Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

PUP.facethemes Issue [Solved]


  • This topic is locked This topic is locked

#1
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
I seem to be infected with pup.factheme virus. I have an HP 8730 elitebook 8730w running Windows XP Pro with SP3. I have run eset online scanner, MBAM and OTL. I have attached the OTL log and the MBAM logs from thjis morning below. It appears as though the virus is gone, however, each time I run a new scan pup ususally retyurns. Any assistance you can provide would be greatly appreciated. Thanks and have a nice day.

OTL Log:

OTL logfile created on: 1/22/2013 9:40:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.88% Memory free
4.84 Gb Paging File | 3.89 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 187.08 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/04 16:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/11/11 08:16:03 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 18:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 09:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 07:18:25 | 000,367,128 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/05/26 21:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 21:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 05:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 15:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/12 13:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/12 13:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sol.exe
PRC - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 12:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 15:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/13 10:06:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/13 10:06:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/13 10:06:05 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/13 10:05:05 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/13 10:05:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 12:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 12:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/17 18:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2009/02/27 05:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/12 13:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/05/12 13:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 17:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/12/03 12:01:06 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/12/03 12:01:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/03 12:01:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/03 12:01:06 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/12/18 11:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 11:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/17 17:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 09:12:45 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 07:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 07:21:36 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/02 07:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 07:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/07/02 07:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/02 07:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 07:16:16 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/03/31 11:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 04:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/03/19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 13:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 17:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/03/28 17:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/20 00:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = Comcast
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2010/07/11 20:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Live Search (Enabled)
CHR - default_search_provider: search_url = http://search.live.c...ferrer:source?}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ChromeUpdateManager = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\
CHR - Extension: Google Search = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/21 19:43:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0A3EEB-CB54-425B-9A65-6F512B4E88CC}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (VPNGina.dll) - C:\WINDOWS\System32\vpngina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 14:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 09:32:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/18 09:36:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/18 09:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/18 09:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Local Settings\Application Data\Updater21804
[2013/01/18 09:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
[2013/01/18 09:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2013/01/17 23:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Start Menu\Programs\System Progressive Protection
[2013/01/17 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD

========== Files - Modified Within 30 Days ==========

[2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/22 09:30:46 | 000,523,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/22 09:30:46 | 000,095,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/22 09:29:36 | 000,035,285 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/22 09:28:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/22 09:28:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2013/01/22 08:57:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/20 20:28:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2013/01/18 20:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/18 09:36:24 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/13 10:15:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 10:00:03 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/13 09:40:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/11 19:30:25 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 19:30:25 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2013/01/06 08:12:13 | 000,047,685 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf

========== Files Created - No Company Name ==========

[2013/01/06 08:12:11 | 000,047,685 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf
[2012/02/15 20:52:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 22:51:57 | 000,038,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/01 14:29:45 | 000,013,976 | -HS- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\728sn0mgj1
[2012/01/01 14:29:45 | 000,013,976 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\728sn0mgj1
[2011/01/28 15:05:15 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/01/28 15:05:15 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009/10/08 09:26:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Presenter\JavaConnect.ini
[2009/08/12 06:32:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 10:43:17 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.bak

========== ZeroAccess Check ==========

[2013/01/17 23:19:07 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb\@
[2013/01/17 23:19:07 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb\L
[2013/01/18 10:05:04 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb\U
[2009/07/02 08:45:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\SHELL32.dll -- [2012/06/08 09:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/14 23:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/05 10:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/06/01 08:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2012/11/10 19:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/01/16 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/02/12 10:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2013/01/18 06:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD
[2011/06/01 08:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2013/01/18 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/13 10:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/27 11:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2012/04/02 22:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/20 07:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2010/08/04 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/11/03 16:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 20:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 22:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/16 21:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2012/01/16 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\CheckPoint
[2012/01/21 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\ElevatedDiagnostics
[2011/06/01 08:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Flip Video
[2010/06/14 11:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2012/04/02 22:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Research In Motion
[2010/02/16 21:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2010/01/27 13:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/30 23:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2010/07/14 21:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\WinPatrol
[2009/10/08 08:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox

========== Purity Check ==========



< End of report >


MBAM Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Presenter :: TS8730WIMAGE [administrator]

1/22/2013 9:44:46 AM
MBAM-log-2013-01-22 (09-51-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255824
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.
HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.
HKCR\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> No action taken.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\OApps\SelectionLinks.dll (PUP.FaceThemes) -> No action taken.

(end)
  • 0

Advertisement


#2
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
HelloWarden, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

It appears that you have another rootkit infection!


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Please let me know what you decide to do.
  • 0

#3
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
Thanksfor taking the time to assiat with this issue godawgs. I will move forward with the foxes you suggest and then see where we are after that point. I will change all passwrods and use another computer to log in and do all of that while trying to fix this one. Thanks again for your help.
  • 0

#4
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
Hi Warden,

When you ran OTL it should have generated a file named Extras.txt and put it on the desktop. Please post the contents of that file in your next reply.

We need to disable SuperAntiSpyware so it won't interfere with our fixes. To do that:
  • Start the SuperAntiSpyware program
  • Click the General tab.
  • Uncheck the box beside Start SuperAntiSpyware when Windows starts
  • Click the Real-Time Protection tab
  • Uncheck the box beside Enable Real-Time Protection
  • Uncheck the box beside Enable First Chance Protection
  • Click the Close button
  • Restart the computer and make sure that the brown / orange bug is not in the system tray.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/01 14:29:45 | 000,013,976 | -HS- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\728sn0mgj1
[2012/01/01 14:29:45 | 000,013,976 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\728sn0mgj1

:FILES
ipconfig /flushdns /c
C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb

:COMMANDS
[resethosts]
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


IMPORTANT:Change your browser(s) to download any tools to the desktop.

Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to re-enable your Anti-Virus


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additionak options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The ComboFix log
3. The TDSSKiller log
4. The Extras.txt log
  • 0

#5
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
Thanks godawgs. Here is the otlextras file.I will be working on the other stepsnow and will post following tha. Thanks again.

OTL Extras logfile created on: 1/22/2013 9:40:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.88% Memory free
4.84 Gb Paging File | 3.89 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 187.08 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Media Driver Ver.1.02.00.17
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7482779A-D19E-48DA-9CAC-8DB51F949864}" = Lotus Notes 8.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A6F0720-739C-408B-966F-93091631A918}" = Combined Modem Driver Installer
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}" = Cisco AnyConnect VPN Client Start Before Login Components
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E4A72492-6674-46F4-8322-7FE498B6CD17}" = Google Desktop
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F2498378-DB5D-45D2-8C86-46D0C7B2CCC1}" = HP 3D DriveGuard
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}" = AuthenTec Fingerprint System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Autorun Eater_is1" = Autorun Eater v2.4
"AviSynth" = AviSynth 2.5
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"Coupon Companion Plugin" = Coupon Companion Plugin
"eRoom 7" = eRoom 7
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Google Desktop" = Google Desktop
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PDF Complete" = PDF Complete
"PRJSTD" = Microsoft Office Project Standard 2007
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"sl-dlc" = SelectionLinks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Video Mover_is1" = Video Mover
"Videora iPod Converter" = Videora iPod Converter 6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 2:58:00 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:26 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:28 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:42 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/21/2013 12:15:50 PM | Computer Name = TS8730WIMAGE | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/22/2013 4:48:24 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ Application Events ]
Error - 1/18/2013 2:58:00 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:26 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:28 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:42 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/21/2013 12:15:50 PM | Computer Name = TS8730WIMAGE | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/22/2013 4:48:24 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ Application Events ]
Error - 1/18/2013 2:58:00 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:26 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:28 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:42 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/21/2013 12:15:50 PM | Computer Name = TS8730WIMAGE | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/22/2013 4:48:24 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ Application Events ]
Error - 1/18/2013 2:58:00 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:26 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:28 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 1/18/2013 2:58:41 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 2:58:42 PM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\Presenter\Local
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\background.html
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/21/2013 12:15:50 PM | Computer Name = TS8730WIMAGE | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/22/2013 4:48:24 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/22/2013 4:48:48 AM | Computer Name = TS8730WIMAGE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP54\A0012257.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 1/18/2013 9:42:35 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/18/2013 9:47:47 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 9:47:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 9:47:52 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:08 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:08 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:20 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/22/2013 9:58:26 AM | Computer Name = TS8730WIMAGE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/22/2013 10:30:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/22/2013 10:30:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

[ System Events ]
Error - 1/18/2013 9:42:35 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/18/2013 9:47:47 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 9:47:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 9:47:52 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:08 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:08 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/18/2013 11:15:20 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/22/2013 9:58:26 AM | Computer Name = TS8730WIMAGE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/22/2013 10:30:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}

Error - 1/22/2013 10:30:48 AM | Computer Name = TS8730WIMAGE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AffinegyService
with arguments "" in order to run the server: {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}


< End of report >
  • 0

#6
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
GoDawgs, I have failed. I mistakenly didnot save the combo fix log to the dektop prior to running. I am very sorry for not completing this step. I thought I had but clearly did not as I am unable to locate the log file. I apologize again and realize you are taking your valuable time to assist me and I should follow the steps you laid out. I wikllnot run it again unless you instruct me to do so. I have downloaded TDSSKiller but will not run until I hear back. Again, I am sorry for not following your very clear instructions and appreciate your assistance.

Below is the otl fixes log.

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Presenter\Local Settings\Application Data\728sn0mgj1 moved successfully.
C:\Documents and Settings\All Users\Application Data\728sn0mgj1 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Presenter\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Presenter\Desktop\cmd.txt deleted successfully.
C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb\U folder moved successfully.
C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb\L folder moved successfully.
C:\RECYCLER\S-1-5-18\$3ac3af8785d7e4e780b0881016cbc8cb folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01232013_110007
  • 0

#7
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
ComboFix should have put the log in the root directory (C:\ComboFix.txt). If you can't find it there, please do a search for Combofix.txt and see if you can find it.
  • 0

#8
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
It does not appear when I search for it.
  • 0

#9
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
Please re-run ComboFix again. The run TDSSKiller. Using the instructions in post #4
It may help if you print them out or save them to a text file so you will have them.
  • 0

#10
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
OK, here we go.

Combo Fix

ComboFix 13-01-23.01 - Presenter 01/23/2013 11:55:26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2036 [GMT -5:00]
Running from: c:\documents and settings\Presenter\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 16:00 . 2013-01-23 16:00 -------- d-----w- C:\_OTL
2013-01-23 01:10 . 2013-01-23 01:10 -------- d-----w- c:\program files\EMET
2013-01-22 17:25 . 2013-01-22 17:25 -------- d-----w- c:\program files\ESET
2013-01-18 14:38 . 2013-01-12 08:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-18 14:36 . 2013-01-18 14:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-01-18 14:29 . 2013-01-18 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-01-18 14:29 . 2013-01-18 14:29 -------- d-----w- c:\documents and settings\Presenter\Local Settings\Application Data\Updater21804
2013-01-18 14:28 . 2013-01-23 17:00 -------- d-----w- c:\program files\Coupon Companion Plugin
2013-01-18 14:28 . 2013-01-22 22:43 -------- d-----w- c:\program files\OApps
2013-01-18 04:20 . 2013-01-18 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-04-15 20:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-11 00:37 . 2012-08-22 01:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 00:37 . 2011-06-16 00:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-02 1044480]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-10-14 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-02 367128]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2012-08-22 30192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"EMET Notifier"="c:\program files\EMET\EMET_notifier.exe" [2012-05-09 152152]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2009-7-2 153336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-2 197904]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-12 685496]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [7/2/2009 7:54 AM 24064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/12/2008 11:21 AM 1164536]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 11:58 AM 1085440]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [12/6/2008 7:36 AM 3315080]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/2/2009 8:50 AM 777240]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [8/21/2012 8:12 PM 13880]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/6/2007 12:24 PM 116928]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [11/5/2012 10:09 AM 246936]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [7/2/2009 8:44 AM 2058776]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 1:40 PM 477696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/2/2009 8:12 AM 239160]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/2/2009 9:00 AM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/3/2012 1:02 PM 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/2/2009 8:38 AM 44800]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [7/2/2009 8:51 AM 47616]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/2/2009 9:40 AM 30192]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
S4 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [11/5/2012 10:09 AM 152064]
S4 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [11/5/2012 10:09 AM 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
- c:\documents and settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 02:09]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
- c:\documents and settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: bitdefender.com
Trusted Zone: geekstogo.com\www
TCP: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://bos-link01a.raytheon.com/CACHE/stc/1/binaries/vpnweb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-23 12:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\VPNGina.dll
.
- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Lotus\Notes\ntmulti.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Autorun Eater\billy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2013-01-23 12:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-23 17:09
.
Pre-Run: 200,541,696,000 bytes free
Post-Run: 200,938,168,320 bytes free
.
- - End Of File - - 3B092CBD0D862159DA9A23548E7BBE39


TDSSKiller

12:15:04.0156 6072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:15:04.0718 6072 ============================================================
12:15:04.0718 6072 Current date / time: 2013/01/23 12:15:04.0718
12:15:04.0718 6072 SystemInfo:
12:15:04.0718 6072
12:15:04.0718 6072 OS Version: 5.1.2600 ServicePack: 3.0
12:15:04.0718 6072 Product type: Workstation
12:15:04.0718 6072 ComputerName: TS8730WIMAGE
12:15:04.0718 6072 UserName: Presenter
12:15:04.0718 6072 Windows directory: C:\WINDOWS
12:15:04.0718 6072 System windows directory: C:\WINDOWS
12:15:04.0718 6072 Processor architecture: Intel x86
12:15:04.0718 6072 Number of processors: 2
12:15:04.0718 6072 Page size: 0x1000
12:15:04.0718 6072 Boot type: Normal boot
12:15:04.0718 6072 ============================================================
12:15:06.0234 6072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:15:06.0265 6072 ============================================================
12:15:06.0265 6072 \Device\Harddisk0\DR0:
12:15:06.0265 6072 MBR partitions:
12:15:06.0265 6072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
12:15:06.0265 6072 ============================================================
12:15:06.0328 6072 C: <-> \Device\Harddisk0\DR0\Partition1
12:15:06.0328 6072 ============================================================
12:15:06.0328 6072 Initialize success
12:15:06.0328 6072 ============================================================
12:16:00.0375 2056 ============================================================
12:16:00.0375 2056 Scan started
12:16:00.0375 2056 Mode: Manual; SigCheck; TDLFS;
12:16:00.0375 2056 ============================================================
12:16:00.0734 2056 ================ Scan system memory ========================
12:16:00.0968 2056 System memory - ok
12:16:00.0984 2056 ================ Scan services =============================
12:16:01.0031 2056 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:16:01.0109 2056 !SASCORE - ok
12:16:01.0187 2056 Abiosdsk - ok
12:16:01.0187 2056 abp480n5 - ok
12:16:01.0250 2056 [ A0BAABB7D3549460E3F8C5AD6F778683 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
12:16:01.0265 2056 Accelerometer - ok
12:16:01.0312 2056 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:16:01.0515 2056 ACPI - ok
12:16:01.0515 2056 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:16:01.0609 2056 ACPIEC - ok
12:16:01.0625 2056 [ 2DC6FF5DA4EA7CA1D4128A7541734B9F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:16:01.0703 2056 ADIHdAudAddService - ok
12:16:01.0703 2056 adpu160m - ok
12:16:01.0703 2056 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
12:16:01.0734 2056 AEAudio - ok
12:16:01.0750 2056 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:16:01.0875 2056 aec - ok
12:16:01.0921 2056 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:16:01.0984 2056 AFD - ok
12:16:02.0109 2056 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
12:16:02.0156 2056 AffinegyService - ok
12:16:02.0156 2056 AFGMp50 - ok
12:16:02.0203 2056 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
12:16:02.0234 2056 AFGSp50 - ok
12:16:02.0265 2056 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:16:02.0312 2056 AgereModemAudio - ok
12:16:02.0390 2056 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:16:02.0640 2056 AgereSoftModem - ok
12:16:02.0640 2056 Aha154x - ok
12:16:02.0640 2056 aic78u2 - ok
12:16:02.0640 2056 aic78xx - ok
12:16:02.0671 2056 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:16:02.0796 2056 Alerter - ok
12:16:02.0828 2056 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:16:02.0921 2056 ALG - ok
12:16:02.0937 2056 AliIde - ok
12:16:02.0937 2056 amsint - ok
12:16:03.0062 2056 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:16:03.0093 2056 Apple Mobile Device - ok
12:16:03.0125 2056 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:16:03.0234 2056 AppMgmt - ok
12:16:03.0250 2056 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:16:03.0375 2056 Arp1394 - ok
12:16:03.0375 2056 asc - ok
12:16:03.0375 2056 asc3350p - ok
12:16:03.0375 2056 asc3550 - ok
12:16:03.0500 2056 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:16:03.0515 2056 aspnet_state - ok
12:16:03.0531 2056 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:16:03.0640 2056 AsyncMac - ok
12:16:03.0656 2056 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:16:03.0937 2056 atapi - ok
12:16:03.0937 2056 Atdisk - ok
12:16:03.0953 2056 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:16:04.0078 2056 Atmarpc - ok
12:16:04.0187 2056 [ A5D12CA24721C86EA949D5F88C6C0D72 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
12:16:04.0234 2056 ATService - ok
12:16:04.0281 2056 [ C74E3D37625166C8A81FC07F796BC1AC ] ATSwpWDF C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
12:16:04.0296 2056 ATSwpWDF - ok
12:16:04.0359 2056 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:16:04.0484 2056 AudioSrv - ok
12:16:04.0515 2056 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:04.0609 2056 audstub - ok
12:16:04.0656 2056 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:16:04.0765 2056 Beep - ok
12:16:04.0812 2056 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
12:16:04.0828 2056 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
12:16:04.0828 2056 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
12:16:04.0828 2056 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
12:16:04.0859 2056 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
12:16:04.0859 2056 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
12:16:04.0906 2056 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:16:05.0015 2056 BITS - ok
12:16:05.0281 2056 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:16:05.0312 2056 Bonjour Service - ok
12:16:05.0343 2056 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:16:05.0437 2056 Browser - ok
12:16:05.0453 2056 [ 5BCF6090B825DEF29065BDBD59691DBE ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
12:16:05.0484 2056 btaudio - ok
12:16:05.0531 2056 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:16:05.0609 2056 BTKRNL - ok
12:16:05.0796 2056 [ 565C79C4C00AF8D1C7500146B0B09562 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:16:05.0828 2056 btwdins - ok
12:16:05.0843 2056 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:16:05.0875 2056 BTWUSB - ok
12:16:05.0875 2056 catchme - ok
12:16:05.0921 2056 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:06.0093 2056 cbidf2k - ok
12:16:06.0140 2056 [ 73A35AD810CB750367CC01564A44B0E7 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
12:16:06.0156 2056 ccEvtMgr - ok
12:16:06.0171 2056 [ 5E32D63B71495A8EDA09F05BD153A537 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
12:16:06.0187 2056 ccSetMgr - ok
12:16:06.0187 2056 cd20xrnt - ok
12:16:06.0187 2056 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:06.0250 2056 Cdaudio - ok
12:16:06.0312 2056 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:06.0375 2056 Cdfs - ok
12:16:06.0421 2056 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:06.0484 2056 Cdrom - ok
12:16:06.0484 2056 Changer - ok
12:16:06.0500 2056 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:16:06.0578 2056 CiSvc - ok
12:16:06.0593 2056 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:16:06.0656 2056 ClipSrv - ok
12:16:06.0718 2056 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:06.0734 2056 clr_optimization_v2.0.50727_32 - ok
12:16:06.0781 2056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:16:06.0796 2056 clr_optimization_v4.0.30319_32 - ok
12:16:06.0828 2056 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:06.0906 2056 CmBatt - ok
12:16:06.0906 2056 CmdIde - ok
12:16:07.0031 2056 [ AB420FA8EE829F80D5FE56B866432DA8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:16:07.0046 2056 Com4QLBEx - ok
12:16:07.0046 2056 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:07.0125 2056 Compbatt - ok
12:16:07.0125 2056 COMSysApp - ok
12:16:07.0140 2056 Cpqarray - ok
12:16:07.0171 2056 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:16:07.0296 2056 CryptSvc - ok
12:16:07.0312 2056 dac2w2k - ok
12:16:07.0312 2056 dac960nt - ok
12:16:07.0359 2056 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:16:07.0453 2056 DcomLaunch - ok
12:16:07.0546 2056 [ 2A946F625D7BE6EE1600C0DE8D7CD0C6 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
12:16:07.0546 2056 DefWatch - ok
12:16:07.0562 2056 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:16:07.0671 2056 Dhcp - ok
12:16:07.0687 2056 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:07.0859 2056 Disk - ok
12:16:07.0859 2056 dmadmin - ok
12:16:07.0890 2056 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:16:08.0031 2056 dmboot - ok
12:16:08.0046 2056 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:16:08.0156 2056 dmio - ok
12:16:08.0156 2056 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:16:08.0234 2056 dmload - ok
12:16:08.0234 2056 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:16:08.0296 2056 dmserver - ok
12:16:08.0390 2056 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:16:08.0468 2056 DMusic - ok
12:16:08.0500 2056 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:16:08.0578 2056 Dnscache - ok
12:16:08.0593 2056 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:16:08.0656 2056 Dot3svc - ok
12:16:08.0656 2056 dpti2o - ok
12:16:08.0656 2056 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:08.0718 2056 drmkaud - ok
12:16:08.0765 2056 [ 340B96044611F8D7EC2514A989D6E5F7 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
12:16:08.0781 2056 e1yexpress - ok
12:16:08.0781 2056 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:16:08.0890 2056 EapHost - ok
12:16:08.0953 2056 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:16:08.0968 2056 eeCtrl - ok
12:16:08.0968 2056 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:16:08.0984 2056 EraserUtilRebootDrv - ok
12:16:09.0015 2056 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:16:09.0078 2056 ERSvc - ok
12:16:09.0125 2056 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:16:09.0171 2056 Eventlog - ok
12:16:09.0218 2056 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:16:09.0234 2056 EventSystem - ok
12:16:09.0296 2056 [ 53CCA6B4DF0977074E85C9A18F42B5CC ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:16:09.0359 2056 EvtEng - ok
12:16:09.0437 2056 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:09.0578 2056 Fastfat - ok
12:16:09.0609 2056 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:16:09.0671 2056 FastUserSwitchingCompatibility - ok
12:16:09.0687 2056 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:16:09.0796 2056 Fdc - ok
12:16:09.0812 2056 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:16:09.0921 2056 Fips - ok
12:16:10.0031 2056 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
12:16:10.0062 2056 FlipShare Service - ok
12:16:10.0187 2056 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
12:16:10.0250 2056 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
12:16:10.0250 2056 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
12:16:10.0250 2056 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:10.0359 2056 Flpydisk - ok
12:16:10.0437 2056 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:16:10.0531 2056 FltMgr - ok
12:16:10.0609 2056 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:10.0625 2056 FontCache3.0.0.0 - ok
12:16:10.0640 2056 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:10.0718 2056 Fs_Rec - ok
12:16:10.0718 2056 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:10.0796 2056 Ftdisk - ok
12:16:10.0812 2056 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:16:10.0828 2056 GEARAspiWDM - ok
12:16:10.0921 2056 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:16:10.0937 2056 GoogleDesktopManager-051210-111108 - ok
12:16:10.0937 2056 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:11.0015 2056 Gpc - ok
12:16:11.0031 2056 [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
12:16:11.0062 2056 HBtnKey - ok
12:16:11.0109 2056 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:16:11.0187 2056 HDAudBus - ok
12:16:11.0218 2056 [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
12:16:11.0265 2056 HECI - ok
12:16:11.0343 2056 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:11.0406 2056 helpsvc - ok
12:16:11.0437 2056 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:16:11.0500 2056 HidServ - ok
12:16:11.0531 2056 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:11.0593 2056 hidusb - ok
12:16:11.0625 2056 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:16:11.0687 2056 hkmsvc - ok
12:16:11.0718 2056 [ 9F620E11B80B74F4DAB50A81A5DF357F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
12:16:11.0734 2056 hpdskflt - ok
12:16:11.0734 2056 hpn - ok
12:16:11.0734 2056 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
12:16:11.0796 2056 HpqKbFiltr - ok
12:16:11.0859 2056 [ 111F2E783FF94FB55D42B8CF7114B4A3 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:16:11.0859 2056 hpqwmiex - ok
12:16:11.0906 2056 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:16:11.0984 2056 HPZid412 - ok
12:16:12.0000 2056 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:16:12.0015 2056 HPZipr12 - ok
12:16:12.0031 2056 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:16:12.0062 2056 HPZius12 - ok
12:16:12.0109 2056 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:12.0140 2056 HTTP - ok
12:16:12.0171 2056 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:16:12.0234 2056 HTTPFilter - ok
12:16:12.0234 2056 i2omgmt - ok
12:16:12.0234 2056 i2omp - ok
12:16:12.0250 2056 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:12.0359 2056 i8042prt - ok
12:16:12.0453 2056 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:12.0578 2056 idsvc - ok
12:16:12.0625 2056 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:16:12.0703 2056 IFXTPM - ok
12:16:12.0750 2056 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:12.0843 2056 Imapi - ok
12:16:12.0890 2056 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:16:13.0000 2056 ImapiService - ok
12:16:13.0015 2056 ini910u - ok
12:16:13.0015 2056 IntelIde - ok
12:16:13.0093 2056 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:16:13.0203 2056 intelppm - ok
12:16:13.0296 2056 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:16:13.0406 2056 Ip6Fw - ok
12:16:13.0437 2056 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:13.0562 2056 IpFilterDriver - ok
12:16:13.0578 2056 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:13.0671 2056 IpInIp - ok
12:16:13.0718 2056 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:13.0984 2056 IpNat - ok
12:16:14.0046 2056 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:16:14.0078 2056 iPod Service - ok
12:16:14.0093 2056 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:14.0156 2056 IPSec - ok
12:16:14.0203 2056 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:14.0250 2056 IRENUM - ok
12:16:14.0281 2056 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:14.0406 2056 isapnp - ok
12:16:14.0453 2056 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:16:14.0468 2056 IviRegMgr - ok
12:16:14.0531 2056 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:16:14.0546 2056 JavaQuickStarterService - ok
12:16:14.0546 2056 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:14.0656 2056 Kbdclass - ok
12:16:14.0687 2056 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:16:14.0734 2056 kbdhid - ok
12:16:14.0765 2056 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:16:14.0812 2056 kmixer - ok
12:16:14.0843 2056 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:14.0875 2056 KSecDD - ok
12:16:14.0921 2056 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:16:14.0968 2056 LanmanServer - ok
12:16:15.0015 2056 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:16:15.0062 2056 lanmanworkstation - ok
12:16:15.0062 2056 lbrtfdc - ok
12:16:15.0296 2056 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:16:15.0484 2056 LiveUpdate - ok
12:16:15.0531 2056 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:16:15.0718 2056 LmHosts - ok
12:16:15.0796 2056 [ 4647CD914B94678804519F4A657EBDDC ] LMS C:\Program Files\Intel\AMT\LMS.exe
12:16:15.0812 2056 LMS - ok
12:16:15.0984 2056 [ B3D9798AB0B7A78B9B1F5BF139DCCE57 ] Lotus Notes Diagnostics C:\Program Files\Lotus\Notes\nsd.exe
12:16:16.0156 2056 Lotus Notes Diagnostics - ok
12:16:16.0187 2056 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:16:16.0250 2056 Messenger - ok
12:16:16.0281 2056 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:16.0375 2056 mnmdd - ok
12:16:16.0421 2056 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:16:16.0484 2056 mnmsrvc - ok
12:16:16.0500 2056 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:16:16.0578 2056 Modem - ok
12:16:16.0609 2056 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:16.0671 2056 Mouclass - ok
12:16:16.0718 2056 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:16.0781 2056 mouhid - ok
12:16:16.0781 2056 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:16.0859 2056 MountMgr - ok
12:16:16.0859 2056 mraid35x - ok
12:16:16.0890 2056 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:16.0937 2056 MRxDAV - ok
12:16:16.0968 2056 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:17.0015 2056 MRxSmb - ok
12:16:17.0062 2056 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:16:17.0109 2056 MSDTC - ok
12:16:17.0125 2056 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:16:17.0171 2056 Msfs - ok
12:16:17.0171 2056 MSIServer - ok
12:16:17.0187 2056 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:17.0250 2056 MSKSSRV - ok
12:16:17.0265 2056 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:17.0328 2056 MSPCLOCK - ok
12:16:17.0343 2056 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:16:17.0406 2056 MSPQM - ok
12:16:17.0453 2056 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:16:17.0515 2056 mssmbios - ok
12:16:17.0531 2056 [ 2A1394CF0A66F9F582BBD71E5AF9BC60 ] Multi-user Cleanup Service C:\Program Files\Lotus\Notes\ntmulti.exe
12:16:17.0531 2056 Multi-user Cleanup Service - ok
12:16:17.0562 2056 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:16:17.0562 2056 Mup - ok
12:16:17.0609 2056 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:16:17.0671 2056 napagent - ok
12:16:17.0828 2056 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\naveng.sys
12:16:17.0843 2056 NAVENG - ok
12:16:17.0875 2056 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\navex15.sys
12:16:17.0937 2056 NAVEX15 - ok
12:16:17.0953 2056 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:16:18.0046 2056 NDIS - ok
12:16:18.0109 2056 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:16:18.0109 2056 NdisTapi - ok
12:16:18.0156 2056 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:16:18.0250 2056 Ndisuio - ok
12:16:18.0281 2056 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:16:18.0406 2056 NdisWan - ok
12:16:18.0421 2056 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:16:18.0484 2056 NDProxy - ok
12:16:18.0515 2056 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:16:18.0515 2056 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:16:18.0515 2056 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:16:18.0546 2056 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:16:18.0640 2056 NetBIOS - ok
12:16:18.0687 2056 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:16:18.0796 2056 NetBT - ok
12:16:18.0828 2056 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:16:18.0953 2056 NetDDE - ok
12:16:18.0953 2056 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:16:19.0015 2056 NetDDEdsdm - ok
12:16:19.0046 2056 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:16:19.0109 2056 Netlogon - ok
12:16:19.0156 2056 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:16:19.0218 2056 Netman - ok
12:16:19.0250 2056 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:16:19.0265 2056 NetTcpPortSharing - ok
12:16:19.0375 2056 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:16:19.0593 2056 NETw5x32 - ok
12:16:19.0609 2056 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:16:19.0703 2056 NIC1394 - ok
12:16:19.0734 2056 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:16:19.0750 2056 Nla - ok
12:16:19.0796 2056 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:16:19.0921 2056 Npfs - ok
12:16:19.0968 2056 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:16:20.0078 2056 Ntfs - ok
12:16:20.0109 2056 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:16:20.0203 2056 NtLmSsp - ok
12:16:20.0234 2056 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:16:20.0343 2056 NtmsSvc - ok
12:16:20.0421 2056 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:16:20.0531 2056 Null - ok
12:16:20.0781 2056 [ 6AD9EE567A67C010DFAE9F25D172A0AA ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:16:21.0343 2056 nv - ok
12:16:21.0437 2056 [ C0798084837E229BFC42A77313CF0EAE ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
12:16:21.0453 2056 nvsvc - ok
12:16:21.0500 2056 [ FC2A8AAA0F3321F41231EDE0AF1968AE ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
12:16:21.0562 2056 NWADI - ok
12:16:21.0609 2056 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:16:21.0671 2056 NwlnkFlt - ok
12:16:21.0687 2056 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:16:21.0734 2056 NwlnkFwd - ok
12:16:21.0781 2056 [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
12:16:21.0796 2056 NWUSBCDFIL - ok
12:16:21.0828 2056 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
12:16:21.0906 2056 NWUSBModem - ok
12:16:21.0921 2056 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
12:16:21.0937 2056 NWUSBPort - ok
12:16:21.0937 2056 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
12:16:21.0968 2056 NWUSBPort2 - ok
12:16:22.0156 2056 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:16:22.0218 2056 odserv - ok
12:16:22.0281 2056 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:16:22.0406 2056 ohci1394 - ok
12:16:22.0468 2056 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:22.0484 2056 ose - ok
12:16:22.0531 2056 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:16:22.0656 2056 Parport - ok
12:16:22.0671 2056 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:16:22.0781 2056 PartMgr - ok
12:16:22.0828 2056 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:16:22.0921 2056 ParVdm - ok
12:16:22.0953 2056 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
12:16:22.0968 2056 PCASp50 - ok
12:16:22.0968 2056 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:16:23.0078 2056 PCI - ok
12:16:23.0078 2056 PCIDump - ok
12:16:23.0078 2056 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:16:23.0187 2056 PCIIde - ok
12:16:23.0187 2056 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:16:23.0250 2056 Pcmcia - ok
12:16:23.0250 2056 PDCOMP - ok
12:16:23.0296 2056 pdfcDispatcher - ok
12:16:23.0296 2056 PDFRAME - ok
12:16:23.0296 2056 PDRELI - ok
12:16:23.0312 2056 PDRFRAME - ok
12:16:23.0312 2056 perc2 - ok
12:16:23.0312 2056 perc2hib - ok
12:16:23.0328 2056 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:16:23.0343 2056 PlugPlay - ok
12:16:23.0390 2056 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:16:23.0406 2056 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:16:23.0406 2056 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:16:23.0421 2056 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:16:23.0468 2056 PolicyAgent - ok
12:16:23.0500 2056 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:16:23.0578 2056 PptpMiniport - ok
12:16:23.0578 2056 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:16:23.0640 2056 ProtectedStorage - ok
12:16:23.0640 2056 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:16:23.0953 2056 PSched - ok
12:16:24.0015 2056 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:16:24.0031 2056 PSI_SVC_2 - ok
12:16:24.0046 2056 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:16:24.0140 2056 Ptilink - ok
12:16:24.0140 2056 ql1080 - ok
12:16:24.0140 2056 Ql10wnt - ok
12:16:24.0140 2056 ql12160 - ok
12:16:24.0140 2056 ql1240 - ok
12:16:24.0140 2056 ql1280 - ok
12:16:24.0156 2056 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:16:24.0234 2056 RasAcd - ok
12:16:24.0265 2056 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:16:24.0343 2056 RasAuto - ok
12:16:24.0375 2056 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:16:24.0468 2056 Rasl2tp - ok
12:16:24.0500 2056 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:16:24.0593 2056 RasMan - ok
12:16:24.0609 2056 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:16:24.0781 2056 RasPppoe - ok
12:16:24.0781 2056 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:16:24.0875 2056 Raspti - ok
12:16:24.0906 2056 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:16:24.0984 2056 Rdbss - ok
12:16:25.0015 2056 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:16:25.0062 2056 RDPCDD - ok
12:16:25.0109 2056 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:16:25.0156 2056 rdpdr - ok
12:16:25.0203 2056 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:16:25.0234 2056 RDPWD - ok
12:16:25.0281 2056 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:16:25.0359 2056 RDSessMgr - ok
12:16:25.0390 2056 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:16:25.0453 2056 redbook - ok
12:16:25.0484 2056 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:16:25.0500 2056 regi - ok
12:16:25.0546 2056 [ 7C4391419852DFC331F6AF620C33AF3C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:16:25.0578 2056 RegSrvc - ok
12:16:25.0609 2056 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:16:25.0703 2056 RemoteAccess - ok
12:16:25.0734 2056 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:16:25.0812 2056 RemoteRegistry - ok
12:16:25.0859 2056 [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:16:25.0875 2056 rimmptsk - ok
12:16:25.0890 2056 [ D7E09BC852684A7B1FC0F74FE090D45A ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:16:25.0906 2056 rimsptsk - ok
12:16:25.0937 2056 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
12:16:25.0984 2056 RimUsb - ok
12:16:26.0000 2056 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:16:26.0015 2056 RimVSerPort - ok
12:16:26.0015 2056 [ 7C21554942BEF51CBD84FD7D4E62CB9A ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
12:16:26.0031 2056 rismc32 - ok
12:16:26.0031 2056 [ B0A7494A9BA7909EFAC64E05D3F160DB ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:16:26.0046 2056 rismxdp - ok
12:16:26.0093 2056 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:16:26.0203 2056 ROOTMODEM - ok
12:16:26.0218 2056 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:16:26.0328 2056 RpcLocator - ok
12:16:26.0359 2056 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:16:26.0375 2056 RpcSs - ok
12:16:26.0421 2056 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:16:26.0515 2056 RSVP - ok
12:16:26.0593 2056 [ 55CCC8CED5778556F6B516B3858AC970 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
12:16:26.0671 2056 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:16:26.0671 2056 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:16:26.0718 2056 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:16:26.0734 2056 s24trans - ok
12:16:26.0750 2056 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:16:26.0843 2056 SamSs - ok
12:16:26.0953 2056 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:16:26.0953 2056 SASDIFSV - ok
12:16:26.0968 2056 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:16:26.0968 2056 SASKUTIL - ok
12:16:27.0015 2056 [ 8E381204B4431DBC480DEBC830F0CFDC ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
12:16:27.0031 2056 SavRoam - ok
12:16:27.0046 2056 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
12:16:27.0078 2056 SAVRT - ok
12:16:27.0109 2056 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
12:16:27.0125 2056 SAVRTPEL - ok
12:16:27.0140 2056 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:16:27.0265 2056 SCardSvr - ok
12:16:27.0343 2056 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:16:27.0484 2056 Schedule - ok
12:16:27.0515 2056 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:16:27.0671 2056 sdbus - ok
12:16:27.0703 2056 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:16:27.0750 2056 Secdrv - ok
12:16:27.0796 2056 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:16:27.0890 2056 seclogon - ok
12:16:27.0906 2056 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:16:28.0015 2056 SENS - ok
12:16:28.0046 2056 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:16:28.0140 2056 Serenum - ok
12:16:28.0171 2056 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:16:28.0265 2056 Serial - ok
12:16:28.0281 2056 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
12:16:28.0296 2056 SFAUDIO - ok
12:16:28.0343 2056 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:16:28.0437 2056 Sfloppy - ok
12:16:28.0468 2056 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:16:28.0578 2056 SharedAccess - ok
12:16:28.0671 2056 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:16:28.0687 2056 ShellHWDetection - ok
12:16:28.0687 2056 Simbad - ok
12:16:28.0718 2056 [ 5BD0C3EEA602ECD57679ABF892CA6E8B ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
12:16:28.0734 2056 SNDSrvc - ok
12:16:28.0734 2056 Sparrow - ok
12:16:28.0796 2056 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:16:28.0828 2056 SPBBCDrv - ok
12:16:28.0875 2056 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
12:16:28.0953 2056 SPBBCSvc - ok
12:16:28.0984 2056 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:16:29.0093 2056 splitter - ok
12:16:29.0140 2056 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:16:29.0171 2056 Spooler - ok
12:16:29.0171 2056 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:16:29.0218 2056 sr - ok
12:16:29.0281 2056 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:16:29.0328 2056 srservice - ok
12:16:29.0359 2056 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:16:29.0406 2056 Srv - ok
12:16:29.0453 2056 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:16:29.0500 2056 SSDPSRV - ok
12:16:29.0562 2056 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:16:29.0656 2056 stisvc - ok
12:16:29.0687 2056 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:16:29.0781 2056 swenum - ok
12:16:29.0796 2056 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:16:29.0890 2056 swmidi - ok
12:16:29.0953 2056 [ 150AB4FA272130EC55B2A4FAEBDF47F9 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
12:16:29.0953 2056 swmsflt - ok
12:16:29.0968 2056 SwPrv - ok
12:16:30.0000 2056 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
12:16:30.0015 2056 sxuptp - ok
12:16:30.0109 2056 [ E9920BA62382CC9A59694BF3DF890799 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
12:16:30.0187 2056 Symantec AntiVirus - ok
12:16:30.0187 2056 symc810 - ok
12:16:30.0187 2056 symc8xx - ok
12:16:30.0218 2056 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:16:30.0234 2056 SymEvent - ok
12:16:30.0265 2056 [ 7DE45DFEBB51E56D7C795BD0C2D7AEF5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:16:30.0265 2056 SYMREDRV - ok
12:16:30.0312 2056 [ E1444C6095D67CA4EF6BA192CF7FA91A ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:16:30.0328 2056 SYMTDI - ok
12:16:30.0328 2056 sym_hi - ok
12:16:30.0343 2056 sym_u3 - ok
12:16:30.0375 2056 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:16:30.0437 2056 SynTP - ok
12:16:30.0453 2056 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:16:30.0578 2056 sysaudio - ok
12:16:30.0625 2056 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:16:30.0734 2056 SysmonLog - ok
12:16:30.0765 2056 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:16:30.0859 2056 TapiSrv - ok
12:16:30.0875 2056 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:16:30.0906 2056 Tcpip - ok
12:16:30.0953 2056 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:16:31.0046 2056 TDPIPE - ok
12:16:31.0078 2056 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:16:31.0171 2056 TDTCP - ok
12:16:31.0203 2056 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:16:31.0296 2056 TermDD - ok
12:16:31.0312 2056 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:16:31.0437 2056 TermService - ok
12:16:31.0468 2056 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:16:31.0484 2056 Themes - ok
12:16:31.0500 2056 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:16:31.0546 2056 TlntSvr - ok
12:16:31.0546 2056 TosIde - ok
12:16:31.0546 2056 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:16:31.0671 2056 TrkWks - ok
12:16:31.0687 2056 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:16:31.0812 2056 Udfs - ok
12:16:31.0812 2056 ultra - ok
12:16:31.0921 2056 [ EFD150CDD5AA3269118EF500222B88E0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
12:16:32.0000 2056 UNS - ok
12:16:32.0000 2056 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:16:32.0109 2056 Update - ok
12:16:32.0140 2056 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:16:32.0171 2056 upnphost - ok
12:16:32.0171 2056 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:16:32.0234 2056 UPS - ok
12:16:32.0265 2056 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:16:32.0281 2056 USBAAPL - ok
12:16:32.0312 2056 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:16:32.0375 2056 usbccgp - ok
12:16:32.0421 2056 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:16:32.0484 2056 usbehci - ok
12:16:32.0484 2056 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:16:32.0546 2056 usbhub - ok
12:16:32.0578 2056 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:16:32.0640 2056 usbprint - ok
12:16:32.0671 2056 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:16:32.0718 2056 usbscan - ok
12:16:32.0765 2056 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:16:32.0812 2056 USBSTOR - ok
12:16:32.0843 2056 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:16:32.0890 2056 usbuhci - ok
12:16:32.0937 2056 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:16:33.0000 2056 VgaSave - ok
12:16:33.0000 2056 ViaIde - ok
12:16:33.0046 2056 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:16:33.0093 2056 VolSnap - ok
12:16:33.0203 2056 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:16:33.0218 2056 vpnagent - ok
12:16:33.0265 2056 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
12:16:33.0281 2056 vpnva - ok
12:16:33.0328 2056 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:16:33.0406 2056 VSS - ok
12:16:33.0437 2056 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:16:33.0531 2056 W32Time - ok
12:16:33.0531 2056 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:16:33.0593 2056 Wanarp - ok
12:16:33.0640 2056 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:16:33.0656 2056 Wdf01000 - ok
12:16:33.0656 2056 WDICA - ok
12:16:33.0671 2056 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:16:33.0953 2056 wdmaud - ok
12:16:33.0968 2056 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:16:34.0031 2056 WebClient - ok
12:16:34.0171 2056 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:16:34.0281 2056 winmgmt - ok
12:16:34.0343 2056 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:16:34.0468 2056 WinRM - ok
12:16:34.0515 2056 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:16:34.0546 2056 WmdmPmSN - ok
12:16:34.0609 2056 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:16:34.0640 2056 Wmi - ok
12:16:34.0671 2056 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:16:34.0734 2056 WmiAcpi - ok
12:16:34.0796 2056 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:16:34.0859 2056 WmiApSrv - ok
12:16:34.0937 2056 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:16:35.0000 2056 WMPNetworkSvc - ok
12:16:35.0125 2056 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:16:35.0171 2056 WPFFontCache_v0400 - ok
12:16:35.0234 2056 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:16:35.0328 2056 WS2IFSL - ok
12:16:35.0375 2056 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:16:35.0484 2056 wscsvc - ok
12:16:35.0500 2056 WSearch - ok
12:16:35.0531 2056 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:16:35.0640 2056 wuauserv - ok
12:16:35.0687 2056 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:16:35.0734 2056 WudfPf - ok
12:16:35.0765 2056 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:16:35.0781 2056 WudfRd - ok
12:16:35.0796 2056 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:16:35.0812 2056 WudfSvc - ok
12:16:35.0843 2056 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:16:35.0953 2056 WZCSVC - ok
12:16:35.0984 2056 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:16:36.0093 2056 xmlprov - ok
12:16:36.0093 2056 ================ Scan global ===============================
12:16:36.0140 2056 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:16:36.0203 2056 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:16:36.0218 2056 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:16:36.0234 2056 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:16:36.0234 2056 [Global] - ok
12:16:36.0234 2056 ================ Scan MBR ==================================
12:16:36.0250 2056 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:16:36.0546 2056 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:16:36.0546 2056 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:16:36.0546 2056 ================ Scan VBR ==================================
12:16:36.0546 2056 [ 5BC6E2A8C5A520CB9004E29EBF1186E2 ] \Device\Harddisk0\DR0\Partition1
12:16:36.0546 2056 \Device\Harddisk0\DR0\Partition1 - ok
12:16:36.0546 2056 ============================================================
12:16:36.0546 2056 Scan finished
12:16:36.0546 2056 ============================================================
12:16:36.0656 4580 Detected object count: 7
12:16:36.0656 4580 Actual detected object count: 7
12:16:49.0640 4580 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0640 4580 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0640 4580 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0640 4580 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0640 4580 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0640 4580 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0640 4580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0640 4580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0671 4580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0671 4580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0671 4580 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:49.0671 4580 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:49.0687 4580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:16:49.0687 4580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:17:50.0781 3300 ============================================================
12:17:50.0781 3300 Scan started
12:17:50.0781 3300 Mode: Manual; SigCheck; TDLFS;
12:17:50.0781 3300 ============================================================
12:17:51.0109 3300 ================ Scan system memory ========================
12:17:51.0265 3300 System memory - ok
12:17:51.0265 3300 ================ Scan services =============================
12:17:51.0406 3300 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:17:51.0421 3300 !SASCORE - ok
12:17:51.0484 3300 Abiosdsk - ok
12:17:51.0484 3300 abp480n5 - ok
12:17:51.0546 3300 [ A0BAABB7D3549460E3F8C5AD6F778683 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
12:17:51.0546 3300 Accelerometer - ok
12:17:51.0609 3300 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:17:51.0687 3300 ACPI - ok
12:17:51.0687 3300 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:17:51.0750 3300 ACPIEC - ok
12:17:51.0796 3300 [ 2DC6FF5DA4EA7CA1D4128A7541734B9F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:17:51.0812 3300 ADIHdAudAddService - ok
12:17:51.0812 3300 adpu160m - ok
12:17:51.0812 3300 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
12:17:51.0828 3300 AEAudio - ok
12:17:51.0859 3300 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:17:51.0921 3300 aec - ok
12:17:51.0968 3300 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:17:52.0015 3300 AFD - ok
12:17:52.0093 3300 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
12:17:52.0109 3300 AffinegyService - ok
12:17:52.0109 3300 AFGMp50 - ok
12:17:52.0171 3300 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
12:17:52.0171 3300 AFGSp50 - ok
12:17:52.0203 3300 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:17:52.0203 3300 AgereModemAudio - ok
12:17:52.0281 3300 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:17:52.0312 3300 AgereSoftModem - ok
12:17:52.0312 3300 Aha154x - ok
12:17:52.0312 3300 aic78u2 - ok
12:17:52.0312 3300 aic78xx - ok
12:17:52.0375 3300 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:17:52.0453 3300 Alerter - ok
12:17:52.0453 3300 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:17:52.0484 3300 ALG - ok
12:17:52.0500 3300 AliIde - ok
12:17:52.0500 3300 amsint - ok
12:17:52.0625 3300 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:17:52.0640 3300 Apple Mobile Device - ok
12:17:52.0671 3300 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:17:52.0718 3300 AppMgmt - ok
12:17:52.0750 3300 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:17:52.0843 3300 Arp1394 - ok
12:17:52.0843 3300 asc - ok
12:17:52.0843 3300 asc3350p - ok
12:17:52.0843 3300 asc3550 - ok
12:17:52.0984 3300 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:17:53.0000 3300 aspnet_state - ok
12:17:53.0015 3300 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:17:53.0140 3300 AsyncMac - ok
12:17:53.0171 3300 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:17:53.0265 3300 atapi - ok
12:17:53.0265 3300 Atdisk - ok
12:17:53.0359 3300 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:17:53.0484 3300 Atmarpc - ok
12:17:53.0546 3300 [ A5D12CA24721C86EA949D5F88C6C0D72 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
12:17:53.0593 3300 ATService - ok
12:17:53.0640 3300 [ C74E3D37625166C8A81FC07F796BC1AC ] ATSwpWDF C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
12:17:53.0656 3300 ATSwpWDF - ok
12:17:53.0703 3300 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:17:54.0015 3300 AudioSrv - ok
12:17:54.0062 3300 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:17:54.0156 3300 audstub - ok
12:17:54.0203 3300 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:17:54.0312 3300 Beep - ok
12:17:54.0390 3300 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
12:17:54.0390 3300 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
12:17:54.0390 3300 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
12:17:54.0390 3300 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
12:17:54.0390 3300 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
12:17:54.0390 3300 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
12:17:54.0437 3300 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:17:54.0546 3300 BITS - ok
12:17:54.0656 3300 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:17:54.0671 3300 Bonjour Service - ok
12:17:54.0734 3300 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:17:54.0750 3300 Browser - ok
12:17:54.0765 3300 [ 5BCF6090B825DEF29065BDBD59691DBE ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
12:17:54.0796 3300 btaudio - ok
12:17:54.0875 3300 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:17:54.0906 3300 BTKRNL - ok
12:17:55.0015 3300 [ 565C79C4C00AF8D1C7500146B0B09562 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:17:55.0031 3300 btwdins - ok
12:17:55.0046 3300 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:17:55.0046 3300 BTWUSB - ok
12:17:55.0046 3300 catchme - ok
12:17:55.0093 3300 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:17:55.0218 3300 cbidf2k - ok
12:17:55.0281 3300 [ 73A35AD810CB750367CC01564A44B0E7 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
12:17:55.0296 3300 ccEvtMgr - ok
12:17:55.0312 3300 [ 5E32D63B71495A8EDA09F05BD153A537 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
12:17:55.0328 3300 ccSetMgr - ok
12:17:55.0328 3300 cd20xrnt - ok
12:17:55.0375 3300 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:17:55.0468 3300 Cdaudio - ok
12:17:55.0515 3300 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:17:55.0609 3300 Cdfs - ok
12:17:55.0671 3300 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:17:55.0796 3300 Cdrom - ok
12:17:55.0796 3300 Changer - ok
12:17:55.0812 3300 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:17:55.0906 3300 CiSvc - ok
12:17:55.0921 3300 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:17:55.0984 3300 ClipSrv - ok
12:17:56.0046 3300 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:56.0046 3300 clr_optimization_v2.0.50727_32 - ok
12:17:56.0109 3300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:56.0109 3300 clr_optimization_v4.0.30319_32 - ok
12:17:56.0140 3300 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:17:56.0203 3300 CmBatt - ok
12:17:56.0218 3300 CmdIde - ok
12:17:56.0343 3300 [ AB420FA8EE829F80D5FE56B866432DA8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:17:56.0359 3300 Com4QLBEx - ok
12:17:56.0359 3300 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:17:56.0421 3300 Compbatt - ok
12:17:56.0421 3300 COMSysApp - ok
12:17:56.0421 3300 Cpqarray - ok
12:17:56.0468 3300 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:17:56.0531 3300 CryptSvc - ok
12:17:56.0531 3300 dac2w2k - ok
12:17:56.0531 3300 dac960nt - ok
12:17:56.0593 3300 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:17:56.0609 3300 DcomLaunch - ok
12:17:56.0687 3300 [ 2A946F625D7BE6EE1600C0DE8D7CD0C6 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
12:17:56.0703 3300 DefWatch - ok
12:17:56.0703 3300 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:17:56.0765 3300 Dhcp - ok
12:17:56.0765 3300 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:17:56.0828 3300 Disk - ok
12:17:56.0828 3300 dmadmin - ok
12:17:56.0875 3300 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:17:56.0937 3300 dmboot - ok
12:17:56.0953 3300 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:17:57.0031 3300 dmio - ok
12:17:57.0031 3300 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:17:57.0093 3300 dmload - ok
12:17:57.0093 3300 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:17:57.0156 3300 dmserver - ok
12:17:57.0203 3300 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:17:57.0296 3300 DMusic - ok
12:17:57.0328 3300 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:17:57.0343 3300 Dnscache - ok
12:17:57.0375 3300 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:17:57.0437 3300 Dot3svc - ok
12:17:57.0437 3300 dpti2o - ok
12:17:57.0437 3300 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:17:57.0500 3300 drmkaud - ok
12:17:57.0562 3300 [ 340B96044611F8D7EC2514A989D6E5F7 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
12:17:57.0562 3300 e1yexpress - ok
12:17:57.0578 3300 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:17:57.0640 3300 EapHost - ok
12:17:57.0718 3300 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:17:57.0734 3300 eeCtrl - ok
12:17:57.0765 3300 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:17:57.0765 3300 EraserUtilRebootDrv - ok
12:17:57.0781 3300 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:17:57.0843 3300 ERSvc - ok
12:17:57.0890 3300 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:17:57.0890 3300 Eventlog - ok
12:17:57.0937 3300 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:17:57.0953 3300 EventSystem - ok
12:17:58.0031 3300 [ 53CCA6B4DF0977074E85C9A18F42B5CC ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:17:58.0046 3300 EvtEng - ok
12:17:58.0109 3300 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:17:58.0187 3300 Fastfat - ok
12:17:58.0250 3300 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:17:58.0265 3300 FastUserSwitchingCompatibility - ok
12:17:58.0312 3300 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:17:58.0406 3300 Fdc - ok
12:17:58.0421 3300 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:17:58.0515 3300 Fips - ok
12:17:58.0625 3300 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
12:17:58.0625 3300 FlipShare Service - ok
12:17:58.0703 3300 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
12:17:58.0765 3300 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
12:17:58.0765 3300 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
12:17:58.0765 3300 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:17:58.0812 3300 Flpydisk - ok
12:17:58.0843 3300 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:17:58.0890 3300 FltMgr - ok
12:17:58.0968 3300 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:58.0984 3300 FontCache3.0.0.0 - ok
12:17:59.0000 3300 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:17:59.0078 3300 Fs_Rec - ok
12:17:59.0078 3300 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:17:59.0140 3300 Ftdisk - ok
12:17:59.0203 3300 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:17:59.0203 3300 GEARAspiWDM - ok
12:17:59.0296 3300 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:17:59.0296 3300 GoogleDesktopManager-051210-111108 - ok
12:17:59.0312 3300 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:17:59.0390 3300 Gpc - ok
12:17:59.0421 3300 [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
12:17:59.0421 3300 HBtnKey - ok
12:17:59.0484 3300 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:17:59.0562 3300 HDAudBus - ok
12:17:59.0593 3300 [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
12:17:59.0625 3300 HECI - ok
12:17:59.0703 3300 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:17:59.0750 3300 helpsvc - ok
12:17:59.0781 3300 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:17:59.0828 3300 HidServ - ok
12:17:59.0875 3300 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:17:59.0921 3300 hidusb - ok
12:17:59.0953 3300 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:18:00.0000 3300 hkmsvc - ok
12:18:00.0046 3300 [ 9F620E11B80B74F4DAB50A81A5DF357F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
12:18:00.0046 3300 hpdskflt - ok
12:18:00.0062 3300 hpn - ok
12:18:00.0062 3300 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
12:18:00.0078 3300 HpqKbFiltr - ok
12:18:00.0125 3300 [ 111F2E783FF94FB55D42B8CF7114B4A3 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:18:00.0140 3300 hpqwmiex - ok
12:18:00.0187 3300 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:18:00.0203 3300 HPZid412 - ok
12:18:00.0265 3300 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:18:00.0281 3300 HPZipr12 - ok
12:18:00.0281 3300 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:18:00.0328 3300 HPZius12 - ok
12:18:00.0375 3300 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:18:00.0375 3300 HTTP - ok
12:18:00.0437 3300 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:18:00.0500 3300 HTTPFilter - ok
12:18:00.0500 3300 i2omgmt - ok
12:18:00.0500 3300 i2omp - ok
12:18:00.0515 3300 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:18:00.0578 3300 i8042prt - ok
12:18:00.0671 3300 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:18:00.0703 3300 idsvc - ok
12:18:00.0765 3300 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:18:00.0796 3300 IFXTPM - ok
12:18:00.0843 3300 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:18:00.0890 3300 Imapi - ok
12:18:00.0937 3300 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:18:01.0000 3300 ImapiService - ok
12:18:01.0000 3300 ini910u - ok
12:18:01.0000 3300 IntelIde - ok
12:18:01.0015 3300 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:18:01.0078 3300 intelppm - ok
12:18:01.0125 3300 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:18:01.0187 3300 Ip6Fw - ok
12:18:01.0234 3300 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:18:01.0281 3300 IpFilterDriver - ok
12:18:01.0312 3300 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:18:01.0359 3300 IpInIp - ok
12:18:01.0390 3300 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:18:01.0437 3300 IpNat - ok
12:18:01.0484 3300 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:18:01.0500 3300 iPod Service - ok
12:18:01.0531 3300 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:18:01.0625 3300 IPSec - ok
12:18:01.0656 3300 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:18:01.0687 3300 IRENUM - ok
12:18:01.0703 3300 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:18:01.0750 3300 isapnp - ok
12:18:01.0796 3300 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:18:01.0812 3300 IviRegMgr - ok
12:18:01.0859 3300 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:18:01.0875 3300 JavaQuickStarterService - ok
12:18:01.0890 3300 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:18:01.0937 3300 Kbdclass - ok
12:18:01.0953 3300 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:18:02.0000 3300 kbdhid - ok
12:18:02.0015 3300 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:18:02.0078 3300 kmixer - ok
12:18:02.0109 3300 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:18:02.0109 3300 KSecDD - ok
12:18:02.0140 3300 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:18:02.0171 3300 LanmanServer - ok
12:18:02.0218 3300 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:18:02.0250 3300 lanmanworkstation - ok
12:18:02.0250 3300 lbrtfdc - ok
12:18:02.0359 3300 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:18:02.0421 3300 LiveUpdate - ok
12:18:02.0484 3300 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:18:02.0546 3300 LmHosts - ok
12:18:02.0593 3300 [ 4647CD914B94678804519F4A657EBDDC ] LMS C:\Program Files\Intel\AMT\LMS.exe
12:18:02.0609 3300 LMS - ok
12:18:02.0765 3300 [ B3D9798AB0B7A78B9B1F5BF139DCCE57 ] Lotus Notes Diagnostics C:\Program Files\Lotus\Notes\nsd.exe
12:18:02.0875 3300 Lotus Notes Diagnostics - ok
12:18:02.0906 3300 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:18:02.0953 3300 Messenger - ok
12:18:03.0000 3300 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:18:03.0078 3300 mnmdd - ok
12:18:03.0125 3300 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:18:03.0187 3300 mnmsrvc - ok
12:18:03.0203 3300 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:18:03.0296 3300 Modem - ok
12:18:03.0343 3300 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:18:03.0406 3300 Mouclass - ok
12:18:03.0453 3300 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:18:03.0500 3300 mouhid - ok
12:18:03.0515 3300 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:18:03.0593 3300 MountMgr - ok
12:18:03.0593 3300 mraid35x - ok
12:18:03.0625 3300 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:18:03.0953 3300 MRxDAV - ok
12:18:04.0015 3300 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:18:04.0046 3300 MRxSmb - ok
12:18:04.0093 3300 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:18:04.0140 3300 MSDTC - ok
12:18:04.0156 3300 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:18:04.0203 3300 Msfs - ok
12:18:04.0218 3300 MSIServer - ok
12:18:04.0218 3300 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:18:04.0375 3300 MSKSSRV - ok
12:18:04.0390 3300 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:18:04.0453 3300 MSPCLOCK - ok
12:18:04.0453 3300 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:18:04.0515 3300 MSPQM - ok
12:18:04.0562 3300 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:18:04.0609 3300 mssmbios - ok
12:18:04.0625 3300 [ 2A1394CF0A66F9F582BBD71E5AF9BC60 ] Multi-user Cleanup Service C:\Program Files\Lotus\Notes\ntmulti.exe
12:18:04.0625 3300 Multi-user Cleanup Service - ok
12:18:04.0656 3300 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:18:04.0656 3300 Mup - ok
12:18:04.0718 3300 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:18:04.0765 3300 napagent - ok
12:18:04.0906 3300 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\naveng.sys
12:18:04.0921 3300 NAVENG - ok
12:18:04.0953 3300 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\navex15.sys
12:18:04.0984 3300 NAVEX15 - ok
12:18:05.0015 3300 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:18:05.0078 3300 NDIS - ok
12:18:05.0125 3300 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:18:05.0125 3300 NdisTapi - ok
12:18:05.0171 3300 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:18:05.0234 3300 Ndisuio - ok
12:18:05.0250 3300 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:18:05.0296 3300 NdisWan - ok
12:18:05.0312 3300 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:18:05.0312 3300 NDProxy - ok
12:18:05.0343 3300 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:18:05.0359 3300 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:18:05.0359 3300 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:18:05.0406 3300 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:18:05.0453 3300 NetBIOS - ok
12:18:05.0468 3300 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:18:05.0546 3300 NetBT - ok
12:18:05.0562 3300 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:18:05.0625 3300 NetDDE - ok
12:18:05.0625 3300 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:18:05.0687 3300 NetDDEdsdm - ok
12:18:05.0718 3300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:18:05.0765 3300 Netlogon - ok
12:18:05.0781 3300 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:18:05.0843 3300 Netman - ok
12:18:05.0875 3300 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:18:05.0890 3300 NetTcpPortSharing - ok
12:18:06.0000 3300 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:18:06.0093 3300 NETw5x32 - ok
12:18:06.0109 3300 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:18:06.0156 3300 NIC1394 - ok
12:18:06.0265 3300 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:18:06.0281 3300 Nla - ok
12:18:06.0296 3300 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:18:06.0359 3300 Npfs - ok
12:18:06.0359 3300 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:18:06.0421 3300 Ntfs - ok
12:18:06.0453 3300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:18:06.0500 3300 NtLmSsp - ok
12:18:06.0531 3300 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:18:06.0593 3300 NtmsSvc - ok
12:18:06.0609 3300 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:18:06.0656 3300 Null - ok
12:18:06.0921 3300 [ 6AD9EE567A67C010DFAE9F25D172A0AA ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:18:07.0140 3300 nv - ok
12:18:07.0218 3300 [ C0798084837E229BFC42A77313CF0EAE ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
12:18:07.0250 3300 nvsvc - ok
12:18:07.0312 3300 [ FC2A8AAA0F3321F41231EDE0AF1968AE ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
12:18:07.0343 3300 NWADI - ok
12:18:07.0390 3300 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:18:07.0578 3300 NwlnkFlt - ok
12:18:07.0656 3300 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:18:07.0718 3300 NwlnkFwd - ok
12:18:07.0765 3300 [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
12:18:07.0765 3300 NWUSBCDFIL - ok
12:18:07.0796 3300 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
12:18:07.0812 3300 NWUSBModem - ok
12:18:07.0828 3300 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
12:18:07.0843 3300 NWUSBPort - ok
12:18:07.0859 3300 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
12:18:07.0859 3300 NWUSBPort2 - ok
12:18:08.0000 3300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:18:08.0015 3300 odserv - ok
12:18:08.0078 3300 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:18:08.0125 3300 ohci1394 - ok
12:18:08.0187 3300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:08.0187 3300 ose - ok
12:18:08.0250 3300 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:18:08.0296 3300 Parport - ok
12:18:08.0296 3300 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:18:08.0359 3300 PartMgr - ok
12:18:08.0390 3300 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:18:08.0453 3300 ParVdm - ok
12:18:08.0515 3300 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
12:18:08.0515 3300 PCASp50 - ok
12:18:08.0546 3300 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:18:08.0609 3300 PCI - ok
12:18:08.0609 3300 PCIDump - ok
12:18:08.0609 3300 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:18:08.0671 3300 PCIIde - ok
12:18:08.0671 3300 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:18:08.0750 3300 Pcmcia - ok
12:18:08.0750 3300 PDCOMP - ok
12:18:08.0781 3300 pdfcDispatcher - ok
12:18:08.0781 3300 PDFRAME - ok
12:18:08.0781 3300 PDRELI - ok
12:18:08.0796 3300 PDRFRAME - ok
12:18:08.0796 3300 perc2 - ok
12:18:08.0796 3300 perc2hib - ok
12:18:08.0812 3300 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:18:08.0828 3300 PlugPlay - ok
12:18:08.0875 3300 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:18:08.0890 3300 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:18:08.0890 3300 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:18:08.0906 3300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:18:08.0953 3300 PolicyAgent - ok
12:18:08.0984 3300 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:18:09.0031 3300 PptpMiniport - ok
12:18:09.0031 3300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:18:09.0093 3300 ProtectedStorage - ok
12:18:09.0093 3300 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:18:09.0156 3300 PSched - ok
12:18:09.0218 3300 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:18:09.0234 3300 PSI_SVC_2 - ok
12:18:09.0234 3300 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:18:09.0312 3300 Ptilink - ok
12:18:09.0312 3300 ql1080 - ok
12:18:09.0312 3300 Ql10wnt - ok
12:18:09.0312 3300 ql12160 - ok
12:18:09.0328 3300 ql1240 - ok
12:18:09.0328 3300 ql1280 - ok
12:18:09.0343 3300 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:18:09.0390 3300 RasAcd - ok
12:18:09.0437 3300 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:18:09.0484 3300 RasAuto - ok
12:18:09.0515 3300 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:18:09.0578 3300 Rasl2tp - ok
12:18:09.0593 3300 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:18:09.0656 3300 RasMan - ok
12:18:09.0656 3300 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:18:09.0703 3300 RasPppoe - ok
12:18:09.0718 3300 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:18:09.0781 3300 Raspti - ok
12:18:09.0812 3300 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:18:09.0890 3300 Rdbss - ok
12:18:09.0906 3300 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:18:09.0968 3300 RDPCDD - ok
12:18:10.0000 3300 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:18:10.0062 3300 rdpdr - ok
12:18:10.0093 3300 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:18:10.0109 3300 RDPWD - ok
12:18:10.0125 3300 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:18:10.0203 3300 RDSessMgr - ok
12:18:10.0234 3300 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:18:10.0281 3300 redbook - ok
12:18:10.0328 3300 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:18:10.0328 3300 regi - ok
12:18:10.0390 3300 [ 7C4391419852DFC331F6AF620C33AF3C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:18:10.0406 3300 RegSrvc - ok
12:18:10.0468 3300 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:18:10.0531 3300 RemoteAccess - ok
12:18:10.0546 3300 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:18:10.0625 3300 RemoteRegistry - ok
12:18:10.0671 3300 [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:18:10.0671 3300 rimmptsk - ok
12:18:10.0703 3300 [ D7E09BC852684A7B1FC0F74FE090D45A ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:18:10.0718 3300 rimsptsk - ok
12:18:10.0734 3300 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
12:18:10.0750 3300 RimUsb - ok
12:18:10.0781 3300 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:18:10.0796 3300 RimVSerPort - ok
12:18:10.0796 3300 [ 7C21554942BEF51CBD84FD7D4E62CB9A ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
12:18:10.0812 3300 rismc32 - ok
12:18:10.0828 3300 [ B0A7494A9BA7909EFAC64E05D3F160DB ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:18:10.0843 3300 rismxdp - ok
12:18:10.0875 3300 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:18:10.0921 3300 ROOTMODEM - ok
12:18:10.0937 3300 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:18:11.0000 3300 RpcLocator - ok
12:18:11.0015 3300 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:18:11.0031 3300 RpcSs - ok
12:18:11.0046 3300 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:18:11.0109 3300 RSVP - ok
12:18:11.0203 3300 [ 55CCC8CED5778556F6B516B3858AC970 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
12:18:11.0234 3300 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:18:11.0234 3300 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:18:11.0265 3300 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:18:11.0281 3300 s24trans - ok
12:18:11.0312 3300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:18:11.0375 3300 SamSs - ok
12:18:11.0468 3300 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:18:11.0484 3300 SASDIFSV - ok
12:18:11.0531 3300 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:18:11.0531 3300 SASKUTIL - ok
12:18:11.0593 3300 [ 8E381204B4431DBC480DEBC830F0CFDC ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
12:18:11.0609 3300 SavRoam - ok
12:18:11.0656 3300 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
12:18:11.0671 3300 SAVRT - ok
12:18:11.0671 3300 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
12:18:11.0687 3300 SAVRTPEL - ok
12:18:11.0718 3300 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:18:11.0828 3300 SCardSvr - ok
12:18:11.0875 3300 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:18:11.0968 3300 Schedule - ok
12:18:12.0015 3300 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:18:12.0125 3300 sdbus - ok
12:18:12.0156 3300 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:18:12.0203 3300 Secdrv - ok
12:18:12.0250 3300 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:18:12.0343 3300 seclogon - ok
12:18:12.0359 3300 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:18:12.0453 3300 SENS - ok
12:18:12.0468 3300 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:18:12.0578 3300 Serenum - ok
12:18:12.0609 3300 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:18:12.0703 3300 Serial - ok
12:18:12.0718 3300 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
12:18:12.0734 3300 SFAUDIO - ok
12:18:12.0796 3300 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:18:12.0890 3300 Sfloppy - ok
12:18:12.0921 3300 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:18:13.0031 3300 SharedAccess - ok
12:18:13.0062 3300 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:18:13.0078 3300 ShellHWDetection - ok
12:18:13.0078 3300 Simbad - ok
12:18:13.0109 3300 [ 5BD0C3EEA602ECD57679ABF892CA6E8B ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
12:18:13.0125 3300 SNDSrvc - ok
12:18:13.0125 3300 Sparrow - ok
12:18:13.0187 3300 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:18:13.0218 3300 SPBBCDrv - ok
12:18:13.0265 3300 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
12:18:13.0312 3300 SPBBCSvc - ok
12:18:13.0359 3300 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:18:13.0453 3300 splitter - ok
12:18:13.0500 3300 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:18:13.0500 3300 Spooler - ok
12:18:13.0515 3300 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:18:13.0562 3300 sr - ok
12:18:13.0609 3300 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:18:13.0656 3300 srservice - ok
12:18:13.0734 3300 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:18:14.0000 3300 Srv - ok
12:18:14.0046 3300 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:18:14.0093 3300 SSDPSRV - ok
12:18:14.0125 3300 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:18:14.0218 3300 stisvc - ok
12:18:14.0250 3300 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:18:14.0296 3300 swenum - ok
12:18:14.0312 3300 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:18:14.0375 3300 swmidi - ok
12:18:14.0421 3300 [ 150AB4FA272130EC55B2A4FAEBDF47F9 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
12:18:14.0421 3300 swmsflt - ok
12:18:14.0437 3300 SwPrv - ok
12:18:14.0468 3300 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
12:18:14.0484 3300 sxuptp - ok
12:18:14.0562 3300 [ E9920BA62382CC9A59694BF3DF890799 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
12:18:14.0593 3300 Symantec AntiVirus - ok
12:18:14.0593 3300 symc810 - ok
12:18:14.0593 3300 symc8xx - ok
12:18:14.0640 3300 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:18:14.0640 3300 SymEvent - ok
12:18:14.0671 3300 [ 7DE45DFEBB51E56D7C795BD0C2D7AEF5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:18:14.0671 3300 SYMREDRV - ok
12:18:14.0718 3300 [ E1444C6095D67CA4EF6BA192CF7FA91A ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:18:14.0718 3300 SYMTDI - ok
12:18:14.0734 3300 sym_hi - ok
12:18:14.0734 3300 sym_u3 - ok
12:18:14.0765 3300 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:18:14.0796 3300 SynTP - ok
12:18:14.0812 3300 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:18:14.0875 3300 sysaudio - ok
12:18:14.0921 3300 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:18:15.0015 3300 SysmonLog - ok
12:18:15.0031 3300 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:18:15.0109 3300 TapiSrv - ok
12:18:15.0125 3300 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:18:15.0140 3300 Tcpip - ok
12:18:15.0171 3300 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:18:15.0234 3300 TDPIPE - ok
12:18:15.0250 3300 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:18:15.0312 3300 TDTCP - ok
12:18:15.0312 3300 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:18:15.0375 3300 TermDD - ok
12:18:15.0390 3300 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:18:15.0453 3300 TermService - ok
12:18:15.0468 3300 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:18:15.0468 3300 Themes - ok
12:18:15.0484 3300 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:18:15.0515 3300 TlntSvr - ok
12:18:15.0515 3300 TosIde - ok
12:18:15.0515 3300 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:18:15.0578 3300 TrkWks - ok
12:18:15.0593 3300 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:18:15.0640 3300 Udfs - ok
12:18:15.0640 3300 ultra - ok
12:18:15.0765 3300 [ EFD150CDD5AA3269118EF500222B88E0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
12:18:15.0812 3300 UNS - ok
12:18:15.0828 3300 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:18:15.0875 3300 Update - ok
12:18:15.0906 3300 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:18:15.0937 3300 upnphost - ok
12:18:15.0953 3300 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:18:16.0015 3300 UPS - ok
12:18:16.0031 3300 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:18:16.0046 3300 USBAAPL - ok
12:18:16.0078 3300 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:18:16.0125 3300 usbccgp - ok
12:18:16.0187 3300 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:18:16.0250 3300 usbehci - ok
12:18:16.0281 3300 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:18:16.0328 3300 usbhub - ok
12:18:16.0375 3300 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:18:16.0421 3300 usbprint - ok
12:18:16.0453 3300 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:18:16.0515 3300 usbscan - ok
12:18:16.0546 3300 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:18:16.0609 3300 USBSTOR - ok
12:18:16.0656 3300 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:18:16.0703 3300 usbuhci - ok
12:18:16.0750 3300 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:18:16.0812 3300 VgaSave - ok
12:18:16.0812 3300 ViaIde - ok
12:18:16.0875 3300 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:18:16.0921 3300 VolSnap - ok
12:18:17.0015 3300 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:18:17.0031 3300 vpnagent - ok
12:18:17.0046 3300 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
12:18:17.0046 3300 vpnva - ok
12:18:17.0109 3300 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:18:17.0140 3300 VSS - ok
12:18:17.0140 3300 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:18:17.0203 3300 W32Time - ok
12:18:17.0203 3300 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:18:17.0265 3300 Wanarp - ok
12:18:17.0312 3300 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:18:17.0328 3300 Wdf01000 - ok
12:18:17.0328 3300 WDICA - ok
12:18:17.0343 3300 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:18:17.0390 3300 wdmaud - ok
12:18:17.0421 3300 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:18:17.0468 3300 WebClient - ok
12:18:17.0562 3300 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:18:17.0625 3300 winmgmt - ok
12:18:17.0703 3300 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:18:17.0734 3300 WinRM - ok
12:18:17.0781 3300 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:18:17.0796 3300 WmdmPmSN - ok
12:18:17.0890 3300 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:18:17.0906 3300 Wmi - ok
12:18:17.0906 3300 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:18:17.0968 3300 WmiAcpi - ok
12:18:17.0984 3300 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:18:18.0046 3300 WmiApSrv - ok
12:18:18.0093 3300 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:18:18.0109 3300 WMPNetworkSvc - ok
12:18:18.0250 3300 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:18:18.0265 3300 WPFFontCache_v0400 - ok
12:18:18.0343 3300 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:18:18.0390 3300 WS2IFSL - ok
12:18:18.0437 3300 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:18:18.0484 3300 wscsvc - ok
12:18:18.0484 3300 WSearch - ok
12:18:18.0531 3300 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:18:18.0593 3300 wuauserv - ok
12:18:18.0640 3300 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:18:18.0656 3300 WudfPf - ok
12:18:18.0671 3300 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:18:18.0687 3300 WudfRd - ok
12:18:18.0703 3300 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:18:18.0718 3300 WudfSvc - ok
12:18:18.0765 3300 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:18:18.0828 3300 WZCSVC - ok
12:18:18.0859 3300 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:18:18.0906 3300 xmlprov - ok
12:18:18.0906 3300 ================ Scan global ===============================
12:18:18.0953 3300 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:18:19.0015 3300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:18:19.0031 3300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:18:19.0046 3300 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:18:19.0046 3300 [Global] - ok
12:18:19.0046 3300 ================ Scan MBR ==================================
12:18:19.0062 3300 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:18:19.0328 3300 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:18:19.0328 3300 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:18:19.0328 3300 ================ Scan VBR ==================================
12:18:19.0328 3300 [ 5BC6E2A8C5A520CB9004E29EBF1186E2 ] \Device\Harddisk0\DR0\Partition1
12:18:19.0328 3300 \Device\Harddisk0\DR0\Partition1 - ok
12:18:19.0328 3300 ============================================================
12:18:19.0328 3300 Scan finished
12:18:19.0328 3300 ============================================================
12:18:19.0343 5496 Detected object count: 7
12:18:19.0343 5496 Actual detected object count: 7
12:19:09.0281 5496 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0281 5496 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0281 5496 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0281 5496 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0281 5496 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0281 5496 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0281 5496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0281 5496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0296 5496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0296 5496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0296 5496 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:09.0296 5496 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:09.0296 5496 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:19:09.0296 5496 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:19:58.0375 4040 Deinitialize success
  • 0
<

Advertisement


#11
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
Hi Warden,

Let's kill the TDSS file system.


Step-1.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings
  • On the Threats Detected screen, look for the following entry:
    TDSS File System
  • Change the action from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

    Posted Image
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Program uninstalls

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Coupon Companion Plugin

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Coupon Companion Plugin

2. Close Windows Explorer.


Step-3.

NOTE: The settings have changed so please read the instructions carefully.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console.<---Very Important
  • Do Not click the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new TDSSKiller log
2. The new OTL.txt log
3. The FSS.txt log
4. The Checkup.txt log
5. How is the computer running now?
  • 0

#12
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
OK, here we go again.

TDSS

13:28:11.0140 2748 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:28:11.0937 2748 ============================================================
13:28:11.0937 2748 Current date / time: 2013/01/23 13:28:11.0937
13:28:11.0937 2748 SystemInfo:
13:28:11.0937 2748
13:28:11.0937 2748 OS Version: 5.1.2600 ServicePack: 3.0
13:28:11.0937 2748 Product type: Workstation
13:28:11.0937 2748 ComputerName: TS8730WIMAGE
13:28:11.0937 2748 UserName: Presenter
13:28:11.0937 2748 Windows directory: C:\WINDOWS
13:28:11.0937 2748 System windows directory: C:\WINDOWS
13:28:11.0937 2748 Processor architecture: Intel x86
13:28:11.0937 2748 Number of processors: 2
13:28:11.0937 2748 Page size: 0x1000
13:28:11.0937 2748 Boot type: Normal boot
13:28:11.0937 2748 ============================================================
13:28:13.0890 2748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:28:13.0890 2748 ============================================================
13:28:13.0890 2748 \Device\Harddisk0\DR0:
13:28:13.0890 2748 MBR partitions:
13:28:13.0890 2748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
13:28:13.0890 2748 ============================================================
13:28:13.0968 2748 C: <-> \Device\Harddisk0\DR0\Partition1
13:28:13.0968 2748 ============================================================
13:28:13.0968 2748 Initialize success
13:28:13.0968 2748 ============================================================
13:28:21.0968 3596 ============================================================
13:28:21.0968 3596 Scan started
13:28:21.0968 3596 Mode: Manual; SigCheck; TDLFS;
13:28:21.0968 3596 ============================================================
13:28:23.0031 3596 ================ Scan system memory ========================
13:28:24.0343 3596 System memory - ok
13:28:24.0343 3596 ================ Scan services =============================
13:28:24.0437 3596 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:28:24.0593 3596 !SASCORE - ok
13:28:24.0687 3596 Abiosdsk - ok
13:28:24.0687 3596 abp480n5 - ok
13:28:24.0734 3596 [ A0BAABB7D3549460E3F8C5AD6F778683 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
13:28:24.0781 3596 Accelerometer - ok
13:28:24.0796 3596 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:28:26.0484 3596 ACPI - ok
13:28:26.0515 3596 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:28:26.0656 3596 ACPIEC - ok
13:28:26.0703 3596 [ 2DC6FF5DA4EA7CA1D4128A7541734B9F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:28:26.0765 3596 ADIHdAudAddService - ok
13:28:26.0781 3596 adpu160m - ok
13:28:26.0781 3596 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
13:28:26.0796 3596 AEAudio - ok
13:28:26.0828 3596 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:28:26.0953 3596 aec - ok
13:28:27.0000 3596 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:28:27.0046 3596 AFD - ok
13:28:27.0125 3596 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
13:28:27.0171 3596 AffinegyService - ok
13:28:27.0171 3596 AFGMp50 - ok
13:28:27.0203 3596 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
13:28:27.0250 3596 AFGSp50 - ok
13:28:27.0281 3596 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
13:28:27.0312 3596 AgereModemAudio - ok
13:28:27.0390 3596 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:28:27.0625 3596 AgereSoftModem - ok
13:28:27.0625 3596 Aha154x - ok
13:28:27.0640 3596 aic78u2 - ok
13:28:27.0640 3596 aic78xx - ok
13:28:27.0687 3596 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:28:27.0859 3596 Alerter - ok
13:28:27.0875 3596 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:28:27.0906 3596 ALG - ok
13:28:27.0906 3596 AliIde - ok
13:28:27.0906 3596 amsint - ok
13:28:28.0031 3596 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:28:28.0031 3596 Apple Mobile Device - ok
13:28:28.0062 3596 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:28:28.0093 3596 AppMgmt - ok
13:28:28.0109 3596 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:28:28.0171 3596 Arp1394 - ok
13:28:28.0171 3596 asc - ok
13:28:28.0171 3596 asc3350p - ok
13:28:28.0171 3596 asc3550 - ok
13:28:28.0312 3596 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:28:28.0328 3596 aspnet_state - ok
13:28:28.0343 3596 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:28:28.0406 3596 AsyncMac - ok
13:28:28.0437 3596 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:28:28.0546 3596 atapi - ok
13:28:28.0546 3596 Atdisk - ok
13:28:28.0640 3596 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:28:28.0781 3596 Atmarpc - ok
13:28:28.0843 3596 [ A5D12CA24721C86EA949D5F88C6C0D72 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
13:28:28.0890 3596 ATService - ok
13:28:29.0062 3596 [ C74E3D37625166C8A81FC07F796BC1AC ] ATSwpWDF C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
13:28:29.0109 3596 ATSwpWDF - ok
13:28:29.0171 3596 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:28:29.0296 3596 AudioSrv - ok
13:28:29.0328 3596 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:28:29.0453 3596 audstub - ok
13:28:29.0500 3596 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:28:29.0609 3596 Beep - ok
13:28:29.0734 3596 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
13:28:29.0734 3596 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
13:28:29.0734 3596 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
13:28:29.0750 3596 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
13:28:29.0750 3596 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
13:28:29.0750 3596 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
13:28:29.0812 3596 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:28:29.0984 3596 BITS - ok
13:28:30.0140 3596 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:28:30.0171 3596 Bonjour Service - ok
13:28:30.0218 3596 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:28:30.0281 3596 Browser - ok
13:28:30.0343 3596 [ 5BCF6090B825DEF29065BDBD59691DBE ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
13:28:30.0375 3596 btaudio - ok
13:28:30.0453 3596 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:28:30.0531 3596 BTKRNL - ok
13:28:30.0687 3596 [ 565C79C4C00AF8D1C7500146B0B09562 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
13:28:30.0703 3596 btwdins - ok
13:28:30.0734 3596 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
13:28:30.0765 3596 BTWUSB - ok
13:28:30.0765 3596 catchme - ok
13:28:30.0781 3596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:28:30.0921 3596 cbidf2k - ok
13:28:30.0968 3596 [ 73A35AD810CB750367CC01564A44B0E7 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:28:30.0984 3596 ccEvtMgr - ok
13:28:31.0015 3596 [ 5E32D63B71495A8EDA09F05BD153A537 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:28:31.0031 3596 ccSetMgr - ok
13:28:31.0031 3596 cd20xrnt - ok
13:28:31.0046 3596 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:28:31.0171 3596 Cdaudio - ok
13:28:31.0203 3596 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:28:31.0312 3596 Cdfs - ok
13:28:31.0375 3596 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:28:31.0515 3596 Cdrom - ok
13:28:31.0531 3596 Changer - ok
13:28:31.0546 3596 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:28:31.0656 3596 CiSvc - ok
13:28:31.0750 3596 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:28:31.0859 3596 ClipSrv - ok
13:28:31.0937 3596 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:28:32.0031 3596 clr_optimization_v2.0.50727_32 - ok
13:28:32.0062 3596 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:28:32.0140 3596 clr_optimization_v4.0.30319_32 - ok
13:28:32.0156 3596 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:28:32.0250 3596 CmBatt - ok
13:28:32.0265 3596 CmdIde - ok
13:28:32.0375 3596 [ AB420FA8EE829F80D5FE56B866432DA8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:28:32.0390 3596 Com4QLBEx - ok
13:28:32.0406 3596 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:28:32.0500 3596 Compbatt - ok
13:28:32.0500 3596 COMSysApp - ok
13:28:32.0500 3596 Cpqarray - ok
13:28:32.0562 3596 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:28:32.0875 3596 CryptSvc - ok
13:28:32.0875 3596 dac2w2k - ok
13:28:32.0890 3596 dac960nt - ok
13:28:32.0937 3596 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:28:33.0015 3596 DcomLaunch - ok
13:28:33.0093 3596 [ 2A946F625D7BE6EE1600C0DE8D7CD0C6 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
13:28:33.0093 3596 DefWatch - ok
13:28:33.0109 3596 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:28:33.0171 3596 Dhcp - ok
13:28:33.0171 3596 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:28:33.0375 3596 Disk - ok
13:28:33.0375 3596 dmadmin - ok
13:28:33.0406 3596 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:28:33.0515 3596 dmboot - ok
13:28:33.0546 3596 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:28:33.0609 3596 dmio - ok
13:28:33.0609 3596 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:28:33.0687 3596 dmload - ok
13:28:33.0703 3596 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:28:33.0765 3596 dmserver - ok
13:28:33.0781 3596 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:28:33.0859 3596 DMusic - ok
13:28:33.0906 3596 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:28:34.0031 3596 Dnscache - ok
13:28:34.0046 3596 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:28:34.0109 3596 Dot3svc - ok
13:28:34.0125 3596 dpti2o - ok
13:28:34.0125 3596 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:28:34.0187 3596 drmkaud - ok
13:28:34.0234 3596 [ 340B96044611F8D7EC2514A989D6E5F7 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
13:28:34.0265 3596 e1yexpress - ok
13:28:34.0265 3596 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:28:34.0359 3596 EapHost - ok
13:28:34.0421 3596 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:28:34.0437 3596 eeCtrl - ok
13:28:34.0468 3596 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:28:34.0500 3596 EraserUtilRebootDrv - ok
13:28:34.0515 3596 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:28:34.0593 3596 ERSvc - ok
13:28:34.0640 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:28:34.0687 3596 Eventlog - ok
13:28:34.0718 3596 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:28:34.0734 3596 EventSystem - ok
13:28:34.0796 3596 [ 53CCA6B4DF0977074E85C9A18F42B5CC ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:28:34.0859 3596 EvtEng - ok
13:28:34.0953 3596 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:28:35.0062 3596 Fastfat - ok
13:28:35.0109 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:28:35.0187 3596 FastUserSwitchingCompatibility - ok
13:28:35.0250 3596 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:28:35.0359 3596 Fdc - ok
13:28:35.0375 3596 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:28:35.0484 3596 Fips - ok
13:28:35.0625 3596 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
13:28:35.0750 3596 FlipShare Service - ok
13:28:35.0921 3596 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
13:28:35.0984 3596 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
13:28:35.0984 3596 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
13:28:35.0984 3596 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:28:36.0109 3596 Flpydisk - ok
13:28:36.0187 3596 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:28:36.0312 3596 FltMgr - ok
13:28:36.0390 3596 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:28:36.0406 3596 FontCache3.0.0.0 - ok
13:28:36.0437 3596 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:28:36.0562 3596 Fs_Rec - ok
13:28:36.0578 3596 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:28:36.0750 3596 Ftdisk - ok
13:28:36.0765 3596 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:28:36.0796 3596 GEARAspiWDM - ok
13:28:36.0890 3596 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:28:36.0921 3596 GoogleDesktopManager-051210-111108 - ok
13:28:36.0921 3596 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:28:37.0062 3596 Gpc - ok
13:28:37.0078 3596 [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
13:28:37.0125 3596 HBtnKey - ok
13:28:37.0171 3596 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:28:37.0296 3596 HDAudBus - ok
13:28:37.0343 3596 [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
13:28:37.0406 3596 HECI - ok
13:28:37.0500 3596 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:28:37.0609 3596 helpsvc - ok
13:28:37.0687 3596 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:28:37.0796 3596 HidServ - ok
13:28:37.0828 3596 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:28:37.0953 3596 hidusb - ok
13:28:38.0000 3596 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:28:38.0093 3596 hkmsvc - ok
13:28:38.0140 3596 [ 9F620E11B80B74F4DAB50A81A5DF357F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
13:28:38.0156 3596 hpdskflt - ok
13:28:38.0171 3596 hpn - ok
13:28:38.0171 3596 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
13:28:38.0281 3596 HpqKbFiltr - ok
13:28:38.0343 3596 [ 111F2E783FF94FB55D42B8CF7114B4A3 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:28:38.0359 3596 hpqwmiex - ok
13:28:38.0390 3596 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:28:38.0625 3596 HPZid412 - ok
13:28:38.0656 3596 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:28:38.0687 3596 HPZipr12 - ok
13:28:38.0703 3596 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:28:38.0734 3596 HPZius12 - ok
13:28:38.0781 3596 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:28:38.0812 3596 HTTP - ok
13:28:38.0859 3596 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:28:38.0953 3596 HTTPFilter - ok
13:28:38.0968 3596 i2omgmt - ok
13:28:38.0968 3596 i2omp - ok
13:28:38.0968 3596 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:28:39.0062 3596 i8042prt - ok
13:28:39.0140 3596 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:28:39.0187 3596 idsvc - ok
13:28:39.0250 3596 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
13:28:39.0312 3596 IFXTPM - ok
13:28:39.0359 3596 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:28:39.0421 3596 Imapi - ok
13:28:39.0531 3596 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:28:39.0718 3596 ImapiService - ok
13:28:39.0718 3596 ini910u - ok
13:28:39.0734 3596 IntelIde - ok
13:28:39.0812 3596 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:28:39.0921 3596 intelppm - ok
13:28:39.0937 3596 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:28:40.0015 3596 Ip6Fw - ok
13:28:40.0062 3596 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:28:40.0156 3596 IpFilterDriver - ok
13:28:40.0171 3596 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:28:40.0234 3596 IpInIp - ok
13:28:40.0265 3596 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:28:40.0343 3596 IpNat - ok
13:28:40.0421 3596 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:28:40.0437 3596 iPod Service - ok
13:28:40.0453 3596 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:28:40.0531 3596 IPSec - ok
13:28:40.0562 3596 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:28:40.0625 3596 IRENUM - ok
13:28:40.0640 3596 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:28:40.0718 3596 isapnp - ok
13:28:40.0765 3596 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:28:40.0781 3596 IviRegMgr - ok
13:28:40.0828 3596 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:28:40.0843 3596 JavaQuickStarterService - ok
13:28:40.0859 3596 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:28:40.0937 3596 Kbdclass - ok
13:28:40.0953 3596 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:28:41.0031 3596 kbdhid - ok
13:28:41.0031 3596 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:28:41.0093 3596 kmixer - ok
13:28:41.0125 3596 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:28:41.0187 3596 KSecDD - ok
13:28:41.0234 3596 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:28:41.0281 3596 LanmanServer - ok
13:28:41.0328 3596 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:28:41.0406 3596 lanmanworkstation - ok
13:28:41.0406 3596 lbrtfdc - ok
13:28:41.0609 3596 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:28:41.0921 3596 LiveUpdate - ok
13:28:41.0968 3596 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:28:42.0140 3596 LmHosts - ok
13:28:42.0187 3596 [ 4647CD914B94678804519F4A657EBDDC ] LMS C:\Program Files\Intel\AMT\LMS.exe
13:28:42.0203 3596 LMS - ok
13:28:42.0375 3596 [ B3D9798AB0B7A78B9B1F5BF139DCCE57 ] Lotus Notes Diagnostics C:\Program Files\Lotus\Notes\nsd.exe
13:28:42.0562 3596 Lotus Notes Diagnostics - ok
13:28:42.0593 3596 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:28:42.0921 3596 Messenger - ok
13:28:42.0968 3596 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:28:43.0093 3596 mnmdd - ok
13:28:43.0125 3596 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:28:43.0250 3596 mnmsrvc - ok
13:28:43.0343 3596 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:28:43.0468 3596 Modem - ok
13:28:43.0515 3596 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:28:43.0640 3596 Mouclass - ok
13:28:43.0750 3596 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:28:43.0875 3596 mouhid - ok
13:28:43.0906 3596 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:28:44.0015 3596 MountMgr - ok
13:28:44.0015 3596 mraid35x - ok
13:28:44.0031 3596 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:28:44.0140 3596 MRxDAV - ok
13:28:44.0203 3596 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:28:44.0312 3596 MRxSmb - ok
13:28:44.0359 3596 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:28:44.0468 3596 MSDTC - ok
13:28:44.0484 3596 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:28:44.0562 3596 Msfs - ok
13:28:44.0562 3596 MSIServer - ok
13:28:44.0578 3596 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:28:44.0671 3596 MSKSSRV - ok
13:28:44.0687 3596 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:28:44.0750 3596 MSPCLOCK - ok
13:28:44.0765 3596 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:28:44.0843 3596 MSPQM - ok
13:28:44.0875 3596 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:28:44.0953 3596 mssmbios - ok
13:28:44.0984 3596 [ 2A1394CF0A66F9F582BBD71E5AF9BC60 ] Multi-user Cleanup Service C:\Program Files\Lotus\Notes\ntmulti.exe
13:28:45.0000 3596 Multi-user Cleanup Service - ok
13:28:45.0031 3596 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:28:45.0093 3596 Mup - ok
13:28:45.0156 3596 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:28:45.0218 3596 napagent - ok
13:28:45.0375 3596 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\naveng.sys
13:28:45.0390 3596 NAVENG - ok
13:28:45.0437 3596 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121203.002\navex15.sys
13:28:45.0515 3596 NAVEX15 - ok
13:28:45.0578 3596 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:28:45.0703 3596 NDIS - ok
13:28:45.0796 3596 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:28:45.0843 3596 NdisTapi - ok
13:28:45.0875 3596 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:28:46.0000 3596 Ndisuio - ok
13:28:46.0000 3596 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:28:46.0093 3596 NdisWan - ok
13:28:46.0140 3596 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:28:46.0203 3596 NDProxy - ok
13:28:46.0250 3596 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:28:46.0250 3596 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:28:46.0250 3596 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:28:46.0296 3596 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:28:46.0390 3596 NetBIOS - ok
13:28:46.0421 3596 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:28:46.0515 3596 NetBT - ok
13:28:46.0531 3596 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:28:46.0593 3596 NetDDE - ok
13:28:46.0593 3596 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:28:46.0656 3596 NetDDEdsdm - ok
13:28:46.0687 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:28:46.0765 3596 Netlogon - ok
13:28:46.0781 3596 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:28:46.0859 3596 Netman - ok
13:28:46.0890 3596 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:28:46.0937 3596 NetTcpPortSharing - ok
13:28:47.0062 3596 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
13:28:47.0312 3596 NETw5x32 - ok
13:28:47.0328 3596 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:28:47.0437 3596 NIC1394 - ok
13:28:47.0500 3596 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:28:47.0515 3596 Nla - ok
13:28:47.0546 3596 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:28:47.0687 3596 Npfs - ok
13:28:47.0796 3596 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:28:47.0937 3596 Ntfs - ok
13:28:47.0968 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:28:48.0078 3596 NtLmSsp - ok
13:28:48.0093 3596 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:28:48.0218 3596 NtmsSvc - ok
13:28:48.0296 3596 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:28:48.0406 3596 Null - ok
13:28:48.0796 3596 [ 6AD9EE567A67C010DFAE9F25D172A0AA ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:28:49.0718 3596 nv - ok
13:28:49.0796 3596 [ C0798084837E229BFC42A77313CF0EAE ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
13:28:49.0828 3596 nvsvc - ok
13:28:49.0875 3596 [ FC2A8AAA0F3321F41231EDE0AF1968AE ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
13:28:50.0000 3596 NWADI - ok
13:28:50.0046 3596 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:28:50.0234 3596 NwlnkFlt - ok
13:28:50.0250 3596 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:28:50.0312 3596 NwlnkFwd - ok
13:28:50.0359 3596 [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
13:28:50.0375 3596 NWUSBCDFIL - ok
13:28:50.0406 3596 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
13:28:50.0531 3596 NWUSBModem - ok
13:28:50.0562 3596 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
13:28:50.0578 3596 NWUSBPort - ok
13:28:50.0593 3596 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
13:28:50.0609 3596 NWUSBPort2 - ok
13:28:50.0750 3596 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:28:50.0781 3596 odserv - ok
13:28:50.0843 3596 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:28:50.0968 3596 ohci1394 - ok
13:28:51.0015 3596 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:28:51.0031 3596 ose - ok
13:28:51.0093 3596 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:28:51.0218 3596 Parport - ok
13:28:51.0234 3596 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:28:51.0343 3596 PartMgr - ok
13:28:51.0375 3596 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:28:51.0500 3596 ParVdm - ok
13:28:51.0500 3596 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
13:28:51.0531 3596 PCASp50 - ok
13:28:51.0531 3596 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:28:51.0609 3596 PCI - ok
13:28:51.0609 3596 PCIDump - ok
13:28:51.0609 3596 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:28:51.0687 3596 PCIIde - ok
13:28:51.0687 3596 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:28:51.0765 3596 Pcmcia - ok
13:28:51.0765 3596 PDCOMP - ok
13:28:51.0796 3596 pdfcDispatcher - ok
13:28:51.0796 3596 PDFRAME - ok
13:28:51.0796 3596 PDRELI - ok
13:28:51.0796 3596 PDRFRAME - ok
13:28:51.0796 3596 perc2 - ok
13:28:51.0796 3596 perc2hib - ok
13:28:51.0828 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:28:51.0828 3596 PlugPlay - ok
13:28:51.0890 3596 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:28:51.0906 3596 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:28:51.0906 3596 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:28:51.0906 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:28:51.0968 3596 PolicyAgent - ok
13:28:51.0984 3596 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:28:52.0062 3596 PptpMiniport - ok
13:28:52.0062 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:28:52.0125 3596 ProtectedStorage - ok
13:28:52.0125 3596 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:28:52.0203 3596 PSched - ok
13:28:52.0265 3596 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:28:52.0281 3596 PSI_SVC_2 - ok
13:28:52.0281 3596 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:28:52.0359 3596 Ptilink - ok
13:28:52.0359 3596 ql1080 - ok
13:28:52.0359 3596 Ql10wnt - ok
13:28:52.0359 3596 ql12160 - ok
13:28:52.0359 3596 ql1240 - ok
13:28:52.0359 3596 ql1280 - ok
13:28:52.0390 3596 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:28:52.0453 3596 RasAcd - ok
13:28:52.0484 3596 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:28:52.0546 3596 RasAuto - ok
13:28:52.0578 3596 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:28:52.0875 3596 Rasl2tp - ok
13:28:52.0906 3596 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:28:52.0984 3596 RasMan - ok
13:28:53.0000 3596 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:28:53.0078 3596 RasPppoe - ok
13:28:53.0078 3596 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:28:53.0171 3596 Raspti - ok
13:28:53.0203 3596 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:28:53.0343 3596 Rdbss - ok
13:28:53.0359 3596 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:28:53.0468 3596 RDPCDD - ok
13:28:53.0500 3596 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:28:53.0625 3596 rdpdr - ok
13:28:53.0750 3596 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:28:53.0796 3596 RDPWD - ok
13:28:53.0828 3596 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:28:53.0953 3596 RDSessMgr - ok
13:28:53.0984 3596 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:28:54.0093 3596 redbook - ok
13:28:54.0109 3596 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
13:28:54.0140 3596 regi - ok
13:28:54.0203 3596 [ 7C4391419852DFC331F6AF620C33AF3C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:28:54.0234 3596 RegSrvc - ok
13:28:54.0296 3596 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:28:54.0406 3596 RemoteAccess - ok
13:28:54.0421 3596 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:28:54.0546 3596 RemoteRegistry - ok
13:28:54.0609 3596 [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:28:54.0640 3596 rimmptsk - ok
13:28:54.0656 3596 [ D7E09BC852684A7B1FC0F74FE090D45A ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:28:54.0687 3596 rimsptsk - ok
13:28:54.0734 3596 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
13:28:54.0859 3596 RimUsb - ok
13:28:54.0906 3596 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:28:54.0921 3596 RimVSerPort - ok
13:28:54.0953 3596 [ 7C21554942BEF51CBD84FD7D4E62CB9A ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
13:28:55.0000 3596 rismc32 - ok
13:28:55.0000 3596 [ B0A7494A9BA7909EFAC64E05D3F160DB ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:28:55.0031 3596 rismxdp - ok
13:28:55.0078 3596 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
13:28:55.0187 3596 ROOTMODEM - ok
13:28:55.0234 3596 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:28:55.0343 3596 RpcLocator - ok
13:28:55.0437 3596 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:28:55.0453 3596 RpcSs - ok
13:28:55.0500 3596 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:28:55.0593 3596 RSVP - ok
13:28:55.0656 3596 [ 55CCC8CED5778556F6B516B3858AC970 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
13:28:55.0718 3596 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
13:28:55.0718 3596 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
13:28:55.0750 3596 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:28:55.0781 3596 s24trans - ok
13:28:55.0796 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:28:55.0906 3596 SamSs - ok
13:28:56.0031 3596 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:28:56.0046 3596 SASDIFSV - ok
13:28:56.0062 3596 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:28:56.0078 3596 SASKUTIL - ok
13:28:56.0125 3596 [ 8E381204B4431DBC480DEBC830F0CFDC ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
13:28:56.0140 3596 SavRoam - ok
13:28:56.0156 3596 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
13:28:56.0187 3596 SAVRT - ok
13:28:56.0187 3596 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:28:56.0218 3596 SAVRTPEL - ok
13:28:56.0234 3596 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:28:56.0343 3596 SCardSvr - ok
13:28:56.0375 3596 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:28:56.0484 3596 Schedule - ok
13:28:56.0546 3596 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:28:56.0687 3596 sdbus - ok
13:28:56.0718 3596 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:28:56.0750 3596 Secdrv - ok
13:28:56.0796 3596 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:28:56.0859 3596 seclogon - ok
13:28:56.0875 3596 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:28:56.0953 3596 SENS - ok
13:28:56.0968 3596 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:28:57.0031 3596 Serenum - ok
13:28:57.0046 3596 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:28:57.0109 3596 Serial - ok
13:28:57.0125 3596 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
13:28:57.0140 3596 SFAUDIO - ok
13:28:57.0171 3596 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:28:57.0234 3596 Sfloppy - ok
13:28:57.0265 3596 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:28:57.0343 3596 SharedAccess - ok
13:28:57.0375 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:28:57.0375 3596 ShellHWDetection - ok
13:28:57.0390 3596 Simbad - ok
13:28:57.0406 3596 [ 5BD0C3EEA602ECD57679ABF892CA6E8B ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
13:28:57.0421 3596 SNDSrvc - ok
13:28:57.0421 3596 Sparrow - ok
13:28:57.0484 3596 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:28:57.0546 3596 SPBBCDrv - ok
13:28:57.0640 3596 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
13:28:57.0687 3596 SPBBCSvc - ok
13:28:57.0734 3596 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:28:57.0796 3596 splitter - ok
13:28:57.0843 3596 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:28:57.0859 3596 Spooler - ok
13:28:57.0859 3596 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:28:57.0921 3596 sr - ok
13:28:57.0968 3596 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:28:58.0031 3596 srservice - ok
13:28:58.0062 3596 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:28:58.0156 3596 Srv - ok
13:28:58.0187 3596 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:28:58.0234 3596 SSDPSRV - ok
13:28:58.0265 3596 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:28:58.0375 3596 stisvc - ok
13:28:58.0390 3596 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:28:58.0500 3596 swenum - ok
13:28:58.0531 3596 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:28:58.0640 3596 swmidi - ok
13:28:58.0750 3596 [ 150AB4FA272130EC55B2A4FAEBDF47F9 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
13:28:58.0765 3596 swmsflt - ok
13:28:58.0765 3596 SwPrv - ok
13:28:58.0812 3596 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
13:28:58.0828 3596 sxuptp - ok
13:28:58.0921 3596 [ E9920BA62382CC9A59694BF3DF890799 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
13:28:59.0000 3596 Symantec AntiVirus - ok
13:28:59.0000 3596 symc810 - ok
13:28:59.0000 3596 symc8xx - ok
13:28:59.0031 3596 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:28:59.0062 3596 SymEvent - ok
13:28:59.0062 3596 [ 7DE45DFEBB51E56D7C795BD0C2D7AEF5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:28:59.0078 3596 SYMREDRV - ok
13:28:59.0125 3596 [ E1444C6095D67CA4EF6BA192CF7FA91A ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:28:59.0156 3596 SYMTDI - ok
13:28:59.0156 3596 sym_hi - ok
13:28:59.0156 3596 sym_u3 - ok
13:28:59.0187 3596 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:28:59.0250 3596 SynTP - ok
13:28:59.0312 3596 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:28:59.0437 3596 sysaudio - ok
13:28:59.0484 3596 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:28:59.0609 3596 SysmonLog - ok
13:28:59.0625 3596 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:28:59.0734 3596 TapiSrv - ok
13:28:59.0828 3596 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:28:59.0890 3596 Tcpip - ok
13:28:59.0906 3596 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:29:00.0031 3596 TDPIPE - ok
13:29:00.0062 3596 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:29:00.0187 3596 TDTCP - ok
13:29:00.0218 3596 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:29:00.0343 3596 TermDD - ok
13:29:00.0468 3596 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:29:00.0578 3596 TermService - ok
13:29:00.0593 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:29:00.0609 3596 Themes - ok
13:29:00.0625 3596 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:29:00.0703 3596 TlntSvr - ok
13:29:00.0703 3596 TosIde - ok
13:29:00.0703 3596 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:29:00.0828 3596 TrkWks - ok
13:29:00.0843 3596 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:29:00.0937 3596 Udfs - ok
13:29:00.0937 3596 ultra - ok
13:29:01.0031 3596 [ EFD150CDD5AA3269118EF500222B88E0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:29:01.0078 3596 UNS - ok
13:29:01.0078 3596 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:29:01.0156 3596 Update - ok
13:29:01.0187 3596 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:29:01.0218 3596 upnphost - ok
13:29:01.0234 3596 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:29:01.0281 3596 UPS - ok
13:29:01.0296 3596 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:29:01.0343 3596 USBAAPL - ok
13:29:01.0359 3596 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:29:01.0453 3596 usbccgp - ok
13:29:01.0500 3596 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:29:01.0593 3596 usbehci - ok
13:29:01.0593 3596 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:29:01.0687 3596 usbhub - ok
13:29:01.0718 3596 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:29:01.0796 3596 usbprint - ok
13:29:01.0828 3596 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:29:01.0921 3596 usbscan - ok
13:29:01.0953 3596 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:29:02.0031 3596 USBSTOR - ok
13:29:02.0046 3596 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:29:02.0125 3596 usbuhci - ok
13:29:02.0171 3596 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:29:02.0265 3596 VgaSave - ok
13:29:02.0265 3596 ViaIde - ok
13:29:02.0312 3596 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:29:02.0406 3596 VolSnap - ok
13:29:02.0484 3596 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
13:29:02.0500 3596 vpnagent - ok
13:29:02.0531 3596 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
13:29:02.0546 3596 vpnva - ok
13:29:02.0593 3596 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:29:02.0921 3596 VSS - ok
13:29:02.0953 3596 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:29:03.0046 3596 W32Time - ok
13:29:03.0062 3596 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:29:03.0156 3596 Wanarp - ok
13:29:03.0250 3596 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:29:03.0265 3596 Wdf01000 - ok
13:29:03.0265 3596 WDICA - ok
13:29:03.0296 3596 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:29:03.0359 3596 wdmaud - ok
13:29:03.0375 3596 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:29:03.0437 3596 WebClient - ok
13:29:03.0562 3596 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:29:03.0625 3596 winmgmt - ok
13:29:03.0718 3596 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:29:03.0921 3596 WinRM - ok
13:29:03.0968 3596 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:29:04.0078 3596 WmdmPmSN - ok
13:29:04.0125 3596 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:29:04.0203 3596 Wmi - ok
13:29:04.0218 3596 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:29:04.0406 3596 WmiAcpi - ok
13:29:04.0484 3596 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:29:04.0546 3596 WmiApSrv - ok
13:29:04.0656 3596 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:29:04.0828 3596 WMPNetworkSvc - ok
13:29:04.0921 3596 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:29:04.0968 3596 WPFFontCache_v0400 - ok
13:29:05.0015 3596 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:29:05.0140 3596 WS2IFSL - ok
13:29:05.0187 3596 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:29:05.0312 3596 wscsvc - ok
13:29:05.0312 3596 WSearch - ok
13:29:05.0406 3596 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:29:05.0500 3596 wuauserv - ok
13:29:05.0546 3596 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:29:05.0625 3596 WudfPf - ok
13:29:05.0640 3596 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:29:05.0671 3596 WudfRd - ok
13:29:05.0671 3596 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:29:05.0703 3596 WudfSvc - ok
13:29:05.0734 3596 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:29:05.0875 3596 WZCSVC - ok
13:29:05.0937 3596 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:29:06.0031 3596 xmlprov - ok
13:29:06.0046 3596 ================ Scan global ===============================
13:29:06.0093 3596 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:29:06.0125 3596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:29:06.0156 3596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:29:06.0187 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:29:06.0203 3596 [Global] - ok
13:29:06.0203 3596 ================ Scan MBR ==================================
13:29:06.0218 3596 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:29:06.0500 3596 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:29:06.0500 3596 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:29:06.0500 3596 ================ Scan VBR ==================================
13:29:06.0515 3596 [ 5BC6E2A8C5A520CB9004E29EBF1186E2 ] \Device\Harddisk0\DR0\Partition1
13:29:06.0515 3596 \Device\Harddisk0\DR0\Partition1 - ok
13:29:06.0515 3596 ============================================================
13:29:06.0515 3596 Scan finished
13:29:06.0515 3596 ============================================================
13:29:06.0625 4656 Detected object count: 7
13:29:06.0625 4656 Actual detected object count: 7
13:29:29.0953 4656 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0953 4656 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0953 4656 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0953 4656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0953 4656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0953 4656 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:29.0953 4656 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:29.0968 4656 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:29:30.0156 4656 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
13:29:30.0187 4656 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
13:29:30.0187 4656 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
13:29:30.0203 4656 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
13:29:30.0515 4656 \Device\Harddisk0\DR0\TDLFS - deleted
13:29:30.0515 4656 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
13:29:46.0734 4364 Deinitialize success


OTL Log

OTL logfile created on: 1/23/2013 1:40:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.84% Memory free
4.84 Gb Paging File | 4.07 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 187.18 Gb Free Space | 62.79% Space Free | Partition Type: NTFS

Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/04 16:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/10/12 16:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2012/03/26 02:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 18:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 09:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/05/26 21:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 21:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 05:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 15:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/12 13:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/12 13:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 12:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 15:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/13 10:09:47 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
MOD - [2013/01/13 10:08:51 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c8aa45e46a5a90e65984b1a2591c0ca7\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/13 10:08:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/13 10:06:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/13 10:06:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/13 10:06:05 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/13 10:05:05 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/13 10:05:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/13 09:56:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 12:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 12:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/17 18:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2009/02/27 05:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/12 13:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/05/12 13:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/04/14 07:00:00 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2008/04/14 07:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 07:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/02 07:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/12/06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 07:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 06:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 11:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 12:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 12:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 12:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 17:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/12/03 12:01:06 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/12/03 12:01:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/03 12:01:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/03 12:01:06 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121203.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/12/18 11:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 11:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 11:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/17 17:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 09:12:45 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 07:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 07:21:36 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/02 07:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 07:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/07/02 07:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/02 07:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 07:16:16 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/03/31 11:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 04:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/03/19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 13:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 17:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/03/28 17:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/20 00:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..\SearchScopes,DefaultScope = Comcast
IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2010/07/11 20:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/23 12:04:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3866077675-454247996-117300071-1006..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..Trusted Domains: bitdefender.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3866077675-454247996-117300071-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0A3EEB-CB54-425B-9A65-6F512B4E88CC}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (VPNGina.dll) - C:\WINDOWS\System32\vpngina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 14:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 13:29:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/23 12:12:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller.exe
[2013/01/23 11:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 11:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 11:53:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 11:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 11:51:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 11:51:15 | 005,026,296 | R--- | C] (Swearware) -- C:\Documents and Settings\Presenter\Desktop\ComboFix.exe
[2013/01/23 11:17:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller
[2013/01/23 11:00:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 20:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013/01/22 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2013/01/22 12:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/22 09:32:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/18 09:38:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/18 09:38:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/18 09:38:31 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/18 09:37:30 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/01/18 09:36:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/18 09:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/18 09:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2013/01/17 23:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Start Menu\Programs\System Progressive Protection
[2013/01/17 23:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD

========== Files - Modified Within 30 Days ==========

[2013/01/23 13:40:36 | 000,523,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/23 13:40:36 | 000,095,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/23 13:36:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/23 13:35:53 | 000,035,285 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/23 13:34:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/23 13:28:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2013/01/23 12:15:03 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller.exe
[2013/01/23 12:04:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/23 11:17:16 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Presenter\Desktop\tdsskiller
[2013/01/23 11:09:59 | 005,026,296 | R--- | M] (Swearware) -- C:\Documents and Settings\Presenter\Desktop\ComboFix.exe
[2013/01/22 20:28:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2013/01/22 20:09:56 | 006,325,248 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\EMET Setup.msi
[2013/01/22 09:33:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2013/01/18 20:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/18 09:36:24 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/13 10:15:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 10:00:03 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/13 09:40:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/11 19:30:25 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 19:30:25 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2013/01/06 08:12:13 | 000,047,685 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf

========== Files Created - No Company Name ==========

[2013/01/23 11:53:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 11:53:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 11:53:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 11:53:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 11:53:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/22 20:09:51 | 006,325,248 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\EMET Setup.msi
[2013/01/06 08:12:11 | 000,047,685 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\IMG952187.jpg
[2013/01/02 12:50:36 | 000,148,202 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\xfer.pdf
[2012/02/15 20:52:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 22:51:57 | 000,038,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/28 15:05:15 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/01/28 15:05:15 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009/10/08 09:26:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Presenter\JavaConnect.ini
[2009/08/12 06:32:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 10:43:17 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.bak

========== ZeroAccess Check ==========

[2009/07/02 08:45:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2006/10/28 22:06:34 | 000,092,160 | ---- | M] (SOFTWIN SRL) -- C:\bdc.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 14:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.EXE-2F433351.PF >
[2013/01/23 13:34:27 | 000,016,650 | ---- | M] () MD5=534969589CCEF9771F806707AEE2F97D -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.EXSD >
[2009/07/02 09:24:21 | 000,005,347 | ---- | M] () MD5=CC5EF0EBFFD746CDE1182113829BFF10 -- C:\Program Files\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.core_8.0.1.20081118-0430\schema\services.exsd

< MD5 for: SERVICES.HTML >
[2013/01/04 14:50:38 | 000,006,329 | ---- | M] () MD5=CBF97253DD695DF0C1591D1357E15043 -- C:\Program Files\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.JS >
[2009/07/02 09:24:45 | 000,002,822 | ---- | M] () MD5=999C63697D94D98BFB8FB79AC94D360C -- C:\Program Files\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.webapi_8.0.1.20081118-0430\services.js

< MD5 for: SERVICES.LNK >
[2009/07/02 07:31:53 | 000,001,602 | ---- | M] () MD5=FC8EC9E63687AE1FE6E440EA557C3D92 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9320421AS
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: TS8730WIMAGE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 298 GB Healthy System

< >

< >

< >

< End of report >


FSS.txt

Farbar Service Scanner Version: 16-01-2013
Ran by Presenter (administrator) on 23-01-2013 at 13:51:55
Running from "C:\Documents and Settings\Presenter\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Checkup.txt

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec AntiVirus Corporate Edition
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 33
Java 7 Update 11
Adobe Flash Player 11.4.402.278
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus SavRoam.exe
Symantec AntiVirus Rtvscan.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


Thanks again for all of your help.
  • 0

#13
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
Hi,

Thanks again for all of your help.

You are welcome.

We got the rootkit :thumbsup: and the last OTL log looks good. Let's look for any residual malware files. Please let me know if any issues remain after this run.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

Double Click the MalwareBytes icon on the desktop.
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

A.
Uninstall the ESET online Scanner program from the Add/Remove Programs list in Control Panel.

B.
Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET log (If it found anything)
  • 0

#14
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 139 posts
Okay godawgs, here isthe mbam log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Presenter :: TS8730WIMAGE [administrator]

1/23/2013 7:27:03 PM
mbam-log-2013-01-23 (19-27-03).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324275
Time elapsed: 1 hour(s), 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here is the eset log

C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0\332f5540-2859c440 a variant of Java/Exploit.CVE-2012-4681.CL trojan
C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application
C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP57\A0012407.dll a variant of Win32/Toolbar.CrossRider.A application
C:\System Volume Information\_restore{32D2C3A1-B955-4551-B853-B95B9A4F22FA}\RP57\A0012534.exe multiple threats
  • 0

#15
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,514 posts
Let's kill the things that ESET found and get a new OTL log. Then I want you to update your AntiVirus program. If the OTL log is clear we can cleanup the tools we've used.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Documents and Settings\Presenter\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer.
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
    System Restore will now be active again.


Step-3.

Update your Norton AntiVirus program.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.exe log
  • 0

Advertisement




Similar Topics: PUP.facethemes Issue [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured