Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How can I remove the MBR:Alureon-G [Rtk] [Closed]

Started by Goggleplex-Googleplex , May 13 2013 11:58 AM

  • This topic is locked This topic is locked

#1
Goggleplex-Googleplex
Posted 13 May 2013 - 11:58 AM

Goggleplex-Googleplex

    Member

  • Member
  • PipPipPip
  • 172 posts
I checked to see if I posted something on this topic before and found nothing... but I have low vision so I may've missed something. I also have memory problems so I don't remember if I tried to get an answer for this problem before so I hope I'll be given some slack if I'm in error. :(


AVAST says my Fujitsu LifeBook C1410 laptop is infected with the MBR:Alureon-G [Rtk]virus, (or whatever it is). :( I'd really appreciate it if somebody could give me a clear step by step way to get rid of this thing. At times, I'm redirected to ad sites when I tried to go somewhere else... and the computer refuses to shut down normally sometimes. At first I thought I might have to reinstall Windows XP to wipe this virus but I redd that it's in the "post" area of the system, and I'd have to get into the BIOS in order to do anything about this. I tried to get to the BIOS but I was prompted for a password!!! Fujitsu said they don't password-protect the BIOS so I think, either the person who owned this computer before me may've done this, or maybe the virus did it?

If I could get instructions on how to get rid of the MBR:Alureon-G [Rtk] thingie, then I'll attempt to get the password out of the BIOS. Fujitsu said they'd do it over the phone for around $150 or so. They refused to tell me how to open the case so the battery could be taken out or something.

Somebody else was asking how to get rid of this same virus but the person who answered said that their solution would only work on THAT particular machine... so I'm posting this to get help on MY machine. Any help will be very much appreciated. :)

Fujitsu LifeBook C1410 laptop
Windows XP Professional
Version 2002
Service Pack 3
  • 0

Advertisements

#2
Essexboy
Posted 13 May 2013 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first off lets have a quick look see :)

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Goggleplex-Googleplex
Posted 13 May 2013 - 04:36 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
OTL.TXT log:

OTL logfile created on: 5/13/2013 4:27:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jonaGOOK\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 288.29 Mb Available Physical Memory | 28.44% Memory free
2.89 Gb Paging File | 2.29 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.01 Gb Total Space | 130.01 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
Drive D: | 1.03 Gb Total Space | 1.02 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
Drive E: | 1.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIFEBOOK | User Name: jonaGOOK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/13 16:15:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jonaGOOK\My Documents\Downloads\OTL.exe
PRC - [2013/02/28 04:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 04:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/23 17:48:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:24 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\magnify.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/01 12:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 12:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 12:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/01/26 09:27:42 | 000,126,581 | ---- | M] (Words +, Inc.) -- C:\Program Files\Words+, Inc\EZ KeysXP\WplServ.exe
PRC - [2005/11/18 05:44:08 | 000,303,104 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
PRC - [2005/11/01 14:11:56 | 000,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005/11/01 14:06:36 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005/09/10 03:12:40 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005/06/08 12:20:32 | 000,069,632 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/13 02:51:51 | 002,084,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13051300\algo.dll
MOD - [2011/06/23 17:48:40 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/17 10:09:13 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2006/05/01 12:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 12:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 12:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/03/10 14:49:30 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [1998/05/21 03:04:10 | 000,007,168 | ---- | M] () -- C:\Program Files\Fujitsu\fjdvrupd\ADVNTLIB.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2013/03/03 12:30:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 04:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/26 09:27:42 | 000,126,581 | ---- | M] (Words +, Inc.) [Auto | Running] -- C:\Program Files\Words+, Inc\EZ KeysXP\WplServ.exe -- (WplServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/28 04:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/02/28 04:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/02/28 04:36:37 | 000,163,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/02/28 04:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/02/28 04:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/02/28 04:36:36 | 000,049,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/02/28 04:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/28 04:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/05/13 11:21:13 | 000,012,672 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouclassfiltr.sys -- (mouclassfiltr)
DRV - [2006/05/01 12:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/26 18:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/04/17 03:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/03/17 01:36:42 | 001,155,584 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 04:21:54 | 000,010,496 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FJGPNV.SYS -- (FJGPNV)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/08 19:48:00 | 000,243,712 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2005/11/01 14:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/10/19 00:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/21 17:56:22 | 000,007,196 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\FlashAid\FlashDrv.sys -- (FlashDrv)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/18 02:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004/01/17 07:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/01 08:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-08-2010


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\SearchScopes,DefaultScope = {44816E91-C68A-2FF3-3D8F-8970062E5600}
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\SearchScopes\{AFAEB506-2773-4D55-B2E5-E3E0A25C6643}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledAddons: [email protected]:4.3
FF - prefs.js..extensions.enabledAddons: [email protected]:4.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17}:1.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:8.0.1482
FF - prefs.js..keyword.URL: "http://search.yahoo....type=374563&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\Firefox [2009/11/23 10:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 21:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/01 19:14:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/05/02 21:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 17:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 17:49:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/05/02 21:33:06 | 000,000,000 | ---D | M]

[2011/05/08 14:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Extensions
[2013/05/13 16:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions
[2011/06/03 19:28:04 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
[2011/06/03 19:28:26 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\[email protected]
[2011/06/03 19:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}\chrome\content\dca\core\extensionManager
[2013/03/04 18:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/03 22:02:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/25 15:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2013/03/01 19:14:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/01/25 15:26:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 21:33:06 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/01/25 15:26:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Shop to Win 4) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files\Shop to Win 4\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Social Mini Toolbar powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Social Mini Toolbar powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Social Mini Toolbar powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Social Mini Toolbar powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (Social Mini Toolbar powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1249506804\ee\AOLSoftware.exe File not found
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jonaGOOK\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Search - ?s=100000337&p=ZUxdm486YYUS&si=46708&a=EEIbQv5HEBa99x249_y0cQ&n=2010080821 File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31C216F4-E9EB-4D52-AA76-16A08EE0B94A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/17 19:46:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/13 16:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/13 16:17:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/13 16:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/05/13 15:56:13 | 000,000,320 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/13 15:56:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/13 15:56:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 15:55:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/13 10:36:12 | 000,403,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/13 10:36:11 | 000,063,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/01 19:15:13 | 000,163,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/01 19:15:13 | 000,049,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2011/06/09 09:05:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jonaGOOK\Local Settings\Application Data\{EE390341-7A5D-4847-B502-A524AFE8E0A3}
[2011/06/09 08:37:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jonaGOOK\Local Settings\Application Data\{D4B5FA14-A1DB-4C61-86BF-47293E1D50A8}
[2011/05/29 16:46:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jonaGOOK\Local Settings\Application Data\{4E85CB76-E77E-4027-B1F0-D43181BDFF39}
[2011/05/28 19:49:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/05/17 17:59:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/20 14:17:34 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\jonaGOOK\Application DatadMb.dat
[2011/03/31 20:37:18 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\jonaGOOK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/05/17 20:11:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/08/05 18:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AskToolbar
[2010/01/29 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dealio
[2010/10/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCSB000062377
[2009/09/14 12:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/05/13 18:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Administrator
[2011/03/09 14:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/02 08:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synaptics
[2011/06/03 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/17 11:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 17:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/08 17:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/03/07 23:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\Dealio
[2011/03/10 09:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\FCSB000062377
[2011/05/02 08:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\Leadertech
[2011/06/03 22:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\OpenOffice.org
[2011/04/13 16:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\Synaptics
[2011/03/10 09:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\Viewpoint
[2011/05/17 07:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\WinPatrol
[2011/03/15 17:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Ran\Application Data\Dealio
[2011/03/15 17:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Ran\Application Data\FCSB000062377

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 20:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\i386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/04 08:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\i386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2006/05/17 19:46:18 | 000,001,602 | ---- | M] () MD5=3DDDF681BAF6FB430095F02A208D3AB6 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\i386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SBS >
[2011/03/01 03:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DL_ >
[2004/08/04 08:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\i386\WINSOCK.DL_

< MD5 for: WINSOCK.DLL >
[2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64217CD0

< End of report >



------------------------------------------------------------------------------------------------------------------------------------------
  • 0

#4
Goggleplex-Googleplex
Posted 13 May 2013 - 05:13 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Extras.Txt log: FIRST HALF OF THE LOG...

OTL Extras logfile created on: 5/13/2013 4:27:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jonaGOOK\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 288.29 Mb Available Physical Memory | 28.44% Memory free
2.89 Gb Paging File | 2.29 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.01 Gb Total Space | 130.01 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
Drive D: | 1.03 Gb Total Space | 1.02 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
Drive E: | 1.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIFEBOOK | User Name: jonaGOOK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3606907807-1105466040-3890003685-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\aol\1249506804\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1249506804\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\Steam\SteamApps\common\RailWorks\RailWorks.exe" = C:\Program Files\Steam\SteamApps\common\RailWorks\RailWorks.exe:*:Enabled:Train Simulator 2013


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04ECD699-9F3A-4F9C-A476-EEAA4E172079}" = Fujitsu System Extension Utility
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2B4508B3-7403-44FF-8FBC-5CCD032E3635}" = MSN Toolbar Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3758FA-C2DF-4E10-9D29-0CC28DA9214A}" = FlashAid
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70D9A80E-0E58-4F62-951F-D5246E8D6C6C}" = LifeBook Application Panel
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{792FBB04-5C13-47A1-9CD5-369A52BD47AA}" = Fujitsu Hotkey Utility
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D26775F-A7A3-4689-B825-69DD3E022DED}" = Fujitsu Display Manager
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
  • 0

#5
Goggleplex-Googleplex
Posted 13 May 2013 - 05:48 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
OK, I'm totally comfused! I made a stupid move and tried to just directly post the two logs. Tomorrow I'll send them as attachments, (if I can figure out how to do that). Since I can't see well enough, I can miss a lot. Sorry...
  • 0

#6
Goggleplex-Googleplex
Posted 14 May 2013 - 06:37 AM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
OK, the screen on this laptop is hard to see even if you have perfect vision! :) I'm gonna try and post the two logs again as attachments now. I guess when I tried to post them directly to the forum, it didn't work for both.

Attached Files

  • Attached File  Extras.Txt   44.88KB   211 downloads
  • Attached File  OTL.Txt   101.99KB   172 downloads

  • 0

#7
Goggleplex-Googleplex
Posted 14 May 2013 - 07:35 AM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Now I'm posting the aswMBR log...Attached File  aswMBR.txt   1.29KB   183 downloads

Please forgive me... I'm just not seeing things. It's very frustrating. :(

I just found something that says "Add to post," and I didn't click on that in my last post with the other 2 logs. I guess I should post those logs again and this time, click on the "Add to post" thingie. :(

UPDATE...

I'm not sure what's happening. I tried to add this reply and got a message saying "server not found." I also didn't realize that every time I press ENTER, a copy of the attachment I'm trying to post, will appear on the list! I deleted all but one, but after the error message, the others are back. I'll try deleting them again and I'll try adding this reply again now. "Action Failed!"

Maybe they're deleted already but still showing. I'll try to add this post now but if it doesn't work, I'm not sure what I should do next. :(
  • 0

#8
Essexboy
Posted 14 May 2013 - 07:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get you cleaned up .. There will be three programmes to run here, each will have its own set of instructions

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - prefs.js..extensions.enabledAddons: [email protected]:4.3
FF - prefs.js..extensions.enabledAddons: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/05/02 21:33:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/05/02 21:33:06 | 000,000,000 | ---D | M]
[2011/06/03 19:28:04 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
[2011/06/03 19:28:26 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\[email protected]
[2011/06/03 19:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jonaGOOK\Application Data\Mozilla\Firefox\Profiles\ohaoxefs.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}\chrome\content\dca\core\extensionManager
[2011/01/25 15:26:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/02 21:33:06 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
O2 - BHO: (Shop to Win 4) - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files\Shop to Win 4\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3606907807-1105466040-3890003685-1005\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O8 - Extra context menu item: &Search - ?s=100000337&p=ZUxdm486YYUS&si=46708&a=EEIbQv5HEBa99x249_y0cQ&n=2010080821 File not found
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2010/01/29 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dealio
[2011/06/03 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/03/07 23:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jonaGOOK\Application Data\Dealio
[2011/03/15 17:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Ran\Application Data\Dealio

:Files
C:\Program Files\Search Toolbar
C:\Program Files\Shop to Win 4

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#9
Goggleplex-Googleplex
Posted 14 May 2013 - 10:36 AM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
12:24:54.0390 1228 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:24:55.0406 1228 ============================================================
12:24:55.0406 1228 Current date / time: 2013/05/14 12:24:55.0406
12:24:55.0406 1228 SystemInfo:
12:24:55.0406 1228
12:24:55.0406 1228 OS Version: 5.1.2600 ServicePack: 3.0
12:24:55.0406 1228 Product type: Workstation
12:24:55.0406 1228 ComputerName: LIFEBOOK
12:24:55.0406 1228 UserName: jonaGOOK
12:24:55.0406 1228 Windows directory: C:\WINDOWS
12:24:55.0406 1228 System windows directory: C:\WINDOWS
12:24:55.0406 1228 Processor architecture: Intel x86
12:24:55.0406 1228 Number of processors: 2
12:24:55.0406 1228 Page size: 0x1000
12:24:55.0406 1228 Boot type: Normal boot
12:24:55.0406 1228 ============================================================
12:24:56.0234 1228 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:24:56.0250 1228 ============================================================
12:24:56.0250 1228 \Device\Harddisk0\DR0:
12:24:56.0250 1228 MBR partitions:
12:24:56.0250 1228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x128072BB
12:24:56.0250 1228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x128072FA, BlocksNum 0x2117C7
12:24:56.0250 1228 ============================================================
12:24:56.0265 1228 C: <-> \Device\Harddisk0\DR0\Partition1
12:24:56.0296 1228 D: <-> \Device\Harddisk0\DR0\Partition2
12:24:56.0296 1228 ============================================================
12:24:56.0296 1228 Initialize success
12:24:56.0296 1228 ============================================================
12:27:24.0406 0312 ============================================================
12:27:24.0406 0312 Scan started
12:27:24.0406 0312 Mode: Manual; SigCheck; TDLFS;
12:27:24.0406 0312 ============================================================
12:27:25.0281 0312 ================ Scan system memory ========================
12:27:25.0281 0312 System memory - ok
12:27:25.0312 0312 ================ Scan services =============================
12:27:25.0421 0312 Abiosdsk - ok
12:27:25.0437 0312 abp480n5 - ok
12:27:25.0500 0312 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:27:27.0234 0312 ACPI - ok
12:27:27.0437 0312 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:27:27.0609 0312 ACPIEC - ok
12:27:27.0718 0312 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:27:27.0750 0312 AdobeFlashPlayerUpdateSvc - ok
12:27:27.0765 0312 adpu160m - ok
12:27:27.0796 0312 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:27:27.0937 0312 aec - ok
12:27:27.0984 0312 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:27:28.0000 0312 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:27:28.0000 0312 AegisP - detected UnsignedFile.Multi.Generic (1)
12:27:28.0062 0312 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:27:28.0093 0312 AFD - ok
12:27:28.0203 0312 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:27:28.0328 0312 AgereSoftModem - ok
12:27:28.0343 0312 Aha154x - ok
12:27:28.0343 0312 aic78u2 - ok
12:27:28.0359 0312 aic78xx - ok
12:27:28.0406 0312 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:27:28.0546 0312 Alerter - ok
12:27:28.0578 0312 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:27:28.0718 0312 ALG - ok
12:27:28.0718 0312 AliIde - ok
12:27:28.0734 0312 amsint - ok
12:27:28.0781 0312 AOL ACS - ok
12:27:28.0828 0312 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:27:28.0953 0312 AppMgmt - ok
12:27:29.0015 0312 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:27:29.0140 0312 Arp1394 - ok
12:27:29.0140 0312 asc - ok
12:27:29.0156 0312 asc3350p - ok
12:27:29.0156 0312 asc3550 - ok
12:27:29.0281 0312 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:27:29.0312 0312 aspnet_state - ok
12:27:29.0343 0312 [ 5B3562D243AE2BB76858867DCA43038D ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:27:29.0468 0312 aswFsBlk - ok
12:27:29.0484 0312 [ 1A4EABEE6A4809EDA17F7593E211B402 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
12:27:29.0500 0312 aswMonFlt - ok
12:27:29.0531 0312 [ 18DFC0A71F2C7AA13B2F18316AE208BB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
12:27:29.0546 0312 aswRdr - ok
12:27:29.0546 0312 [ F9647D0C5871245F60AD743B0A10D1F1 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
12:27:29.0562 0312 aswRvrt - ok
12:27:29.0609 0312 [ 2A8E206C73D6C0AA795DF8299808AB26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
12:27:29.0687 0312 aswSnx - ok
12:27:29.0750 0312 [ F0D5770AE7F46387AE17FF9EBB287AAC ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:27:29.0781 0312 aswSP - ok
12:27:29.0812 0312 [ C75DDAE1FDD93A6C9A53DE175DC51225 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:27:29.0828 0312 aswTdi - ok
12:27:29.0828 0312 [ 1DCB866DDD43751164AFC01EC2C086CB ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
12:27:29.0843 0312 aswVmm - ok
12:27:29.0859 0312 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:27:30.0031 0312 AsyncMac - ok
12:27:30.0031 0312 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:27:30.0171 0312 atapi - ok
12:27:30.0187 0312 Atdisk - ok
12:27:30.0218 0312 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:27:30.0359 0312 Atmarpc - ok
12:27:30.0406 0312 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:27:30.0515 0312 AudioSrv - ok
12:27:30.0578 0312 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:27:30.0687 0312 audstub - ok
12:27:30.0781 0312 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:27:30.0812 0312 avast! Antivirus - ok
12:27:30.0875 0312 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:27:31.0000 0312 Beep - ok
12:27:31.0046 0312 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:27:31.0250 0312 BITS - ok
12:27:31.0281 0312 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:27:31.0406 0312 Browser - ok
12:27:31.0453 0312 [ C84E0365E1B1D1F96EBDF3B403DE5FEB ] BtnHnd C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
12:27:31.0484 0312 BtnHnd ( UnsignedFile.Multi.Generic ) - warning
12:27:31.0484 0312 BtnHnd - detected UnsignedFile.Multi.Generic (1)
12:27:31.0515 0312 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:27:31.0687 0312 cbidf2k - ok
12:27:31.0687 0312 cd20xrnt - ok
12:27:31.0703 0312 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:27:31.0843 0312 Cdaudio - ok
12:27:31.0890 0312 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:27:32.0000 0312 Cdfs - ok
12:27:32.0015 0312 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:27:32.0125 0312 Cdrom - ok
12:27:32.0140 0312 Changer - ok
12:27:32.0171 0312 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:27:32.0296 0312 CiSvc - ok
12:27:32.0343 0312 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:27:32.0453 0312 ClipSrv - ok
12:27:32.0500 0312 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:32.0546 0312 clr_optimization_v2.0.50727_32 - ok
12:27:32.0546 0312 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:27:32.0687 0312 CmBatt - ok
12:27:32.0687 0312 CmdIde - ok
12:27:32.0703 0312 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:27:32.0828 0312 Compbatt - ok
12:27:32.0843 0312 COMSysApp - ok
12:27:32.0859 0312 Cpqarray - ok
12:27:32.0890 0312 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:27:33.0031 0312 CryptSvc - ok
12:27:33.0046 0312 dac2w2k - ok
12:27:33.0046 0312 dac960nt - ok
12:27:33.0109 0312 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:27:33.0250 0312 DcomLaunch - ok
12:27:33.0296 0312 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:27:33.0453 0312 Dhcp - ok
12:27:33.0468 0312 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:27:33.0609 0312 Disk - ok
12:27:33.0625 0312 dmadmin - ok
12:27:33.0671 0312 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:27:33.0859 0312 dmboot - ok
12:27:33.0859 0312 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:27:34.0000 0312 dmio - ok
12:27:34.0031 0312 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:27:34.0156 0312 dmload - ok
12:27:34.0203 0312 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:27:34.0328 0312 dmserver - ok
12:27:34.0343 0312 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:27:34.0468 0312 DMusic - ok
12:27:34.0500 0312 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:27:34.0609 0312 Dnscache - ok
12:27:34.0656 0312 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:27:34.0781 0312 Dot3svc - ok
12:27:34.0796 0312 dpti2o - ok
12:27:34.0859 0312 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:27:34.0984 0312 drmkaud - ok
12:27:35.0015 0312 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:27:35.0156 0312 EapHost - ok
12:27:35.0156 0312 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:27:35.0296 0312 ERSvc - ok
12:27:35.0359 0312 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:27:35.0421 0312 Eventlog - ok
12:27:35.0484 0312 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:27:35.0531 0312 EventSystem - ok
12:27:35.0640 0312 [ F96E450937BAD69FE4804D46829AA5C7 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:27:35.0671 0312 EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:27:35.0671 0312 EvtEng - detected UnsignedFile.Multi.Generic (1)
12:27:35.0703 0312 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:27:35.0828 0312 Fastfat - ok
12:27:35.0875 0312 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:27:36.0015 0312 FastUserSwitchingCompatibility - ok
12:27:36.0078 0312 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:27:36.0234 0312 Fax - ok
12:27:36.0265 0312 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:27:36.0390 0312 Fdc - ok
12:27:36.0437 0312 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:27:36.0562 0312 Fips - ok
12:27:36.0593 0312 [ A6F7D4C2542B0F7FBC3FBF68FEE8C856 ] FJGPNV C:\WINDOWS\system32\drivers\FJGPNV.SYS
12:27:36.0609 0312 FJGPNV ( UnsignedFile.Multi.Generic ) - warning
12:27:36.0609 0312 FJGPNV - detected UnsignedFile.Multi.Generic (1)
12:27:36.0671 0312 [ 671FA8A69B6B7F72071BC91F4B0CE8EA ] FlashDrv C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys
12:27:36.0687 0312 FlashDrv ( UnsignedFile.Multi.Generic ) - warning
12:27:36.0687 0312 FlashDrv - detected UnsignedFile.Multi.Generic (1)
12:27:36.0687 0312 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:27:36.0812 0312 Flpydisk - ok
12:27:36.0843 0312 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:27:36.0968 0312 FltMgr - ok
12:27:37.0000 0312 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:27:37.0125 0312 Fs_Rec - ok
12:27:37.0156 0312 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:27:37.0296 0312 Ftdisk - ok
12:27:37.0343 0312 [ 00845DCD64FE6348DDF7890C310C17B9 ] FUJ02B1 C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
12:27:37.0375 0312 FUJ02B1 - ok
12:27:37.0390 0312 [ C4942669FDE5ABD7BBE70027C9DE1247 ] FUJ02E1 C:\WINDOWS\system32\Drivers\FUJ02E1.sys
12:27:37.0421 0312 FUJ02E1 - ok
12:27:37.0437 0312 [ EF9F310F86FD504AFCDCEDF8280091FB ] FUJ02E3 C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
12:27:37.0453 0312 FUJ02E3 - ok
12:27:37.0515 0312 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:27:37.0625 0312 Gpc - ok
12:27:37.0703 0312 gupdate - ok
12:27:37.0718 0312 gupdatem - ok
12:27:37.0750 0312 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:27:37.0875 0312 HDAudBus - ok
12:27:37.0968 0312 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:27:38.0109 0312 helpsvc - ok
12:27:38.0140 0312 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:27:38.0296 0312 HidServ - ok
12:27:38.0390 0312 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:27:38.0562 0312 HidUsb - ok
12:27:38.0593 0312 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:27:38.0765 0312 hkmsvc - ok
12:27:38.0765 0312 hpn - ok
12:27:38.0828 0312 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:27:38.0906 0312 HTTP - ok
12:27:38.0921 0312 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:27:39.0140 0312 HTTPFilter - ok
12:27:39.0140 0312 i2omgmt - ok
12:27:39.0140 0312 i2omp - ok
12:27:39.0203 0312 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:27:39.0328 0312 i8042prt - ok
12:27:39.0437 0312 [ 81EFE1C5542AFB2570758F39AE3B1151 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:27:39.0593 0312 ialm - ok
12:27:39.0656 0312 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:27:39.0765 0312 iaStor - ok
12:27:39.0781 0312 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:27:39.0968 0312 Imapi - ok
12:27:40.0015 0312 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:27:40.0140 0312 ImapiService - ok
12:27:40.0156 0312 ini910u - ok
12:27:40.0390 0312 [ 71AE838A88B07268D732F596FC17CED5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:27:40.0828 0312 IntcAzAudAddService - ok
12:27:40.0843 0312 IntelIde - ok
12:27:40.0890 0312 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:27:41.0062 0312 intelppm - ok
12:27:41.0109 0312 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:27:41.0234 0312 Ip6Fw - ok
12:27:41.0281 0312 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:27:41.0406 0312 IpFilterDriver - ok
12:27:41.0421 0312 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:27:41.0546 0312 IpInIp - ok
12:27:41.0609 0312 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:27:41.0734 0312 IpNat - ok
12:27:41.0765 0312 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:27:41.0875 0312 IPSec - ok
12:27:41.0906 0312 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
12:27:42.0015 0312 irda - ok
12:27:42.0031 0312 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:27:42.0156 0312 IRENUM - ok
12:27:42.0218 0312 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
12:27:42.0328 0312 Irmon - ok
12:27:42.0375 0312 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:27:42.0500 0312 isapnp - ok
12:27:42.0609 0312 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:27:42.0625 0312 JavaQuickStarterService - ok
12:27:42.0640 0312 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:27:42.0812 0312 Kbdclass - ok
12:27:42.0843 0312 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:27:43.0000 0312 kmixer - ok
12:27:43.0031 0312 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:27:43.0140 0312 KSecDD - ok
12:27:43.0187 0312 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:27:43.0343 0312 lanmanserver - ok
12:27:43.0390 0312 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:27:43.0437 0312 lanmanworkstation - ok
12:27:43.0453 0312 lbrtfdc - ok
12:27:43.0484 0312 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:27:43.0656 0312 LmHosts - ok
12:27:43.0671 0312 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:27:43.0796 0312 Messenger - ok
12:27:43.0859 0312 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:27:43.0984 0312 mnmdd - ok
12:27:44.0046 0312 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:27:44.0156 0312 mnmsrvc - ok
12:27:44.0187 0312 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:27:44.0296 0312 Modem - ok
12:27:44.0359 0312 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:27:44.0468 0312 Mouclass - ok
12:27:44.0484 0312 [ 1E48D6DC8987367F2F8EA004798147AF ] mouclassfiltr C:\WINDOWS\system32\DRIVERS\mouclassfiltr.sys
12:27:44.0484 0312 mouclassfiltr ( UnsignedFile.Multi.Generic ) - warning
12:27:44.0484 0312 mouclassfiltr - detected UnsignedFile.Multi.Generic (1)
12:27:44.0531 0312 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:27:44.0671 0312 mouhid - ok
12:27:44.0750 0312 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:27:44.0875 0312 MountMgr - ok
12:27:44.0875 0312 mraid35x - ok
12:27:44.0890 0312 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:27:45.0015 0312 MRxDAV - ok
12:27:45.0078 0312 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:27:45.0156 0312 MRxSmb - ok
12:27:45.0156 0312 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:27:45.0312 0312 Msfs - ok
12:27:45.0328 0312 MSIServer - ok
12:27:45.0343 0312 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:27:45.0484 0312 MSKSSRV - ok
12:27:45.0500 0312 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:27:45.0640 0312 MSPCLOCK - ok
12:27:45.0671 0312 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:27:45.0828 0312 MSPQM - ok
12:27:45.0859 0312 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:27:46.0046 0312 mssmbios - ok
12:27:46.0093 0312 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:27:46.0234 0312 Mup - ok
12:27:46.0281 0312 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:27:46.0453 0312 napagent - ok
12:27:46.0484 0312 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:27:46.0640 0312 NDIS - ok
12:27:46.0671 0312 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:27:46.0828 0312 NdisTapi - ok
12:27:46.0859 0312 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:27:47.0000 0312 Ndisuio - ok
12:27:47.0015 0312 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:27:47.0156 0312 NdisWan - ok
12:27:47.0203 0312 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:27:47.0250 0312 NDProxy - ok
12:27:47.0250 0312 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:27:47.0406 0312 NetBIOS - ok
12:27:47.0421 0312 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:27:47.0562 0312 NetBT - ok
12:27:47.0609 0312 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:27:47.0765 0312 NetDDE - ok
12:27:47.0765 0312 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:27:47.0890 0312 NetDDEdsdm - ok
12:27:47.0921 0312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:27:48.0046 0312 Netlogon - ok
12:27:48.0062 0312 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:27:48.0203 0312 Netman - ok
12:27:48.0250 0312 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:27:48.0375 0312 NIC1394 - ok
12:27:48.0421 0312 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
12:27:48.0515 0312 Nla - ok
12:27:48.0531 0312 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:27:48.0656 0312 Npfs - ok
12:27:48.0687 0312 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:27:48.0921 0312 Ntfs - ok
12:27:48.0953 0312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:27:49.0109 0312 NtLmSsp - ok
12:27:49.0156 0312 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:27:49.0390 0312 NtmsSvc - ok
12:27:49.0437 0312 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:27:49.0562 0312 Null - ok
12:27:49.0609 0312 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:27:49.0734 0312 NwlnkFlt - ok
12:27:49.0734 0312 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:27:49.0859 0312 NwlnkFwd - ok
12:27:49.0906 0312 odserv - ok
12:27:49.0953 0312 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:27:50.0078 0312 ohci1394 - ok
12:27:50.0093 0312 ose - ok
12:27:50.0109 0312 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:27:50.0234 0312 Parport - ok
12:27:50.0234 0312 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:27:50.0375 0312 PartMgr - ok
12:27:50.0421 0312 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:27:50.0531 0312 ParVdm - ok
12:27:50.0531 0312 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:27:50.0671 0312 PCI - ok
12:27:50.0671 0312 PCIDump - ok
12:27:50.0703 0312 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:27:50.0812 0312 PCIIde - ok
12:27:50.0828 0312 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:27:50.0953 0312 Pcmcia - ok
12:27:50.0953 0312 PDCOMP - ok
12:27:50.0968 0312 PDFRAME - ok
12:27:50.0968 0312 PDRELI - ok
12:27:50.0984 0312 PDRFRAME - ok
12:27:50.0984 0312 perc2 - ok
12:27:51.0000 0312 perc2hib - ok
12:27:51.0031 0312 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:27:51.0109 0312 PlugPlay - ok
12:27:51.0109 0312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:27:51.0234 0312 PolicyAgent - ok
12:27:51.0265 0312 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:27:51.0390 0312 PptpMiniport - ok
12:27:51.0390 0312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:27:51.0515 0312 ProtectedStorage - ok
12:27:51.0546 0312 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:27:51.0671 0312 PSched - ok
12:27:51.0687 0312 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:27:51.0828 0312 Ptilink - ok
12:27:51.0875 0312 [ F91D5CBFC43E61D80C347B2EA1ECC9E7 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:27:51.0890 0312 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:27:51.0890 0312 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:27:51.0906 0312 ql1080 - ok
12:27:51.0906 0312 Ql10wnt - ok
12:27:51.0921 0312 ql12160 - ok
12:27:51.0921 0312 ql1240 - ok
12:27:51.0937 0312 ql1280 - ok
12:27:51.0968 0312 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:27:52.0109 0312 RasAcd - ok
12:27:52.0125 0312 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:27:52.0250 0312 RasAuto - ok
12:27:52.0296 0312 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:27:52.0375 0312 Rasirda - ok
12:27:52.0375 0312 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:27:52.0484 0312 Rasl2tp - ok
12:27:52.0546 0312 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:27:52.0671 0312 RasMan - ok
12:27:52.0703 0312 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:27:52.0812 0312 RasPppoe - ok
12:27:52.0859 0312 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:27:52.0984 0312 Raspti - ok
12:27:53.0000 0312 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:27:53.0125 0312 Rdbss - ok
12:27:53.0156 0312 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:27:53.0296 0312 RDPCDD - ok
12:27:53.0343 0312 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:27:53.0468 0312 rdpdr - ok
12:27:53.0531 0312 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:27:53.0656 0312 RDPWD - ok
12:27:53.0687 0312 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:27:53.0812 0312 RDSessMgr - ok
12:27:53.0843 0312 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:27:53.0953 0312 redbook - ok
12:27:54.0015 0312 [ 6210679582240D54CC7FCC6278CA8B04 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:27:54.0015 0312 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:27:54.0015 0312 RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:27:54.0062 0312 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:27:54.0171 0312 RemoteAccess - ok
12:27:54.0218 0312 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:27:54.0343 0312 RemoteRegistry - ok
12:27:54.0390 0312 [ 881EAC7D2000E19F109298BAECCE2499 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
12:27:54.0406 0312 risdptsk - ok
12:27:54.0421 0312 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:27:54.0562 0312 RpcLocator - ok
12:27:54.0609 0312 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:27:54.0750 0312 RpcSs - ok
12:27:54.0812 0312 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:27:54.0984 0312 RSVP - ok
12:27:55.0046 0312 [ 99647323602BE0E77A9737E6EADA65BA ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:27:55.0125 0312 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:27:55.0125 0312 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:27:55.0140 0312 [ 2C0E9E777AB1849B43494626C1F308B5 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:27:55.0171 0312 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:27:55.0171 0312 s24trans - detected UnsignedFile.Multi.Generic (1)
12:27:55.0187 0312 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:27:55.0328 0312 SamSs - ok
12:27:55.0343 0312 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:27:55.0500 0312 SCardSvr - ok
12:27:55.0562 0312 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:27:55.0765 0312 Schedule - ok
12:27:55.0796 0312 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:27:55.0921 0312 sdbus - ok
12:27:56.0046 0312 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:27:56.0062 0312 SeaPort - ok
12:27:56.0093 0312 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:27:56.0203 0312 Secdrv - ok
12:27:56.0218 0312 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:27:56.0359 0312 seclogon - ok
12:27:56.0359 0312 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:27:56.0484 0312 SENS - ok
12:27:56.0484 0312 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:27:56.0609 0312 serenum - ok
12:27:56.0640 0312 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:27:56.0796 0312 Serial - ok
12:27:56.0828 0312 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:27:56.0968 0312 Sfloppy - ok
12:27:57.0031 0312 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:27:57.0171 0312 SharedAccess - ok
12:27:57.0218 0312 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:27:57.0359 0312 ShellHWDetection - ok
12:27:57.0359 0312 Simbad - ok
12:27:57.0390 0312 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
12:27:57.0468 0312 SMCIRDA - ok
12:27:57.0468 0312 Sparrow - ok
12:27:57.0531 0312 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:27:57.0687 0312 splitter - ok
12:27:57.0734 0312 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:27:57.0890 0312 Spooler - ok
12:27:57.0953 0312 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:27:58.0125 0312 sr - ok
12:27:58.0156 0312 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:27:58.0359 0312 srservice - ok
12:27:58.0421 0312 [ DA852E3E0BF1CEA75D756F9866241E57 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:27:58.0531 0312 Srv - ok
12:27:58.0562 0312 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:27:58.0703 0312 SSDPSRV - ok
12:27:58.0750 0312 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:27:58.0984 0312 stisvc - ok
12:27:59.0031 0312 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:27:59.0218 0312 swenum - ok
12:27:59.0250 0312 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:27:59.0359 0312 swmidi - ok
12:27:59.0375 0312 SwPrv - ok
12:27:59.0390 0312 symc810 - ok
12:27:59.0390 0312 symc8xx - ok
12:27:59.0437 0312 SYMIDSCO - ok
12:27:59.0437 0312 sym_hi - ok
12:27:59.0437 0312 sym_u3 - ok
12:27:59.0484 0312 [ F8393BDFB6726A0F97DD23AA54F3087D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:27:59.0562 0312 SynTP - ok
12:27:59.0578 0312 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:27:59.0703 0312 sysaudio - ok
12:27:59.0765 0312 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:27:59.0890 0312 SysmonLog - ok
12:27:59.0921 0312 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:28:00.0062 0312 TapiSrv - ok
12:28:00.0125 0312 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:00.0187 0312 Tcpip - ok
12:28:00.0218 0312 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:00.0343 0312 TDPIPE - ok
12:28:00.0375 0312 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:00.0500 0312 TDTCP - ok
12:28:00.0515 0312 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:00.0656 0312 TermDD - ok
12:28:00.0718 0312 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:28:00.0890 0312 TermService - ok
12:28:00.0921 0312 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:28:01.0062 0312 Themes - ok
12:28:01.0093 0312 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:28:01.0250 0312 TlntSvr - ok
12:28:01.0296 0312 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\WINDOWS\system32\drivers\Toshidpt.sys
12:28:01.0312 0312 toshidpt ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0312 0312 toshidpt - detected UnsignedFile.Multi.Generic (1)
12:28:01.0328 0312 TosIde - ok
12:28:01.0343 0312 [ D626E0AF9232D8799D3A449530F3C220 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
12:28:01.0359 0312 tosporte ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0359 0312 tosporte - detected UnsignedFile.Multi.Generic (1)
12:28:01.0390 0312 [ 0EC5206059D97A8DC785BE73FB457EC7 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
12:28:01.0406 0312 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0406 0312 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
12:28:01.0437 0312 [ 33498B8F0B2CA549C2B7FFC1B3C0F1BC ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
12:28:01.0453 0312 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0453 0312 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
12:28:01.0468 0312 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
12:28:01.0500 0312 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0500 0312 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
12:28:01.0500 0312 [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
12:28:01.0515 0312 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0515 0312 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
12:28:01.0546 0312 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
12:28:01.0593 0312 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0593 0312 tosrfnds - detected UnsignedFile.Multi.Generic (1)
12:28:01.0609 0312 [ 0D86D15CAFF2B3203C785D604EC7C942 ] TosRfSnd C:\WINDOWS\system32\drivers\TosRfSnd.sys
12:28:01.0625 0312 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0625 0312 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
12:28:01.0625 0312 [ D870FD6CE9060B73289F47E88630EE0E ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
12:28:01.0656 0312 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
12:28:01.0656 0312 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
12:28:01.0703 0312 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:28:01.0890 0312 TrkWks - ok
12:28:01.0906 0312 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:28:02.0109 0312 Udfs - ok
12:28:02.0109 0312 ultra - ok
12:28:02.0156 0312 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:28:02.0203 0312 UMWdf - ok
12:28:02.0265 0312 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:28:02.0421 0312 Update - ok
12:28:02.0437 0312 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:28:02.0578 0312 upnphost - ok
12:28:02.0593 0312 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:28:02.0718 0312 UPS - ok
12:28:02.0750 0312 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:28:02.0875 0312 usbaudio - ok
12:28:02.0906 0312 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:03.0031 0312 usbccgp - ok
12:28:03.0046 0312 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:03.0171 0312 usbehci - ok
12:28:03.0187 0312 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:03.0312 0312 usbhub - ok
12:28:03.0343 0312 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:03.0484 0312 usbstor - ok
12:28:03.0500 0312 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:28:03.0625 0312 usbuhci - ok
12:28:03.0625 0312 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:28:03.0734 0312 VgaSave - ok
12:28:03.0750 0312 ViaIde - ok
12:28:03.0765 0312 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:03.0906 0312 VolSnap - ok
12:28:03.0953 0312 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:28:04.0093 0312 VSS - ok
12:28:04.0109 0312 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:28:04.0234 0312 W32Time - ok
12:28:04.0343 0312 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:28:04.0531 0312 w39n51 - ok
12:28:04.0546 0312 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:04.0671 0312 Wanarp - ok
12:28:04.0671 0312 wanatw - ok
12:28:04.0718 0312 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:28:04.0750 0312 Wdf01000 - ok
12:28:04.0750 0312 WDICA - ok
12:28:04.0781 0312 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:04.0968 0312 wdmaud - ok
12:28:05.0000 0312 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:28:05.0140 0312 WebClient - ok
12:28:05.0234 0312 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:28:05.0359 0312 winmgmt - ok
12:28:05.0484 0312 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:28:05.0640 0312 wlidsvc - ok
12:28:05.0687 0312 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:28:05.0750 0312 WmdmPmSN - ok
12:28:05.0828 0312 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:28:05.0953 0312 Wmi - ok
12:28:06.0015 0312 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:28:06.0203 0312 WmiApSrv - ok
12:28:06.0296 0312 [ 7C3E208B0A5F13A31D9728F9AC190AEB ] WplServ C:\Program Files\Words+, Inc\EZ KeysXP\WplServ.exe
12:28:06.0296 0312 WplServ ( UnsignedFile.Multi.Generic ) - warning
12:28:06.0296 0312 WplServ - detected UnsignedFile.Multi.Generic (1)
12:28:06.0375 0312 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:28:06.0500 0312 wscsvc - ok
12:28:06.0500 0312 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:28:06.0640 0312 wuauserv - ok
12:28:06.0718 0312 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:28:06.0890 0312 WZCSVC - ok
12:28:06.0921 0312 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:28:07.0093 0312 xmlprov - ok
12:28:07.0156 0312 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:28:07.0203 0312 YahooAUService - ok
12:28:07.0250 0312 [ 70DEAE7DF954AF41B49FA492C01E3A2A ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:28:07.0312 0312 yukonwxp - ok
12:28:07.0343 0312 ================ Scan global ===============================
12:28:07.0375 0312 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:28:07.0437 0312 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:28:07.0500 0312 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:28:07.0531 0312 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:28:07.0531 0312 [Global] - ok
12:28:07.0546 0312 ================ Scan MBR ==================================
12:28:07.0546 0312 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:28:07.0828 0312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:28:07.0828 0312 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:28:07.0828 0312 ================ Scan VBR ==================================
12:28:07.0828 0312 [ 5DF222A02216A4EFB8E56F6882CD15B1 ] \Device\Harddisk0\DR0\Partition1
12:28:07.0843 0312 \Device\Harddisk0\DR0\Partition1 - ok
12:28:07.0875 0312 [ AE44F694A89E32F29B822D10133997CD ] \Device\Harddisk0\DR0\Partition2
12:28:07.0875 0312 \Device\Harddisk0\DR0\Partition2 - ok
12:28:07.0875 0312 ============================================================
12:28:07.0875 0312 Scan finished
12:28:07.0875 0312 ============================================================
12:28:08.0031 3036 Detected object count: 21
12:28:08.0031 3036 Actual detected object count: 21
12:29:50.0093 3036 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0093 3036 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0093 3036 BtnHnd ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0093 3036 BtnHnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0125 3036 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0125 3036 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0125 3036 FJGPNV ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0125 3036 FJGPNV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0125 3036 FlashDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0125 3036 FlashDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0125 3036 mouclassfiltr ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0125 3036 mouclassfiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0140 3036 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0140 3036 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0156 3036 WplServ ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:50.0156 3036 WplServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:50.0171 3036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:29:50.0171 3036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#10
Essexboy
Posted 14 May 2013 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK once you have run the next programmes I will remove the last element of the TDSS
  • 0

Advertisements

#11
Goggleplex-Googleplex
Posted 14 May 2013 - 01:00 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
The OTL log:

Attached File  OTL2.Txt   63.07KB   169 downloads
  • 0

#12
Essexboy
Posted 14 May 2013 - 01:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of the AdwCleaner run

Run TDSSKiller once more with the same settings as before
When the following element appears select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Then let me know how the computer is behaving
  • 0

#13
Goggleplex-Googleplex
Posted 14 May 2013 - 01:56 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Here's the AdwCleaner log:

Attached File  AdwCleanerS2.txt   18.99KB   175 downloads
  • 0

#14
Essexboy
Posted 14 May 2013 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking good there, just the file system to remove now with TDSSKiller as per my previous post... Once that has run Avast should shut up :) Although it may alert as the files are being moved
  • 0

#15
Goggleplex-Googleplex
Posted 14 May 2013 - 02:09 PM

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
I wasn't sure whether you wanted the report or not... so I posted it just in case. :)


16:03:45.0421 1780 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:03:45.0734 1780 ============================================================
16:03:45.0734 1780 Current date / time: 2013/05/14 16:03:45.0734
16:03:45.0734 1780 SystemInfo:
16:03:45.0734 1780
16:03:45.0734 1780 OS Version: 5.1.2600 ServicePack: 3.0
16:03:45.0734 1780 Product type: Workstation
16:03:45.0734 1780 ComputerName: LIFEBOOK
16:03:45.0734 1780 UserName: jonaGOOK
16:03:45.0734 1780 Windows directory: C:\WINDOWS
16:03:45.0734 1780 System windows directory: C:\WINDOWS
16:03:45.0734 1780 Processor architecture: Intel x86
16:03:45.0734 1780 Number of processors: 2
16:03:45.0734 1780 Page size: 0x1000
16:03:45.0734 1780 Boot type: Normal boot
16:03:45.0734 1780 ============================================================
16:03:46.0562 1780 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:03:46.0562 1780 ============================================================
16:03:46.0562 1780 \Device\Harddisk0\DR0:
16:03:46.0562 1780 MBR partitions:
16:03:46.0562 1780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x128072BB
16:03:46.0562 1780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x128072FA, BlocksNum 0x2117C7
16:03:46.0562 1780 ============================================================
16:03:46.0609 1780 C: <-> \Device\Harddisk0\DR0\Partition1
16:03:46.0640 1780 D: <-> \Device\Harddisk0\DR0\Partition2
16:03:46.0640 1780 ============================================================
16:03:46.0640 1780 Initialize success
16:03:46.0640 1780 ============================================================
16:04:28.0781 3248 ============================================================
16:04:28.0781 3248 Scan started
16:04:28.0781 3248 Mode: Manual; SigCheck; TDLFS;
16:04:28.0781 3248 ============================================================
16:04:30.0796 3248 ================ Scan system memory ========================
16:04:30.0796 3248 System memory - ok
16:04:30.0812 3248 ================ Scan services =============================
16:04:31.0562 3248 Abiosdsk - ok
16:04:31.0562 3248 abp480n5 - ok
16:04:31.0656 3248 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:36.0093 3248 ACPI - ok
16:04:36.0125 3248 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:04:36.0296 3248 ACPIEC - ok
16:04:36.0406 3248 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:36.0437 3248 AdobeFlashPlayerUpdateSvc - ok
16:04:36.0437 3248 adpu160m - ok
16:04:36.0468 3248 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:04:36.0609 3248 aec - ok
16:04:36.0656 3248 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:04:36.0671 3248 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:04:36.0671 3248 AegisP - detected UnsignedFile.Multi.Generic (1)
16:04:36.0734 3248 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:04:36.0765 3248 AFD - ok
16:04:36.0859 3248 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:04:37.0031 3248 AgereSoftModem - ok
16:04:37.0046 3248 Aha154x - ok
16:04:37.0046 3248 aic78u2 - ok
16:04:37.0062 3248 aic78xx - ok
16:04:37.0125 3248 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:04:37.0328 3248 Alerter - ok
16:04:37.0359 3248 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:04:37.0484 3248 ALG - ok
16:04:37.0484 3248 AliIde - ok
16:04:37.0500 3248 amsint - ok
16:04:37.0546 3248 AOL ACS - ok
16:04:37.0593 3248 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:04:37.0718 3248 AppMgmt - ok
16:04:37.0765 3248 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:04:37.0875 3248 Arp1394 - ok
16:04:37.0890 3248 asc - ok
16:04:37.0890 3248 asc3350p - ok
16:04:37.0906 3248 asc3550 - ok
16:04:38.0046 3248 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:04:38.0062 3248 aspnet_state - ok
16:04:38.0093 3248 [ 5B3562D243AE2BB76858867DCA43038D ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:04:38.0218 3248 aswFsBlk - ok
16:04:38.0234 3248 [ 1A4EABEE6A4809EDA17F7593E211B402 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:04:38.0250 3248 aswMonFlt - ok
16:04:38.0296 3248 [ 18DFC0A71F2C7AA13B2F18316AE208BB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
16:04:38.0296 3248 aswRdr - ok
16:04:38.0312 3248 [ F9647D0C5871245F60AD743B0A10D1F1 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:04:38.0328 3248 aswRvrt - ok
16:04:38.0359 3248 [ 2A8E206C73D6C0AA795DF8299808AB26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:04:38.0453 3248 aswSnx - ok
16:04:38.0500 3248 [ F0D5770AE7F46387AE17FF9EBB287AAC ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:04:38.0531 3248 aswSP - ok
16:04:38.0562 3248 [ C75DDAE1FDD93A6C9A53DE175DC51225 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:04:38.0593 3248 aswTdi - ok
16:04:38.0593 3248 [ 1DCB866DDD43751164AFC01EC2C086CB ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:04:38.0625 3248 aswVmm - ok
16:04:38.0640 3248 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:38.0843 3248 AsyncMac - ok
16:04:38.0843 3248 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:38.0984 3248 atapi - ok
16:04:39.0000 3248 Atdisk - ok
16:04:39.0046 3248 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:39.0171 3248 Atmarpc - ok
16:04:39.0218 3248 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:04:39.0328 3248 AudioSrv - ok
16:04:39.0375 3248 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:39.0500 3248 audstub - ok
16:04:39.0593 3248 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:04:39.0609 3248 avast! Antivirus - ok
16:04:39.0656 3248 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:04:39.0796 3248 Beep - ok
16:04:39.0828 3248 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:04:40.0000 3248 BITS - ok
16:04:40.0046 3248 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:04:40.0203 3248 Browser - ok
16:04:40.0250 3248 [ C84E0365E1B1D1F96EBDF3B403DE5FEB ] BtnHnd C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
16:04:40.0265 3248 BtnHnd ( UnsignedFile.Multi.Generic ) - warning
16:04:40.0265 3248 BtnHnd - detected UnsignedFile.Multi.Generic (1)
16:04:40.0328 3248 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:04:40.0484 3248 cbidf2k - ok
16:04:40.0484 3248 cd20xrnt - ok
16:04:40.0546 3248 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:04:40.0687 3248 Cdaudio - ok
16:04:40.0765 3248 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:04:40.0921 3248 Cdfs - ok
16:04:40.0953 3248 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:04:41.0078 3248 Cdrom - ok
16:04:41.0078 3248 Changer - ok
16:04:41.0109 3248 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:04:41.0234 3248 CiSvc - ok
16:04:41.0265 3248 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:04:41.0375 3248 ClipSrv - ok
16:04:41.0406 3248 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:04:41.0421 3248 clr_optimization_v2.0.50727_32 - ok
16:04:41.0421 3248 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:04:41.0546 3248 CmBatt - ok
16:04:41.0562 3248 CmdIde - ok
16:04:41.0562 3248 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:04:41.0703 3248 Compbatt - ok
16:04:41.0703 3248 COMSysApp - ok
16:04:41.0718 3248 Cpqarray - ok
16:04:41.0750 3248 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:04:41.0875 3248 CryptSvc - ok
16:04:41.0890 3248 dac2w2k - ok
16:04:41.0890 3248 dac960nt - ok
16:04:41.0953 3248 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:04:42.0109 3248 DcomLaunch - ok
16:04:42.0171 3248 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:04:42.0296 3248 Dhcp - ok
16:04:42.0328 3248 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:04:42.0453 3248 Disk - ok
16:04:42.0453 3248 dmadmin - ok
16:04:42.0515 3248 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:04:42.0718 3248 dmboot - ok
16:04:42.0718 3248 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:04:42.0890 3248 dmio - ok
16:04:42.0921 3248 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:04:43.0062 3248 dmload - ok
16:04:43.0125 3248 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:04:43.0265 3248 dmserver - ok
16:04:43.0281 3248 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:04:43.0437 3248 DMusic - ok
16:04:43.0453 3248 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:04:43.0562 3248 Dnscache - ok
16:04:43.0609 3248 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:04:43.0750 3248 Dot3svc - ok
16:04:43.0750 3248 dpti2o - ok
16:04:43.0781 3248 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:04:43.0906 3248 drmkaud - ok
16:04:43.0953 3248 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:04:44.0078 3248 EapHost - ok
16:04:44.0093 3248 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:04:44.0234 3248 ERSvc - ok
16:04:44.0281 3248 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:04:44.0343 3248 Eventlog - ok
16:04:44.0390 3248 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:04:44.0453 3248 EventSystem - ok
16:04:44.0546 3248 [ F96E450937BAD69FE4804D46829AA5C7 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
16:04:44.0578 3248 EvtEng ( UnsignedFile.Multi.Generic ) - warning
16:04:44.0578 3248 EvtEng - detected UnsignedFile.Multi.Generic (1)
16:04:44.0593 3248 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:04:44.0734 3248 Fastfat - ok
16:04:44.0781 3248 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:04:44.0953 3248 FastUserSwitchingCompatibility - ok
16:04:45.0015 3248 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:04:45.0234 3248 Fax - ok
16:04:45.0281 3248 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:04:45.0390 3248 Fdc - ok
16:04:45.0453 3248 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:04:45.0578 3248 Fips - ok
16:04:45.0609 3248 [ A6F7D4C2542B0F7FBC3FBF68FEE8C856 ] FJGPNV C:\WINDOWS\system32\drivers\FJGPNV.SYS
16:04:45.0625 3248 FJGPNV ( UnsignedFile.Multi.Generic ) - warning
16:04:45.0625 3248 FJGPNV - detected UnsignedFile.Multi.Generic (1)
16:04:45.0671 3248 [ 671FA8A69B6B7F72071BC91F4B0CE8EA ] FlashDrv C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys
16:04:45.0687 3248 FlashDrv ( UnsignedFile.Multi.Generic ) - warning
16:04:45.0687 3248 FlashDrv - detected UnsignedFile.Multi.Generic (1)
16:04:45.0703 3248 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:04:45.0828 3248 Flpydisk - ok
16:04:45.0875 3248 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:04:46.0015 3248 FltMgr - ok
16:04:46.0031 3248 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:04:46.0171 3248 Fs_Rec - ok
16:04:46.0187 3248 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:04:46.0328 3248 Ftdisk - ok
16:04:46.0343 3248 [ 00845DCD64FE6348DDF7890C310C17B9 ] FUJ02B1 C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
16:04:46.0375 3248 FUJ02B1 - ok
16:04:46.0390 3248 [ C4942669FDE5ABD7BBE70027C9DE1247 ] FUJ02E1 C:\WINDOWS\system32\Drivers\FUJ02E1.sys
16:04:46.0421 3248 FUJ02E1 - ok
16:04:46.0437 3248 [ EF9F310F86FD504AFCDCEDF8280091FB ] FUJ02E3 C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
16:04:46.0468 3248 FUJ02E3 - ok
16:04:46.0515 3248 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:04:46.0625 3248 Gpc - ok
16:04:46.0703 3248 gupdate - ok
16:04:46.0703 3248 gupdatem - ok
16:04:46.0734 3248 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:04:46.0859 3248 HDAudBus - ok
16:04:46.0937 3248 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:04:47.0062 3248 helpsvc - ok
16:04:47.0078 3248 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:04:47.0203 3248 HidServ - ok
16:04:47.0234 3248 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:04:47.0343 3248 HidUsb - ok
16:04:47.0421 3248 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:04:47.0562 3248 hkmsvc - ok
16:04:47.0562 3248 hpn - ok
16:04:47.0625 3248 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:04:47.0671 3248 HTTP - ok
16:04:47.0687 3248 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:04:47.0812 3248 HTTPFilter - ok
16:04:47.0828 3248 i2omgmt - ok
16:04:47.0828 3248 i2omp - ok
16:04:47.0875 3248 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:04:48.0000 3248 i8042prt - ok
16:04:48.0109 3248 [ 81EFE1C5542AFB2570758F39AE3B1151 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:04:48.0265 3248 ialm - ok
16:04:48.0328 3248 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:04:48.0453 3248 iaStor - ok
16:04:48.0468 3248 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:04:48.0609 3248 Imapi - ok
16:04:48.0656 3248 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:04:48.0828 3248 ImapiService - ok
16:04:48.0828 3248 ini910u - ok
16:04:49.0031 3248 [ 71AE838A88B07268D732F596FC17CED5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:04:49.0437 3248 IntcAzAudAddService - ok
16:04:49.0437 3248 IntelIde - ok
16:04:49.0500 3248 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:04:49.0609 3248 intelppm - ok
16:04:49.0640 3248 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:04:49.0765 3248 Ip6Fw - ok
16:04:49.0812 3248 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:04:49.0937 3248 IpFilterDriver - ok
16:04:49.0968 3248 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:04:50.0093 3248 IpInIp - ok
16:04:50.0125 3248 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:04:50.0250 3248 IpNat - ok
16:04:50.0265 3248 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:04:50.0375 3248 IPSec - ok
16:04:50.0406 3248 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:04:50.0515 3248 irda - ok
16:04:50.0531 3248 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:04:50.0671 3248 IRENUM - ok
16:04:50.0734 3248 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:04:50.0859 3248 Irmon - ok
16:04:50.0921 3248 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:04:51.0046 3248 isapnp - ok
16:04:51.0171 3248 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:04:51.0187 3248 JavaQuickStarterService - ok
16:04:51.0218 3248 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:04:51.0328 3248 Kbdclass - ok
16:04:51.0375 3248 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:04:51.0484 3248 kmixer - ok
16:04:51.0515 3248 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:04:51.0578 3248 KSecDD - ok
16:04:51.0625 3248 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:04:51.0750 3248 lanmanserver - ok
16:04:51.0796 3248 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:04:51.0828 3248 lanmanworkstation - ok
16:04:51.0843 3248 lbrtfdc - ok
16:04:51.0859 3248 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:04:51.0984 3248 LmHosts - ok
16:04:52.0000 3248 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:04:52.0125 3248 Messenger - ok
16:04:52.0171 3248 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:04:52.0296 3248 mnmdd - ok
16:04:52.0343 3248 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:04:52.0453 3248 mnmsrvc - ok
16:04:52.0500 3248 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:04:52.0609 3248 Modem - ok
16:04:52.0656 3248 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:04:52.0765 3248 Mouclass - ok
16:04:52.0765 3248 [ 1E48D6DC8987367F2F8EA004798147AF ] mouclassfiltr C:\WINDOWS\system32\DRIVERS\mouclassfiltr.sys
16:04:52.0812 3248 mouclassfiltr ( UnsignedFile.Multi.Generic ) - warning
16:04:52.0812 3248 mouclassfiltr - detected UnsignedFile.Multi.Generic (1)
16:04:52.0859 3248 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:04:52.0984 3248 mouhid - ok
16:04:53.0015 3248 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:04:53.0140 3248 MountMgr - ok
16:04:53.0140 3248 mraid35x - ok
16:04:53.0156 3248 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:04:53.0296 3248 MRxDAV - ok
16:04:53.0343 3248 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:04:53.0453 3248 MRxSmb - ok
16:04:53.0453 3248 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:04:53.0609 3248 Msfs - ok
16:04:53.0609 3248 MSIServer - ok
16:04:53.0640 3248 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:04:53.0750 3248 MSKSSRV - ok
16:04:53.0765 3248 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:04:53.0890 3248 MSPCLOCK - ok
16:04:53.0906 3248 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:04:54.0093 3248 MSPQM - ok
16:04:54.0125 3248 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:04:54.0250 3248 mssmbios - ok
16:04:54.0296 3248 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:04:54.0406 3248 Mup - ok
16:04:54.0453 3248 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:04:54.0609 3248 napagent - ok
16:04:54.0625 3248 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:04:54.0750 3248 NDIS - ok
16:04:54.0765 3248 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:04:54.0875 3248 NdisTapi - ok
16:04:54.0890 3248 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:04:55.0000 3248 Ndisuio - ok
16:04:55.0015 3248 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:04:55.0125 3248 NdisWan - ok
16:04:55.0140 3248 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:04:55.0187 3248 NDProxy - ok
16:04:55.0203 3248 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:04:55.0328 3248 NetBIOS - ok
16:04:55.0359 3248 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:04:55.0484 3248 NetBT - ok
16:04:55.0531 3248 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:04:55.0656 3248 NetDDE - ok
16:04:55.0671 3248 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:04:55.0781 3248 NetDDEdsdm - ok
16:04:55.0812 3248 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:04:55.0937 3248 Netlogon - ok
16:04:55.0968 3248 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:04:56.0093 3248 Netman - ok
16:04:56.0125 3248 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:04:56.0250 3248 NIC1394 - ok
16:04:56.0312 3248 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
16:04:56.0390 3248 Nla - ok
16:04:56.0406 3248 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:04:56.0531 3248 Npfs - ok
16:04:56.0562 3248 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:04:56.0734 3248 Ntfs - ok
16:04:56.0765 3248 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:04:56.0890 3248 NtLmSsp - ok
16:04:56.0953 3248 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:04:57.0140 3248 NtmsSvc - ok
16:04:57.0187 3248 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:04:57.0343 3248 Null - ok
16:04:57.0390 3248 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:04:57.0531 3248 NwlnkFlt - ok
16:04:57.0546 3248 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:04:57.0671 3248 NwlnkFwd - ok
16:04:57.0718 3248 odserv - ok
16:04:57.0765 3248 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:04:57.0890 3248 ohci1394 - ok
16:04:57.0906 3248 ose - ok
16:04:57.0921 3248 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:04:58.0046 3248 Parport - ok
16:04:58.0062 3248 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:04:58.0171 3248 PartMgr - ok
16:04:58.0234 3248 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:04:58.0343 3248 ParVdm - ok
16:04:58.0343 3248 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:04:58.0468 3248 PCI - ok
16:04:58.0468 3248 PCIDump - ok
16:04:58.0500 3248 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:04:58.0609 3248 PCIIde - ok
16:04:58.0625 3248 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:04:58.0734 3248 Pcmcia - ok
16:04:58.0734 3248 PDCOMP - ok
16:04:58.0734 3248 PDFRAME - ok
16:04:58.0750 3248 PDRELI - ok
16:04:58.0750 3248 PDRFRAME - ok
16:04:58.0765 3248 perc2 - ok
16:04:58.0765 3248 perc2hib - ok
16:04:58.0843 3248 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:04:58.0906 3248 PlugPlay - ok
16:04:58.0906 3248 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:04:59.0015 3248 PolicyAgent - ok
16:04:59.0046 3248 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:04:59.0156 3248 PptpMiniport - ok
16:04:59.0171 3248 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:04:59.0281 3248 ProtectedStorage - ok
16:04:59.0281 3248 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:04:59.0406 3248 PSched - ok
16:04:59.0421 3248 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:04:59.0562 3248 Ptilink - ok
16:04:59.0609 3248 [ F91D5CBFC43E61D80C347B2EA1ECC9E7 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:04:59.0625 3248 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:04:59.0625 3248 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:04:59.0640 3248 ql1080 - ok
16:04:59.0640 3248 Ql10wnt - ok
16:04:59.0656 3248 ql12160 - ok
16:04:59.0656 3248 ql1240 - ok
16:04:59.0671 3248 ql1280 - ok
16:04:59.0718 3248 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:04:59.0828 3248 RasAcd - ok
16:04:59.0875 3248 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:04:59.0984 3248 RasAuto - ok
16:05:00.0031 3248 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:05:00.0093 3248 Rasirda - ok
16:05:00.0093 3248 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:00.0203 3248 Rasl2tp - ok
16:05:00.0250 3248 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:00.0375 3248 RasMan - ok
16:05:00.0390 3248 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:00.0500 3248 RasPppoe - ok
16:05:00.0531 3248 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:00.0671 3248 Raspti - ok
16:05:00.0703 3248 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:00.0828 3248 Rdbss - ok
16:05:00.0843 3248 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:00.0984 3248 RDPCDD - ok
16:05:01.0015 3248 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:01.0140 3248 rdpdr - ok
16:05:01.0187 3248 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:01.0312 3248 RDPWD - ok
16:05:01.0343 3248 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:01.0468 3248 RDSessMgr - ok
16:05:01.0484 3248 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:01.0593 3248 redbook - ok
16:05:01.0656 3248 [ 6210679582240D54CC7FCC6278CA8B04 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
16:05:01.0671 3248 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
16:05:01.0671 3248 RegSrvc - detected UnsignedFile.Multi.Generic (1)
16:05:01.0703 3248 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:01.0843 3248 RemoteAccess - ok
16:05:01.0875 3248 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:05:02.0031 3248 RemoteRegistry - ok
16:05:02.0078 3248 [ 881EAC7D2000E19F109298BAECCE2499 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
16:05:02.0093 3248 risdptsk - ok
16:05:02.0125 3248 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:05:02.0281 3248 RpcLocator - ok
16:05:02.0312 3248 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:05:02.0437 3248 RpcSs - ok
16:05:02.0484 3248 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:05:02.0640 3248 RSVP - ok
16:05:02.0703 3248 [ 99647323602BE0E77A9737E6EADA65BA ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
16:05:02.0796 3248 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
16:05:02.0796 3248 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
16:05:02.0812 3248 [ 2C0E9E777AB1849B43494626C1F308B5 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:05:02.0828 3248 s24trans ( UnsignedFile.Multi.Generic ) - warning
16:05:02.0828 3248 s24trans - detected UnsignedFile.Multi.Generic (1)
16:05:02.0859 3248 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:02.0984 3248 SamSs - ok
16:05:03.0015 3248 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:03.0187 3248 SCardSvr - ok
16:05:03.0234 3248 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:03.0406 3248 Schedule - ok
16:05:03.0421 3248 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:05:03.0562 3248 sdbus - ok
16:05:03.0671 3248 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:05:03.0703 3248 SeaPort - ok
16:05:03.0718 3248 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:03.0843 3248 Secdrv - ok
16:05:03.0875 3248 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:04.0000 3248 seclogon - ok
16:05:04.0000 3248 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:05:04.0140 3248 SENS - ok
16:05:04.0156 3248 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:04.0281 3248 serenum - ok
16:05:04.0296 3248 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:04.0421 3248 Serial - ok
16:05:04.0453 3248 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:05:04.0578 3248 Sfloppy - ok
16:05:04.0640 3248 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:05:04.0765 3248 SharedAccess - ok
16:05:04.0796 3248 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:04.0921 3248 ShellHWDetection - ok
16:05:04.0937 3248 Simbad - ok
16:05:04.0953 3248 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
16:05:05.0046 3248 SMCIRDA - ok
16:05:05.0046 3248 Sparrow - ok
16:05:05.0109 3248 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:05.0218 3248 splitter - ok
16:05:05.0265 3248 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:05:05.0390 3248 Spooler - ok
16:05:05.0437 3248 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:05.0562 3248 sr - ok
16:05:05.0593 3248 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:05:05.0750 3248 srservice - ok
16:05:05.0796 3248 [ DA852E3E0BF1CEA75D756F9866241E57 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:05.0890 3248 Srv - ok
16:05:05.0921 3248 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:06.0078 3248 SSDPSRV - ok
16:05:06.0140 3248 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:06.0375 3248 stisvc - ok
16:05:06.0453 3248 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:06.0625 3248 swenum - ok
16:05:06.0656 3248 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:06.0781 3248 swmidi - ok
16:05:06.0781 3248 SwPrv - ok
16:05:06.0796 3248 symc810 - ok
16:05:06.0796 3248 symc8xx - ok
16:05:06.0843 3248 SYMIDSCO - ok
16:05:06.0843 3248 sym_hi - ok
16:05:06.0890 3248 sym_u3 - ok
16:05:06.0937 3248 [ F8393BDFB6726A0F97DD23AA54F3087D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:05:06.0968 3248 SynTP - ok
16:05:06.0984 3248 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:07.0109 3248 sysaudio - ok
16:05:07.0156 3248 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:07.0265 3248 SysmonLog - ok
16:05:07.0296 3248 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:07.0484 3248 TapiSrv - ok
16:05:07.0546 3248 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:07.0609 3248 Tcpip - ok
16:05:07.0656 3248 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:07.0796 3248 TDPIPE - ok
16:05:07.0828 3248 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:07.0984 3248 TDTCP - ok
16:05:08.0031 3248 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:08.0171 3248 TermDD - ok
16:05:08.0203 3248 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:08.0375 3248 TermService - ok
16:05:08.0406 3248 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:08.0515 3248 Themes - ok
16:05:08.0562 3248 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:05:08.0687 3248 TlntSvr - ok
16:05:08.0734 3248 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\WINDOWS\system32\drivers\Toshidpt.sys
16:05:08.0734 3248 toshidpt ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0734 3248 toshidpt - detected UnsignedFile.Multi.Generic (1)
16:05:08.0734 3248 TosIde - ok
16:05:08.0765 3248 [ D626E0AF9232D8799D3A449530F3C220 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
16:05:08.0781 3248 tosporte ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0781 3248 tosporte - detected UnsignedFile.Multi.Generic (1)
16:05:08.0796 3248 [ 0EC5206059D97A8DC785BE73FB457EC7 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
16:05:08.0812 3248 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0812 3248 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
16:05:08.0828 3248 [ 33498B8F0B2CA549C2B7FFC1B3C0F1BC ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
16:05:08.0875 3248 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0875 3248 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
16:05:08.0890 3248 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
16:05:08.0921 3248 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0921 3248 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
16:05:08.0921 3248 [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
16:05:08.0953 3248 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0953 3248 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
16:05:08.0968 3248 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
16:05:08.0984 3248 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
16:05:08.0984 3248 tosrfnds - detected UnsignedFile.Multi.Generic (1)
16:05:09.0000 3248 [ 0D86D15CAFF2B3203C785D604EC7C942 ] TosRfSnd C:\WINDOWS\system32\drivers\TosRfSnd.sys
16:05:09.0015 3248 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
16:05:09.0015 3248 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
16:05:09.0015 3248 [ D870FD6CE9060B73289F47E88630EE0E ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
16:05:09.0046 3248 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
16:05:09.0046 3248 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
16:05:09.0093 3248 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:09.0250 3248 TrkWks - ok
16:05:09.0281 3248 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:09.0468 3248 Udfs - ok
16:05:09.0468 3248 ultra - ok
16:05:09.0515 3248 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
16:05:09.0562 3248 UMWdf - ok
16:05:09.0609 3248 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:09.0781 3248 Update - ok
16:05:09.0796 3248 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:09.0937 3248 upnphost - ok
16:05:09.0953 3248 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:05:10.0078 3248 UPS - ok
16:05:10.0109 3248 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:10.0234 3248 usbaudio - ok
16:05:10.0265 3248 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:10.0390 3248 usbccgp - ok
16:05:10.0406 3248 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:10.0515 3248 usbehci - ok
16:05:10.0546 3248 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:10.0656 3248 usbhub - ok
16:05:10.0671 3248 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:10.0781 3248 usbstor - ok
16:05:10.0812 3248 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:10.0921 3248 usbuhci - ok
16:05:10.0921 3248 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:11.0031 3248 VgaSave - ok
16:05:11.0031 3248 ViaIde - ok
16:05:11.0062 3248 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:11.0187 3248 VolSnap - ok
16:05:11.0234 3248 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:11.0390 3248 VSS - ok
16:05:11.0406 3248 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:05:11.0546 3248 W32Time - ok
16:05:11.0640 3248 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
16:05:11.0765 3248 w39n51 - ok
16:05:11.0781 3248 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:11.0906 3248 Wanarp - ok
16:05:11.0906 3248 wanatw - ok
16:05:11.0953 3248 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:05:11.0984 3248 Wdf01000 - ok
16:05:12.0000 3248 WDICA - ok
16:05:12.0031 3248 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:12.0171 3248 wdmaud - ok
16:05:12.0218 3248 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:12.0375 3248 WebClient - ok
16:05:12.0468 3248 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:12.0609 3248 winmgmt - ok
16:05:12.0734 3248 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:05:12.0828 3248 wlidsvc - ok
16:05:12.0890 3248 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:12.0953 3248 WmdmPmSN - ok
16:05:13.0015 3248 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:05:13.0156 3248 Wmi - ok
16:05:13.0218 3248 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:05:13.0390 3248 WmiApSrv - ok
16:05:13.0484 3248 [ 7C3E208B0A5F13A31D9728F9AC190AEB ] WplServ C:\Program Files\Words+, Inc\EZ KeysXP\WplServ.exe
16:05:13.0500 3248 WplServ ( UnsignedFile.Multi.Generic ) - warning
16:05:13.0500 3248 WplServ - detected UnsignedFile.Multi.Generic (1)
16:05:13.0546 3248 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:05:13.0671 3248 wscsvc - ok
16:05:13.0687 3248 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:05:13.0812 3248 wuauserv - ok
16:05:13.0875 3248 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:14.0015 3248 WZCSVC - ok
16:05:14.0046 3248 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:14.0187 3248 xmlprov - ok
16:05:14.0250 3248 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:05:14.0296 3248 YahooAUService - ok
16:05:14.0359 3248 [ 70DEAE7DF954AF41B49FA492C01E3A2A ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:05:14.0406 3248 yukonwxp - ok
16:05:14.0421 3248 ================ Scan global ===============================
16:05:14.0468 3248 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:05:14.0531 3248 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:05:14.0593 3248 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:05:14.0625 3248 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:05:14.0625 3248 [Global] - ok
16:05:14.0625 3248 ================ Scan MBR ==================================
16:05:14.0656 3248 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:05:14.0890 3248 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:05:14.0890 3248 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:05:14.0890 3248 ================ Scan VBR ==================================
16:05:14.0890 3248 [ 5DF222A02216A4EFB8E56F6882CD15B1 ] \Device\Harddisk0\DR0\Partition1
16:05:14.0890 3248 \Device\Harddisk0\DR0\Partition1 - ok
16:05:14.0906 3248 [ AE44F694A89E32F29B822D10133997CD ] \Device\Harddisk0\DR0\Partition2
16:05:14.0906 3248 \Device\Harddisk0\DR0\Partition2 - ok
16:05:14.0906 3248 ============================================================
16:05:14.0906 3248 Scan finished
16:05:14.0921 3248 ============================================================
16:05:15.0046 3044 Detected object count: 21
16:05:15.0046 3044 Actual detected object count: 21
16:06:30.0875 3044 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0875 3044 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0875 3044 BtnHnd ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0875 3044 BtnHnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0906 3044 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0906 3044 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0906 3044 FJGPNV ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0906 3044 FJGPNV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0906 3044 FlashDrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0906 3044 FlashDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0906 3044 mouclassfiltr ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0906 3044 mouclassfiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0906 3044 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0906 3044 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0953 3044 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0953 3044 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0968 3044 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0968 3044 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0968 3044 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0968 3044 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 WplServ ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:30.0968 3044 WplServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:30.0968 3044 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:06:30.0968 3044 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP