Damian
[2012/11/26 14:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/11/26 14:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/11/26 14:17:40 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2012/11/26 08:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/11/24 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\For Sale items
[2012/11/24 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\VW++
[2012/11/24 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\VW
[2012/11/23 17:41:08 | 000,000,000 | ---D | C] -- C:\Users\Walt\Desktop\RK_Quarantine
[2012/11/23 16:28:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Walt\Desktop\OTL.exe
[2012/11/23 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series User Registration
[2012/11/23 13:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/11/23 13:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series Manual
[2012/11/23 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2012/11/23 13:33:18 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012/11/23 13:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series
[2012/11/23 13:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2012/11/23 13:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/11/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Macromedia
[2012/11/23 09:25:35 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Macromedia
[2012/11/23 08:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/11/23 08:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/11/23 08:39:36 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft Web Folders
[2012/11/23 08:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/23 08:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/11/23 08:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/11/23 08:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/23 08:24:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/11/22 20:43:37 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\NPE
[2012/11/22 20:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/11/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Adobe
[2012/11/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Adobe
[2012/11/22 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/22 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/22 20:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/22 18:54:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Skype
[2012/11/22 18:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/22 18:54:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/22 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/22 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Mozilla
[2012/11/22 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Mozilla
[2012/11/22 18:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/22 18:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/22 18:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\ATI
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\ATI
[2012/11/22 18:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/22 18:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/22 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/22 18:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/22 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/11/22 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/11/22 17:53:23 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2012/11/22 17:53:23 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/11/22 17:53:23 | 000,043,008 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2012/11/22 17:53:23 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2012/11/22 17:53:23 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/11/22 17:53:10 | 000,000,000 | ---D | C] -- C:\dell
[2012/11/22 17:52:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2012/11/22 17:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/11/22 17:40:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\Searches
[2012/11/22 17:39:42 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/22 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Identities
[2012/11/22 17:39:26 | 000,000,000 | R--D | C] -- C:\Users\Walt\Contacts
[2012/11/22 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\VirtualStore
[2012/11/22 17:39:18 | 000,000,000 | --SD | C] -- C:\Users\Walt\AppData\Roaming\Microsoft
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Videos
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Saved Games
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Pictures
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Music
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Links
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Favorites
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Downloads
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Documents
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\Desktop
[2012/11/22 17:39:18 | 000,000,000 | R--D | C] -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Temporary Internet Files
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Templates
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Start Menu
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\SendTo
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Recent
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\PrintHood
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\NetHood
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Videos
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Pictures
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Documents\My Music
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\My Documents
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Local Settings
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\History
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Cookies
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\Application Data
[2012/11/22 17:39:18 | 000,000,000 | -HSD | C] -- C:\Users\Walt\AppData\Local\Application Data
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Local\Microsoft
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData\Roaming\Media Center Programs
[2012/11/22 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Walt\AppData
[2012/11/22 17:36:28 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/11/22 17:27:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/22 17:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/22 17:21:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/22 17:20:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/11/22 17:00:00 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/11/22 16:34:58 | 004,424,392 | ---- | C] (AVG Technologies) -- C:\avg_free_stb_all_2013_2793_cnet.exe
[2012/11/22 16:34:40 | 029,304,496 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetupFull.exe
[2012/11/22 15:33:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/27 10:38:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/27 10:38:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/27 10:30:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 10:30:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 10:29:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/27 09:31:25 | 000,232,448 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/11/27 09:29:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 09:29:29 | 3184,410,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/27 06:32:50 | 000,000,938 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/26 16:32:45 | 000,435,200 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/11/26 16:23:32 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/26 16:23:31 | 000,001,802 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/11/26 16:21:23 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Web Surf & Share Pix with Firefox.lnk
[2012/11/26 16:19:18 | 000,002,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/11/26 16:19:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2012/11/26 14:24:11 | 000,243,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/26 14:20:05 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/26 08:26:04 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/26 08:26:04 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/23 17:35:28 | 000,752,128 | ---- | M] () -- C:\Users\Walt\Desktop\RogueKiller.exe
[2012/11/23 16:28:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walt\Desktop\OTL.exe
[2012/11/23 13:35:26 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/23 13:34:59 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/23 13:34:48 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/23 13:34:08 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/23 13:33:51 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/23 08:41:21 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/11/23 08:41:05 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/11/22 20:36:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/22 18:54:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/22 18:49:42 | 000,000,870 | ---- | M] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 18:49:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/22 18:19:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/11/22 17:39:52 | 000,000,680 | ---- | M] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/22 17:30:40 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/20 09:17:56 | 004,424,392 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_2013_2793_cnet.exe
[2012/11/18 08:44:02 | 029,304,496 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetupFull.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/27 10:23:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/27 10:23:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/27 10:23:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/27 10:23:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/27 10:23:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 06:32:50 | 000,000,938 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/26 16:26:16 | 000,435,200 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/11/26 16:26:16 | 000,232,448 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2012/11/26 16:23:32 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/26 16:23:31 | 000,001,802 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/11/26 16:21:23 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Web Surf & Share Pix with Firefox.lnk
[2012/11/26 16:19:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/11/26 16:19:18 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2012/11/26 14:20:05 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/26 14:20:05 | 000,000,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
[2012/11/23 17:35:23 | 000,752,128 | ---- | C] () -- C:\Users\Walt\Desktop\RogueKiller.exe
[2012/11/23 13:35:26 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series User Registration.LNK
[2012/11/23 13:34:59 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012/11/23 13:34:48 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/11/23 13:34:08 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/11/23 13:33:51 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP4700 series On-screen Manual.lnk
[2012/11/23 08:41:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/11/23 08:41:05 | 000,002,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/11/23 08:41:05 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/11/23 08:25:01 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/23 08:25:01 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/22 20:36:37 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/22 20:36:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/11/22 18:54:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/22 18:49:42 | 000,000,870 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/22 18:49:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 18:49:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/11/22 18:19:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/22 18:19:34 | 3184,410,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/22 18:03:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/11/22 18:03:44 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2012/11/22 18:03:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/11/22 18:03:44 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2012/11/22 18:03:44 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2012/11/22 18:03:44 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2012/11/22 18:03:43 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/11/22 18:03:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2012/11/22 18:03:43 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012/11/22 18:03:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2012/11/22 18:03:43 | 000,013,052 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/11/22 17:56:42 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\OA001PC.bmp
[2012/11/22 17:56:42 | 000,022,951 | ---- | C] () -- C:\Windows\System32\drivers\OA001PC.jpg
[2012/11/22 17:56:42 | 000,005,777 | ---- | C] () -- C:\Windows\OA001.uns
[2012/11/22 17:39:43 | 000,000,949 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/22 17:39:41 | 000,000,944 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/22 17:39:26 | 000,000,915 | ---- | C] () -- C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/11/22 17:39:22 | 000,000,680 | ---- | C] () -- C:\Users\Walt\AppData\Local\d3d9caps.dat
[2012/11/22 17:39:18 | 000,000,258 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/22 17:39:18 | 000,000,240 | ---- | C] () -- C:\Users\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/22 17:20:56 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/01/20 18:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 18:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 18:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/26 16:25:54 | 000,000,000 | ---D | M] -- C:\Users\Walt\AppData\Roaming\Skinux

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
Jasmyne
Posted 27 November 2012 - 02:33 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
Bigbug12
Posted 27 November 2012 - 05:35 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
15:16:15.0490 4624 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:16:16.0252 4624 ============================================================
15:16:16.0252 4624 Current date / time: 2012/11/27 15:16:16.0252
15:16:16.0252 4624 SystemInfo:
15:16:16.0252 4624
15:16:16.0252 4624 OS Version: 6.0.6001 ServicePack: 1.0
15:16:16.0252 4624 Product type: Workstation
15:16:16.0252 4624 ComputerName: WALT-PC
15:16:16.0252 4624 UserName: Walt
15:16:16.0252 4624 Windows directory: C:\Windows
15:16:16.0252 4624 System windows directory: C:\Windows
15:16:16.0252 4624 Processor architecture: Intel x86
15:16:16.0252 4624 Number of processors: 2
15:16:16.0252 4624 Page size: 0x1000
15:16:16.0252 4624 Boot type: Normal boot
15:16:16.0253 4624 ============================================================
15:16:18.0094 4624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:16:18.0096 4624 ============================================================
15:16:18.0096 4624 \Device\Harddisk0\DR0:
15:16:18.0097 4624 MBR partitions:
15:16:18.0097 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
15:16:18.0113 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1448E6B, BlocksNum 0x14241D6B
15:16:18.0153 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1568AC15, BlocksNum 0xFD9AD2A
15:16:18.0154 4624 ============================================================
15:16:18.0181 4624 C: <-> \Device\Harddisk0\DR0\Partition3
15:16:18.0248 4624 D: <-> \Device\Harddisk0\DR0\Partition1
15:16:18.0273 4624 E: <-> \Device\Harddisk0\DR0\Partition2
15:16:18.0273 4624 ============================================================
15:16:18.0274 4624 Initialize success
15:16:18.0274 4624 ============================================================
15:16:22.0852 1992 ============================================================
15:16:22.0852 1992 Scan started
15:16:22.0852 1992 Mode: Manual;
15:16:22.0852 1992 ============================================================
15:16:23.0996 1992 ================ Scan system memory ========================
15:16:23.0996 1992 System memory - ok
15:16:23.0996 1992 ================ Scan services =============================
15:16:24.0192 1992 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:16:24.0193 1992 ACDaemon - ok
15:16:24.0331 1992 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
15:16:24.0333 1992 ACPI - ok
15:16:24.0613 1992 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
15:16:24.0615 1992 AdobeActiveFileMonitor7.0 - ok
15:16:24.0689 1992 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:16:24.0690 1992 AdobeARMservice - ok
15:16:24.0756 1992 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:16:24.0758 1992 adp94xx - ok
15:16:24.0784 1992 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:16:24.0786 1992 adpahci - ok
15:16:24.0803 1992 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:16:24.0804 1992 adpu160m - ok
15:16:24.0823 1992 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:16:24.0824 1992 adpu320 - ok
15:16:24.0868 1992 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:16:24.0869 1992 AeLookupSvc - ok
15:16:24.0902 1992 [ 763E172A55177E478CB419F88FD0BA03 ] AFD C:\Windows\system32\drivers\afd.sys
15:16:24.0904 1992 AFD - ok
15:16:24.0931 1992 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:16:24.0932 1992 agp440 - ok
15:16:24.0939 1992 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:16:24.0940 1992 aic78xx - ok
15:16:24.0953 1992 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:16:24.0953 1992 ALG - ok
15:16:24.0974 1992 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:16:24.0975 1992 aliide - ok
15:16:24.0991 1992 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:16:24.0991 1992 amdagp - ok
15:16:25.0024 1992 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:16:25.0024 1992 amdide - ok
15:16:25.0044 1992 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:16:25.0045 1992 AmdK7 - ok
15:16:25.0073 1992 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:16:25.0074 1992 AmdK8 - ok
15:16:25.0171 1992 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:16:25.0172 1992 Appinfo - ok
15:16:25.0195 1992 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:16:25.0196 1992 arc - ok
15:16:25.0204 1992 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:16:25.0205 1992 arcsas - ok
15:16:25.0227 1992 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:25.0228 1992 AsyncMac - ok
15:16:25.0251 1992 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:16:25.0252 1992 atapi - ok
15:16:25.0304 1992 [ 4604DB6D5ECA6362873CC3A76D2204BA ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:16:25.0310 1992 Ati External Event Utility - ok
15:16:25.0462 1992 [ 47DCF5D78C395159D72C65C25129FC44 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:25.0508 1992 atikmdag - ok
15:16:25.0761 1992 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:16:25.0765 1992 AudioEndpointBuilder - ok
15:16:25.0789 1992 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:16:25.0793 1992 Audiosrv - ok
15:16:25.0844 1992 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:16:25.0844 1992 Beep - ok
15:16:25.0869 1992 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
15:16:25.0872 1992 BFE - ok
15:16:25.0919 1992 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
15:16:25.0929 1992 BITS - ok
15:16:25.0949 1992 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:16:25.0950 1992 blbdrive - ok
15:16:25.0969 1992 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:16:25.0970 1992 bowser - ok
15:16:26.0002 1992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:16:26.0003 1992 BrFiltLo - ok
15:16:26.0037 1992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:16:26.0038 1992 BrFiltUp - ok
15:16:26.0123 1992 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:16:26.0125 1992 Browser - ok
15:16:26.0149 1992 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:16:26.0150 1992 Brserid - ok
15:16:26.0228 1992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:16:26.0229 1992 BrSerWdm - ok
15:16:26.0251 1992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:16:26.0251 1992 BrUsbMdm - ok
15:16:26.0268 1992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:16:26.0270 1992 BrUsbSer - ok
15:16:26.0292 1992 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:16:26.0293 1992 BTHMODEM - ok
15:16:26.0387 1992 catchme - ok
15:16:26.0418 1992 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:16:26.0418 1992 cdfs - ok
15:16:26.0435 1992 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:16:26.0436 1992 cdrom - ok
15:16:26.0468 1992 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
15:16:26.0469 1992 CertPropSvc - ok
15:16:26.0485 1992 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:16:26.0486 1992 circlass - ok
15:16:26.0512 1992 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
15:16:26.0513 1992 CLFS - ok
15:16:26.0631 1992 [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:26.0632 1992 clr_optimization_v2.0.50727_32 - ok
15:16:26.0692 1992 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:26.0692 1992 CmBatt - ok
15:16:26.0715 1992 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:16:26.0716 1992 cmdide - ok
15:16:26.0735 1992 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:16:26.0735 1992 Compbatt - ok
15:16:26.0741 1992 COMSysApp - ok
15:16:26.0757 1992 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:16:26.0758 1992 crcdisk - ok
15:16:26.0779 1992 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:16:26.0780 1992 Crusoe - ok
15:16:26.0836 1992 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:16:26.0838 1992 CryptSvc - ok
15:16:26.0948 1992 [ 33FB1F0193EE2051067441492D56113C ] DcomLaunch C:\Windows\system32\rpcss.dll
15:16:26.0955 1992 DcomLaunch - ok
15:16:26.0978 1992 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:16:26.0979 1992 DfsC - ok
15:16:27.0103 1992 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
15:16:27.0124 1992 DFSR - ok
15:16:27.0160 1992 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:16:27.0162 1992 Dhcp - ok
15:16:27.0186 1992 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
15:16:27.0187 1992 disk - ok
15:16:27.0210 1992 [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:16:27.0211 1992 Dnscache - ok
15:16:27.0287 1992 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
15:16:27.0289 1992 dot3svc - ok
15:16:27.0317 1992 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:16:27.0319 1992 DPS - ok
15:16:27.0349 1992 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:16:27.0350 1992 drmkaud - ok
15:16:27.0392 1992 [ F8BF50A8D862F8CC089080BEC509BCA6 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:16:27.0397 1992 DXGKrnl - ok
15:16:27.0428 1992 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:16:27.0429 1992 E1G60 - ok
15:16:27.0454 1992 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:16:27.0455 1992 EapHost - ok
15:16:27.0481 1992 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:16:27.0482 1992 Ecache - ok
15:16:27.0535 1992 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:16:27.0537 1992 ehRecvr - ok
15:16:27.0544 1992 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:16:27.0546 1992 ehSched - ok
15:16:27.0611 1992 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:16:27.0612 1992 ehstart - ok
15:16:27.0646 1992 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:16:27.0649 1992 elxstor - ok
15:16:27.0694 1992 [ BA4E96D951DDAD6AC3AF3C91D4AC68BF ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:16:27.0700 1992 EMDMgmt - ok
15:16:27.0733 1992 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:16:27.0733 1992 ErrDev - ok
15:16:27.0768 1992 [ F4BF4FA769DB51B106D2B4B35256988B ] EventSystem C:\Windows\system32\es.dll
15:16:27.0770 1992 EventSystem - ok
15:16:27.0876 1992 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
15:16:27.0877 1992 exfat - ok
15:16:27.0967 1992 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:16:27.0968 1992 fastfat - ok
15:16:28.0009 1992 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:16:28.0010 1992 fdc - ok
15:16:28.0053 1992 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:16:28.0054 1992 fdPHost - ok
15:16:28.0128 1992 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:16:28.0129 1992 FDResPub - ok
15:16:28.0155 1992 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:16:28.0156 1992 FileInfo - ok
15:16:28.0173 1992 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:16:28.0174 1992 Filetrace - ok
15:16:28.0243 1992 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:16:28.0248 1992 FLEXnet Licensing Service - ok
15:16:28.0270 1992 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:28.0270 1992 flpydisk - ok
15:16:28.0287 1992 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:16:28.0288 1992 FltMgr - ok
15:16:28.0347 1992 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:28.0348 1992 FontCache3.0.0.0 - ok
15:16:28.0364 1992 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:16:28.0365 1992 Fs_Rec - ok
15:16:28.0385 1992 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:16:28.0386 1992 gagp30kx - ok
15:16:28.0423 1992 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
15:16:28.0427 1992 gpsvc - ok
15:16:28.0469 1992 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:16:28.0471 1992 HdAudAddService - ok
15:16:28.0491 1992 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:16:28.0491 1992 HDAudBus - ok
15:16:28.0504 1992 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:16:28.0505 1992 HidBth - ok
15:16:28.0523 1992 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:16:28.0523 1992 HidIr - ok
15:16:28.0542 1992 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
15:16:28.0543 1992 hidserv - ok
15:16:28.0549 1992 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:16:28.0550 1992 HidUsb - ok
15:16:28.0619 1992 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:16:28.0621 1992 hkmsvc - ok
15:16:28.0641 1992 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:16:28.0641 1992 HpCISSs - ok
15:16:28.0670 1992 [ 406C027C18E98A396FAA1963DAD5FF70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:16:28.0674 1992 HTTP - ok
15:16:28.0690 1992 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:16:28.0691 1992 i2omp - ok
15:16:28.0731 1992 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:16:28.0732 1992 i8042prt - ok
15:16:28.0760 1992 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:16:28.0762 1992 iaStorV - ok
15:16:28.0814 1992 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:28.0821 1992 idsvc - ok
15:16:28.0838 1992 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:16:28.0839 1992 iirsp - ok
15:16:28.0873 1992 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
15:16:28.0878 1992 IKEEXT - ok
15:16:28.0905 1992 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:16:28.0905 1992 intelide - ok
15:16:28.0935 1992 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:16:28.0935 1992 intelppm - ok
15:16:28.0943 1992 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:16:28.0944 1992 IPBusEnum - ok
15:16:28.0962 1992 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:28.0963 1992 IpFilterDriver - ok
15:16:28.0971 1992 [ CAD416B8A4309B5E1CE75425381E7D2F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:16:28.0973 1992 iphlpsvc - ok
15:16:28.0979 1992 IpInIp - ok
15:16:28.0997 1992 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:16:28.0998 1992 IPMIDRV - ok
15:16:29.0013 1992 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:16:29.0014 1992 IPNAT - ok
15:16:29.0029 1992 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:16:29.0030 1992 IRENUM - ok
15:16:29.0049 1992 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:16:29.0050 1992 isapnp - ok
15:16:29.0094 1992 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:16:29.0096 1992 iScsiPrt - ok
15:16:29.0113 1992 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:16:29.0113 1992 iteatapi - ok
15:16:29.0147 1992 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:16:29.0147 1992 iteraid - ok
15:16:29.0164 1992 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:29.0165 1992 kbdclass - ok
15:16:29.0187 1992 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:29.0187 1992 kbdhid - ok
15:16:29.0217 1992 [ DCF733788C7D088D814E5F80EB4B3E0F ] KeyIso C:\Windows\system32\lsass.exe
15:16:29.0218 1992 KeyIso - ok
15:16:29.0247 1992 [ 5367DC846CAE9639B899BFD13B97A8C9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:16:29.0250 1992 KSecDD - ok
15:16:29.0290 1992 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:16:29.0294 1992 KtmRm - ok
15:16:29.0324 1992 [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:16:29.0326 1992 LanmanServer - ok
15:16:29.0344 1992 [ DEC1A338B86C5D582C25C40836DD76C3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:16:29.0348 1992 LanmanWorkstation - ok
15:16:29.0366 1992 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:16:29.0367 1992 lltdio - ok
15:16:29.0395 1992 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:16:29.0398 1992 lltdsvc - ok
15:16:29.0404 1992 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:16:29.0406 1992 lmhosts - ok
15:16:29.0431 1992 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:16:29.0432 1992 LSI_FC - ok
15:16:29.0449 1992 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:16:29.0450 1992 LSI_SAS - ok
15:16:29.0474 1992 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:16:29.0475 1992 LSI_SCSI - ok
15:16:29.0497 1992 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:16:29.0498 1992 luafv - ok
15:16:29.0613 1992 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
15:16:29.0615 1992 McComponentHostService - ok
15:16:29.0660 1992 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:16:29.0662 1992 Mcx2Svc - ok
15:16:29.0703 1992 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:16:29.0704 1992 megasas - ok
15:16:29.0742 1992 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:16:29.0746 1992 MegaSR - ok
15:16:29.0772 1992 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:16:29.0774 1992 MMCSS - ok
15:16:29.0797 1992 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:16:29.0798 1992 Modem - ok
15:16:29.0813 1992 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:16:29.0814 1992 monitor - ok
15:16:29.0832 1992 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:16:29.0832 1992 mouclass - ok
15:16:29.0852 1992 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:16:29.0853 1992 mouhid - ok
15:16:29.0869 1992 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:16:29.0870 1992 MountMgr - ok
15:16:29.0936 1992 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:16:29.0937 1992 MozillaMaintenance - ok
15:16:29.0980 1992 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:16:29.0981 1992 mpio - ok
15:16:30.0000 1992 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:16:30.0001 1992 mpsdrv - ok
15:16:30.0036 1992 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
15:16:30.0040 1992 MpsSvc - ok
15:16:30.0054 1992 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:16:30.0055 1992 Mraid35x - ok
15:16:30.0077 1992 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:16:30.0078 1992 MRxDAV - ok
15:16:30.0099 1992 [ C4AD205530888404E2B5FC8D9319B119 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:30.0100 1992 mrxsmb - ok
15:16:30.0112 1992 [ 67E55CED3FC143C82A8197988BFC1F9A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:30.0114 1992 mrxsmb10 - ok
15:16:30.0124 1992 [ 3268B8C3FA92BFC086355C39B45E9CC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:30.0126 1992 mrxsmb20 - ok
15:16:30.0156 1992 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:16:30.0156 1992 msahci - ok
15:16:30.0178 1992 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:16:30.0179 1992 msdsm - ok
15:16:30.0197 1992 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:16:30.0200 1992 MSDTC - ok
15:16:30.0222 1992 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:16:30.0222 1992 Msfs - ok
15:16:30.0249 1992 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:16:30.0249 1992 msisadrv - ok
15:16:30.0277 1992 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:16:30.0279 1992 MSiSCSI - ok
15:16:30.0284 1992 msiserver - ok
15:16:30.0314 1992 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:16:30.0315 1992 MSKSSRV - ok
15:16:30.0333 1992 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:30.0333 1992 MSPCLOCK - ok
15:16:30.0343 1992 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:16:30.0343 1992 MSPQM - ok
15:16:30.0364 1992 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:16:30.0365 1992 MsRPC - ok
15:16:30.0389 1992 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:16:30.0390 1992 mssmbios - ok
15:16:30.0400 1992 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:16:30.0400 1992 MSTEE - ok
15:16:30.0421 1992 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
15:16:30.0422 1992 Mup - ok
15:16:30.0460 1992 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
15:16:30.0464 1992 napagent - ok
15:16:30.0493 1992 [ DD721F8635191132992E7CEAA3C43C84 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:16:30.0494 1992 NativeWifiP - ok
15:16:30.0537 1992 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:16:30.0541 1992 NDIS - ok
15:16:30.0554 1992 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:30.0555 1992 NdisTapi - ok
15:16:30.0612 1992 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:30.0612 1992 Ndisuio - ok
15:16:30.0626 1992 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:30.0627 1992 NdisWan - ok
15:16:30.0650 1992 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:16:30.0651 1992 NDProxy - ok
15:16:30.0672 1992 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:16:30.0673 1992 NetBIOS - ok
15:16:30.0691 1992 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:16:30.0692 1992 netbt - ok
15:16:30.0705 1992 [ DCF733788C7D088D814E5F80EB4B3E0F ] Netlogon C:\Windows\system32\lsass.exe
15:16:30.0706 1992 Netlogon - ok
15:16:30.0741 1992 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:16:30.0745 1992 Netman - ok
15:16:30.0770 1992 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:16:30.0773 1992 netprofm - ok
15:16:30.0807 1992 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:30.0808 1992 NetTcpPortSharing - ok
15:16:30.0942 1992 [ 0B214C6A4728F085FB64A29ED9C4DE94 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:16:30.0977 1992 NETw5v32 - ok
15:16:31.0009 1992 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:16:31.0010 1992 nfrd960 - ok
15:16:31.0051 1992 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:16:31.0053 1992 NlaSvc - ok
15:16:31.0073 1992 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:16:31.0074 1992 Npfs - ok
15:16:31.0082 1992 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:16:31.0084 1992 nsi - ok
15:16:31.0105 1992 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:16:31.0106 1992 nsiproxy - ok
15:16:31.0143 1992 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:16:31.0151 1992 Ntfs - ok
15:16:31.0173 1992 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:16:31.0174 1992 ntrigdigi - ok
15:16:31.0185 1992 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:16:31.0185 1992 Null - ok
15:16:31.0205 1992 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:16:31.0206 1992 nvraid - ok
15:16:31.0218 1992 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:16:31.0218 1992 nvstor - ok
15:16:31.0233 1992 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:16:31.0234 1992 nv_agp - ok
15:16:31.0240 1992 NwlnkFlt - ok
15:16:31.0246 1992 NwlnkFwd - ok
15:16:31.0274 1992 [ A015DD2BA6009C8BDD00A6C431302D06 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
15:16:31.0275 1992 OA001Ufd - ok
15:16:31.0294 1992 [ 438FFCB55B8CE39B0BC71AFC0A059835 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
15:16:31.0296 1992 OA001Vid - ok
15:16:31.0332 1992 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:16:31.0332 1992 ohci1394 - ok
15:16:31.0371 1992 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:16:31.0377 1992 p2pimsvc - ok
15:16:31.0407 1992 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
15:16:31.0413 1992 p2psvc - ok
15:16:31.0447 1992 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:16:31.0448 1992 Parport - ok
15:16:31.0461 1992 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:16:31.0462 1992 partmgr - ok
15:16:31.0484 1992 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:16:31.0485 1992 Parvdm - ok
15:16:31.0504 1992 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:16:31.0506 1992 PcaSvc - ok
15:16:31.0514 1992 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
15:16:31.0515 1992 pci - ok
15:16:31.0532 1992 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:16:31.0533 1992 pciide - ok
15:16:31.0556 1992 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:16:31.0557 1992 pcmcia - ok
15:16:31.0634 1992 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:16:31.0642 1992 PEAUTH - ok
15:16:31.0815 1992 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:16:31.0828 1992 pla - ok
15:16:31.0863 1992 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:16:31.0867 1992 PlugPlay - ok
15:16:31.0904 1992 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:16:31.0911 1992 PNRPAutoReg - ok
15:16:31.0940 1992 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:16:31.0947 1992 PNRPsvc - ok
15:16:31.0982 1992 [ 017FB87911583B00DA1581F07CB7E7F2 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:16:31.0986 1992 PolicyAgent - ok
15:16:32.0036 1992 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:16:32.0037 1992 PptpMiniport - ok
15:16:32.0059 1992 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:16:32.0060 1992 Processor - ok
15:16:32.0082 1992 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
15:16:32.0085 1992 ProfSvc - ok
15:16:32.0104 1992 [ DCF733788C7D088D814E5F80EB4B3E0F ] ProtectedStorage C:\Windows\system32\lsass.exe
15:16:32.0106 1992 ProtectedStorage - ok
15:16:32.0126 1992 [ A114CFE308C24B8235B03CFDFFE11E99 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:16:32.0127 1992 PSched - ok
15:16:32.0164 1992 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:16:32.0165 1992 PxHelp20 - ok
15:16:32.0230 1992 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:16:32.0238 1992 ql2300 - ok
15:16:32.0256 1992 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:16:32.0257 1992 ql40xx - ok
15:16:32.0286 1992 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:16:32.0289 1992 QWAVE - ok
15:16:32.0305 1992 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:16:32.0305 1992 QWAVEdrv - ok
15:16:32.0321 1992 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:16:32.0322 1992 RasAcd - ok
15:16:32.0329 1992 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:16:32.0334 1992 RasAuto - ok
15:16:32.0353 1992 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:32.0354 1992 Rasl2tp - ok
15:16:32.0363 1992 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
15:16:32.0366 1992 RasMan - ok
15:16:32.0372 1992 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:32.0373 1992 RasPppoe - ok
15:16:32.0381 1992 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:16:32.0381 1992 RasSstp - ok
15:16:32.0402 1992 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:16:32.0403 1992 rdbss - ok
15:16:32.0421 1992 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:32.0421 1992 RDPCDD - ok
15:16:32.0450 1992 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:16:32.0452 1992 rdpdr - ok
15:16:32.0458 1992 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:16:32.0459 1992 RDPENCDD - ok
15:16:32.0486 1992 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:16:32.0487 1992 RDPWD - ok
15:16:32.0519 1992 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:16:32.0521 1992 RemoteAccess - ok
15:16:32.0548 1992 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:16:32.0551 1992 RemoteRegistry - ok
15:16:32.0579 1992 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:16:32.0580 1992 rimmptsk - ok
15:16:32.0586 1992 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:16:32.0587 1992 rimsptsk - ok
15:16:32.0619 1992 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:16:32.0620 1992 rismxdp - ok
15:16:32.0635 1992 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:16:32.0636 1992 RpcLocator - ok
15:16:32.0810 1992 [ 33FB1F0193EE2051067441492D56113C ] RpcSs C:\Windows\System32\rpcss.dll
15:16:32.0816 1992 RpcSs - ok
15:16:32.0848 1992 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:16:32.0849 1992 rspndr - ok
15:16:32.0870 1992 [ DCF733788C7D088D814E5F80EB4B3E0F ] SamSs C:\Windows\system32\lsass.exe
15:16:32.0872 1992 SamSs - ok
15:16:32.0893 1992 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:16:32.0894 1992 sbp2port - ok
15:16:32.0922 1992 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:16:32.0925 1992 SCardSvr - ok
15:16:32.0941 1992 [ 1D5E99DB3C10F4FA034010DC49043CA4 ] Schedule C:\Windows\system32\schedsvc.dll
15:16:32.0948 1992 Schedule - ok
15:16:32.0964 1992 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
15:16:32.0965 1992 SCPolicySvc - ok
15:16:33.0012 1992 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:16:33.0013 1992 sdbus - ok
15:16:33.0020 1992 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:16:33.0023 1992 SDRSVC - ok
15:16:33.0049 1992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:16:33.0050 1992 secdrv - ok
15:16:33.0075 1992 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:16:33.0077 1992 seclogon - ok
15:16:33.0098 1992 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
15:16:33.0100 1992 SENS - ok
15:16:33.0113 1992 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:16:33.0114 1992 Serenum - ok
15:16:33.0131 1992 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:16:33.0132 1992 Serial - ok
15:16:33.0149 1992 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:16:33.0149 1992 sermouse - ok
15:16:33.0182 1992 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:16:33.0184 1992 SessionEnv - ok
15:16:33.0202 1992 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:16:33.0203 1992 sffdisk - ok
15:16:33.0223 1992 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:16:33.0223 1992 sffp_mmc - ok
15:16:33.0243 1992 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:16:33.0243 1992 sffp_sd - ok
15:16:33.0255 1992 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:16:33.0255 1992 sfloppy - ok
15:16:33.0265 1992 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:16:33.0268 1992 SharedAccess - ok
15:16:33.0289 1992 [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:16:33.0293 1992 ShellHWDetection - ok
15:16:33.0307 1992 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:16:33.0308 1992 sisagp - ok
15:16:33.0323 1992 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:16:33.0323 1992 SiSRaid2 - ok
15:16:33.0342 1992 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:16:33.0343 1992 SiSRaid4 - ok
15:16:33.0396 1992 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:16:33.0397 1992 SkypeUpdate - ok
15:16:33.0479 1992 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
15:16:33.0499 1992 slsvc - ok
15:16:33.0512 1992 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:16:33.0515 1992 SLUINotify - ok
15:16:33.0536 1992 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:16:33.0536 1992 Smb - ok
15:16:33.0557 1992 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:16:33.0559 1992 SNMPTRAP - ok
15:16:33.0608 1992 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:16:33.0609 1992 spldr - ok
15:16:33.0641 1992 [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2 ] Spooler C:\Windows\System32\spoolsv.exe
15:16:33.0644 1992 Spooler - ok
15:16:33.0748 1992 [ 3D7C04ABA41AC96BA7E9D123EC8F7FA3 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:16:33.0751 1992 srv - ok
15:16:33.0764 1992 [ 805FAC010405AD3F82EF8DF0BB035D81 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:16:33.0765 1992 srv2 - ok
15:16:33.0771 1992 [ F63A0A58AAFE34D7A1A0A74ABCCDD9C0 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:16:33.0772 1992 srvnet - ok
15:16:33.0782 1992 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:16:33.0785 1992 SSDPSRV - ok
15:16:33.0851 1992 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:16:33.0854 1992 SstpSvc - ok
15:16:33.0878 1992 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
15:16:33.0883 1992 stisvc - ok
15:16:33.0904 1992 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:16:33.0905 1992 swenum - ok
15:16:33.0962 1992 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
15:16:33.0966 1992 swprv - ok
15:16:33.0978 1992 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:16:34.0016 1992 Symc8xx - ok
15:16:34.0031 1992 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:16:34.0032 1992 Sym_hi - ok
15:16:34.0055 1992 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:16:34.0055 1992 Sym_u3 - ok
15:16:34.0083 1992 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
15:16:34.0089 1992 SysMain - ok
15:16:34.0103 1992 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:16:34.0105 1992 TabletInputService - ok
15:16:34.0114 1992 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:16:34.0117 1992 TapiSrv - ok
15:16:34.0124 1992 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:16:34.0127 1992 TBS - ok
15:16:34.0171 1992 [ FC6E2835D667774D409C7C7021EAF9C4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:16:34.0177 1992 Tcpip - ok
15:16:34.0212 1992 [ FC6E2835D667774D409C7C7021EAF9C4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:16:34.0218 1992 Tcpip6 - ok
15:16:34.0235 1992 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:16:34.0235 1992 tcpipreg - ok
15:16:34.0251 1992 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:16:34.0251 1992 TDPIPE - ok
15:16:34.0271 1992 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:16:34.0271 1992 TDTCP - ok
15:16:34.0301 1992 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:16:34.0301 1992 tdx - ok
15:16:34.0315 1992 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:16:34.0315 1992 TermDD - ok
15:16:34.0444 1992 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
15:16:34.0449 1992 TermService - ok
15:16:34.0470 1992 [ 27F10F348E508243F6254846F8370D0D ] Themes C:\Windows\system32\shsvcs.dll
15:16:34.0474 1992 Themes - ok
15:16:34.0491 1992 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:16:34.0493 1992 THREADORDER - ok
15:16:34.0499 1992 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:16:34.0502 1992 TrkWks - ok
15:16:34.0543 1992 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:16:34.0544 1992 TrustedInstaller - ok
15:16:34.0613 1992 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:34.0614 1992 tssecsrv - ok
15:16:34.0710 1992 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:16:34.0711 1992 tunmp - ok
15:16:34.0721 1992 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:16:34.0721 1992 tunnel - ok
15:16:34.0745 1992 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:16:34.0747 1992 uagp35 - ok
15:16:34.0769 1992 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:16:34.0772 1992 udfs - ok
15:16:34.0812 1992 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:16:34.0815 1992 UI0Detect - ok
15:16:34.0833 1992 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:16:34.0834 1992 uliagpkx - ok
15:16:34.0851 1992 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:16:34.0853 1992 uliahci - ok
15:16:34.0861 1992 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:16:34.0863 1992 UlSata - ok
15:16:34.0881 1992 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:16:34.0883 1992 ulsata2 - ok
15:16:34.0898 1992 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:16:34.0899 1992 umbus - ok
15:16:34.0929 1992 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:16:34.0935 1992 upnphost - ok
15:16:34.0971 1992 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:34.0972 1992 usbccgp - ok
15:16:34.0995 1992 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:16:34.0996 1992 usbcir - ok
15:16:35.0025 1992 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:16:35.0026 1992 usbehci - ok
15:16:35.0058 1992 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:16:35.0059 1992 usbhub - ok
15:16:35.0076 1992 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:16:35.0077 1992 usbohci - ok
15:16:35.0115 1992 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:16:35.0115 1992 usbprint - ok
15:16:35.0162 1992 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:35.0163 1992 USBSTOR - ok
15:16:35.0177 1992 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:16:35.0177 1992 usbuhci - ok
15:16:35.0210 1992 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:16:35.0211 1992 usbvideo - ok
15:16:35.0236 1992 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
15:16:35.0239 1992 UxSms - ok
15:16:35.0272 1992 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
15:16:35.0276 1992 vds - ok
15:16:35.0310 1992 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:35.0311 1992 vga - ok
15:16:35.0328 1992 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:16:35.0328 1992 VgaSave - ok
15:16:35.0344 1992 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:16:35.0345 1992 viaagp - ok
15:16:35.0359 1992 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:16:35.0360 1992 ViaC7 - ok
15:16:35.0380 1992 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:16:35.0381 1992 viaide - ok
15:16:35.0404 1992 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:16:35.0405 1992 volmgr - ok
15:16:35.0415 1992 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:16:35.0418 1992 volmgrx - ok
15:16:35.0428 1992 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:16:35.0431 1992 volsnap - ok
15:16:35.0452 1992 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:16:35.0453 1992 vsmraid - ok
15:16:35.0513 1992 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
15:16:35.0522 1992 VSS - ok
15:16:35.0544 1992 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
15:16:35.0548 1992 W32Time - ok
15:16:35.0572 1992 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:16:35.0573 1992 WacomPen - ok
15:16:35.0591 1992 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:16:35.0592 1992 Wanarp - ok
15:16:35.0596 1992 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:16:35.0597 1992 Wanarpv6 - ok
15:16:35.0610 1992 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:16:35.0615 1992 wcncsvc - ok
15:16:35.0649 1992 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:16:35.0652 1992 WcsPlugInService - ok
15:16:35.0676 1992 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:16:35.0676 1992 Wd - ok
15:16:35.0702 1992 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:16:35.0706 1992 Wdf01000 - ok
15:16:35.0720 1992 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:16:35.0723 1992 WdiServiceHost - ok
15:16:35.0728 1992 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:16:35.0731 1992 WdiSystemHost - ok
15:16:35.0739 1992 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
15:16:35.0743 1992 WebClient - ok
15:16:35.0762 1992 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:16:35.0765 1992 Wecsvc - ok
15:16:35.0773 1992 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:16:35.0775 1992 wercplsupport - ok
15:16:35.0784 1992 [ 4081288554294F144E5A7D4EE20E3CE6 ] WerSvc C:\Windows\System32\WerSvc.dll
15:16:35.0787 1992 WerSvc - ok
15:16:35.0851 1992 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:16:35.0853 1992 WinDefend - ok
15:16:35.0860 1992 WinHttpAutoProxySvc - ok
15:16:35.0923 1992 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:16:35.0924 1992 Winmgmt - ok
15:16:35.0961 1992 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
15:16:35.0974 1992 WinRM - ok
15:16:36.0010 1992 [ 4B40FF01DB5357299DCBDB5A5746AD21 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:16:36.0015 1992 Wlansvc - ok
15:16:36.0039 1992 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:16:36.0040 1992 WmiAcpi - ok
15:16:36.0049 1992 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:16:36.0051 1992 wmiApSrv - ok
15:16:36.0109 1992 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:16:36.0115 1992 WMPNetworkSvc - ok
15:16:36.0124 1992 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:16:36.0127 1992 WPCSvc - ok
15:16:36.0134 1992 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:16:36.0137 1992 WPDBusEnum - ok
15:16:36.0155 1992 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:16:36.0155 1992 ws2ifsl - ok
15:16:36.0161 1992 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
15:16:36.0164 1992 wscsvc - ok
15:16:36.0170 1992 WSearch - ok
15:16:36.0225 1992 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
15:16:36.0239 1992 wuauserv - ok
15:16:36.0332 1992 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:36.0333 1992 WUDFRd - ok
15:16:36.0400 1992 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:16:36.0403 1992 wudfsvc - ok
15:16:36.0408 1992 ================ Scan global ===============================
15:16:36.0432 1992 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:16:36.0456 1992 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
15:16:36.0475 1992 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
15:16:36.0504 1992 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
15:16:36.0508 1992 [Global] - ok
15:16:36.0509 1992 ================ Scan MBR ==================================
15:16:36.0556 1992 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:16:37.0391 1992 \Device\Harddisk0\DR0 - ok
15:16:37.0392 1992 ================ Scan VBR ==================================
15:16:37.0395 1992 [ FFAA5E7DD60C58CD94EE6A11739CB259 ] \Device\Harddisk0\DR0\Partition1
15:16:37.0397 1992 \Device\Harddisk0\DR0\Partition1 - ok
15:16:37.0431 1992 [ D00BFD1E6F771C956999C126D2C1F605 ] \Device\Harddisk0\DR0\Partition2
15:16:37.0433 1992 \Device\Harddisk0\DR0\Partition2 - ok
15:16:37.0471 1992 [ A574BD3BDA54AF824816B319A0133107 ] \Device\Harddisk0\DR0\Partition3
15:16:37.0475 1992 \Device\Harddisk0\DR0\Partition3 - ok
15:16:37.0475 1992 ============================================================
15:16:37.0475 1992 Scan finished
15:16:37.0475 1992 ============================================================
15:16:37.0488 1144 Detected object count: 0
15:16:37.0488 1144 Actual detected object count: 0
  • 0

#13
Jasmyne
Posted 28 November 2012 - 08:22 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
In the scans so far there hasn't been anything for concern, so I have a few questions for you and two more scans to verify there isn't an infection.

1. You have described problems using your internet, in reference to having trouble posting and your email, are these problems present in just Internet Explorer OR Firefox or does it happen in both?

2. Are you experiencing the slowness in other programs on your computer?

3. When you boot your computer does it take the normal amount of time for Windows to load or is it taking much longer than usual?

4. What type of motherboard do you have in your computer?

5. In BIOS you stated that there was a + in front of HDD. What exactly do you see for your boot sequence in BIOS. For instance one of my home computers shows :
CD-ROM Drive
+  Hard Drive
   Network Boot
   Removable Devices

And now the other two scans:

1.Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

2. Run ESET online scan.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan
  • 0

#14
CompCav
Posted 28 November 2012 - 02:52 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I received this in a PM from Bigbug12:

Hi
?!? I was working on the Inspiron with the Windows XP on it and was trying to get it to go on the Internet when it said that it was missing MSI Installer 3.1. So I went to Microsoft and Downloaded saved it to my Removable Disk. And I honestly don't remember what I was doing but the Studio Vista Computer froze and would not restart, I shut it down and restarted and stated no Operating Software found! I shut it of and shoved the Windows Vista in and restarted! I took and formatted all the partitions and reinstalled Windows. Ran the NOD32 program and it stated that there are no Malware! I'm were it's still moving the typing ar it eater ound so I have to correct it. When I hit trhe space bar. I just left what it did so you can see!! As I stated when I hit the space bar or something when I look up it has moved to correct the typing so I have to. As you can moved it again see it just!! It's a little frustrating trying to type!! So it seems I still have something on here?!? I installed Malwarebytes and AVG 2013 Free and both have not found anything?!?
Any way I started to installing MSI Installer on the Inspiron and it froze same as the Studio so I Formatted the hard drive and reinstalled Windows XP Starting to install Malwarebytes and AVG 2013 Free will have to see? Seems to be working.
Sorry I'm not able to tell you what was on the Computer or what repaired it maybe all the Malware programs soften it up!! What ever it was it had total control of the Computer. Is there anything I can do to find out that it's totally gone? Thanks Walt
  • 0

#15
Jasmyne
Posted 29 November 2012 - 08:01 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Most likely if you've done a complete re-install everything is gone now but if you'd like to check to make absolutely sure I would suggest running an ESET online scan.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP