Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Downloaded VLC v2 and comp grinds to a holt [Closed]

Started by DragonFromWales , May 21 2012 08:03 AM

This topic is locked

#16
CompCav

Posted 23 May 2012 - 04:34 PM

Member 5k

Expert
12,454 posts

Please post this log from the OTL fix run:
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

and give me an update on how the computer is running!

This is the step:

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
[2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found.
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [] File not found
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe
[2012/04/23 09:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo
[2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo
@Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc


:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

#17
DragonFromWales

Posted 23 May 2012 - 09:36 PM

Member

Topic Starter
Member
97 posts

21:13:11.0781 1268 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:13:11.0968 1268 ============================================================
21:13:11.0968 1268 Current date / time: 2012/05/23 21:13:11.0968
21:13:11.0968 1268 SystemInfo:
21:13:11.0968 1268
21:13:11.0968 1268 OS Version: 5.1.2600 ServicePack: 3.0
21:13:11.0968 1268 Product type: Workstation
21:13:11.0968 1268 ComputerName: PRIF
21:13:11.0968 1268 UserName: Robin
21:13:11.0968 1268 Windows directory: C:\WINDOWS
21:13:11.0968 1268 System windows directory: C:\WINDOWS
21:13:11.0968 1268 Processor architecture: Intel x86
21:13:11.0968 1268 Number of processors: 1
21:13:11.0968 1268 Page size: 0x1000
21:13:11.0968 1268 Boot type: Safe boot with network
21:13:11.0968 1268 ============================================================
21:13:14.0734 1268 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:13:14.0734 1268 ============================================================
21:13:14.0734 1268 \Device\Harddisk0\DR0:
21:13:14.0734 1268 MBR partitions:
21:13:14.0734 1268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4FBFA3
21:13:14.0734 1268 ============================================================
21:13:14.0781 1268 C: <-> \Device\Harddisk0\DR0\Partition0
21:13:14.0796 1268 ============================================================
21:13:14.0796 1268 Initialize success
21:13:14.0796 1268 ============================================================
21:14:51.0359 0720 ============================================================
21:14:51.0359 0720 Scan started
21:14:51.0359 0720 Mode: Manual; SigCheck; TDLFS;
21:14:51.0359 0720 ============================================================
21:14:52.0359 0720 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
21:14:55.0000 0720 61883 - ok
21:14:55.0015 0720 Abiosdsk - ok
21:14:55.0046 0720 abp480n5 - ok
21:14:55.0093 0720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:14:55.0281 0720 ACPI - ok
21:14:55.0328 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:14:55.0515 0720 ACPIEC - ok
21:14:55.0625 0720 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:55.0640 0720 AdobeFlashPlayerUpdateSvc - ok
21:14:55.0671 0720 adpu160m - ok
21:14:55.0718 0720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:14:55.0906 0720 aec - ok
21:14:55.0937 0720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:14:56.0000 0720 AFD - ok
21:14:56.0015 0720 Aha154x - ok
21:14:56.0031 0720 aic78u2 - ok
21:14:56.0062 0720 aic78xx - ok
21:14:56.0156 0720 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:14:56.0312 0720 ALCXWDM - ok
21:14:56.0359 0720 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:14:56.0515 0720 Alerter - ok
21:14:56.0546 0720 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:14:56.0734 0720 ALG - ok
21:14:56.0750 0720 AliIde - ok
21:14:56.0796 0720 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:14:56.0968 0720 AmdK7 - ok
21:14:56.0984 0720 amsint - ok
21:14:57.0031 0720 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:14:57.0218 0720 AppMgmt - ok
21:14:57.0250 0720 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:14:57.0421 0720 Arp1394 - ok
21:14:57.0437 0720 asc - ok
21:14:57.0468 0720 asc3350p - ok
21:14:57.0500 0720 asc3550 - ok
21:14:57.0593 0720 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
21:14:57.0609 0720 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
21:14:57.0609 0720 Aspi32 - detected UnsignedFile.Multi.Generic (1)
21:14:57.0718 0720 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:14:57.0765 0720 aspnet_state - ok
21:14:57.0796 0720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:14:57.0968 0720 AsyncMac - ok
21:14:58.0000 0720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:14:58.0171 0720 atapi - ok
21:14:58.0187 0720 Atdisk - ok
21:14:58.0218 0720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:14:58.0406 0720 Atmarpc - ok
21:14:58.0500 0720 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:14:58.0703 0720 AudioSrv - ok
21:14:58.0734 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:14:58.0937 0720 audstub - ok
21:14:59.0000 0720 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
21:14:59.0156 0720 Avc - ok
21:14:59.0203 0720 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
21:14:59.0437 0720 basic2 - ok
21:14:59.0500 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:14:59.0703 0720 Beep - ok
21:14:59.0750 0720 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:15:00.0140 0720 BITS - ok
21:15:00.0171 0720 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\System32\brsvc01a.exe
21:15:00.0250 0720 Brother XP spl Service - ok
21:15:00.0296 0720 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:15:00.0468 0720 Browser - ok
21:15:00.0515 0720 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
21:15:00.0531 0720 BrPar ( UnsignedFile.Multi.Generic ) - warning
21:15:00.0531 0720 BrPar - detected UnsignedFile.Multi.Generic (1)
21:15:00.0546 0720 bsaspi32 - ok
21:15:00.0578 0720 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:15:00.0765 0720 BthEnum - ok
21:15:00.0796 0720 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:15:00.0968 0720 BthPan - ok
21:15:01.0046 0720 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:15:01.0093 0720 BTHPORT - ok
21:15:01.0125 0720 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
21:15:01.0312 0720 BthServ - ok
21:15:01.0359 0720 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:15:01.0531 0720 BTHUSB - ok
21:15:01.0625 0720 catchme - ok
21:15:01.0687 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:15:01.0921 0720 cbidf2k - ok
21:15:01.0953 0720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:15:02.0125 0720 CCDECODE - ok
21:15:02.0156 0720 cd20xrnt - ok
21:15:02.0218 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:15:02.0453 0720 Cdaudio - ok
21:15:02.0484 0720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:15:02.0656 0720 Cdfs - ok
21:15:02.0703 0720 cdrbsvsd (c1ec76f0af2c4f748eb2c907fb345c48) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
21:15:02.0718 0720 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
21:15:02.0718 0720 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
21:15:02.0750 0720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:15:03.0078 0720 Cdrom - ok
21:15:03.0093 0720 Changer - ok
21:15:03.0125 0720 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:15:03.0265 0720 CiSvc - ok
21:15:03.0281 0720 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:15:03.0453 0720 ClipSrv - ok
21:15:03.0546 0720 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:03.0656 0720 clr_optimization_v2.0.50727_32 - ok
21:15:03.0656 0720 CmdIde - ok
21:15:03.0671 0720 COMSysApp - ok
21:15:03.0703 0720 Cpqarray - ok
21:15:03.0750 0720 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:15:03.0937 0720 CryptSvc - ok
21:15:03.0937 0720 dac2w2k - ok
21:15:03.0953 0720 dac960nt - ok
21:15:04.0000 0720 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
21:15:04.0031 0720 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0031 0720 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
21:15:04.0078 0720 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:15:04.0218 0720 DcomLaunch - ok
21:15:04.0250 0720 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:15:04.0421 0720 Dhcp - ok
21:15:04.0453 0720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:15:04.0609 0720 Disk - ok
21:15:04.0671 0720 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:15:04.0765 0720 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0765 0720 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0796 0720 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:15:04.0812 0720 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0812 0720 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0843 0720 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:15:04.0859 0720 DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0859 0720 DLADResN - detected UnsignedFile.Multi.Generic (1)
21:15:04.0875 0720 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:15:04.0890 0720 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0890 0720 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:15:04.0906 0720 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:15:04.0937 0720 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0937 0720 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0953 0720 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:15:04.0968 0720 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0968 0720 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0984 0720 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:15:05.0015 0720 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0015 0720 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:15:05.0046 0720 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:15:05.0062 0720 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0062 0720 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:15:05.0078 0720 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:15:05.0093 0720 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0093 0720 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:15:05.0109 0720 dmadmin - ok
21:15:05.0171 0720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:15:05.0343 0720 dmboot - ok
21:15:05.0390 0720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:15:05.0562 0720 dmio - ok
21:15:05.0593 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:15:05.0828 0720 dmload - ok
21:15:05.0859 0720 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:15:06.0000 0720 dmserver - ok
21:15:06.0031 0720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:15:06.0203 0720 DMusic - ok
21:15:06.0234 0720 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:15:06.0343 0720 Dnscache - ok
21:15:06.0406 0720 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:15:06.0562 0720 Dot3svc - ok
21:15:06.0578 0720 dpti2o - ok
21:15:06.0609 0720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:15:06.0765 0720 drmkaud - ok
21:15:06.0796 0720 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:15:06.0828 0720 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:15:06.0828 0720 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:15:06.0843 0720 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:15:06.0859 0720 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:15:06.0859 0720 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:15:06.0906 0720 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:15:06.0937 0720 dtscsi - ok
21:15:06.0984 0720 DVD-RAM_Service (77c4901986fc7a83e853b300e80d234b) C:\WINDOWS\System32\DVDRAMSV.exe
21:15:07.0000 0720 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
21:15:07.0000 0720 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
21:15:07.0031 0720 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:15:07.0187 0720 EapHost - ok
21:15:07.0296 0720 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:15:07.0343 0720 eeCtrl - ok
21:15:07.0484 0720 EpsonBidirectionalService (a0fb385b6281d694f8930c2ef85c453e) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
21:15:07.0546 0720 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
21:15:07.0546 0720 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
21:15:07.0578 0720 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:15:07.0750 0720 ERSvc - ok
21:15:07.0781 0720 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:07.0890 0720 Eventlog - ok
21:15:07.0921 0720 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
21:15:07.0984 0720 EventSystem - ok
21:15:08.0046 0720 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
21:15:08.0250 0720 FA312 - ok
21:15:08.0312 0720 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
21:15:08.0531 0720 Fallback - ok
21:15:08.0578 0720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:15:08.0734 0720 Fastfat - ok
21:15:08.0781 0720 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:08.0859 0720 FastUserSwitchingCompatibility - ok
21:15:08.0890 0720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:15:09.0046 0720 Fdc - ok
21:15:09.0062 0720 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:15:09.0281 0720 FETNDIS - ok
21:15:09.0343 0720 FETNDISB (693f6de7a06225ad242ffcacfe70800b) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
21:15:09.0375 0720 FETNDISB - ok
21:15:09.0406 0720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:15:09.0562 0720 Fips - ok
21:15:09.0593 0720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:15:09.0750 0720 Flpydisk - ok
21:15:09.0781 0720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:15:09.0937 0720 FltMgr - ok
21:15:10.0031 0720 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:10.0046 0720 FontCache3.0.0.0 - ok
21:15:10.0093 0720 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
21:15:10.0343 0720 Fsks - ok
21:15:10.0406 0720 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:15:10.0640 0720 FsVga - ok
21:15:10.0671 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:15:10.0921 0720 Fs_Rec - ok
21:15:10.0968 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:15:11.0203 0720 Ftdisk - ok
21:15:11.0234 0720 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:15:11.0250 0720 GEARAspiWDM - ok
21:15:11.0250 0720 GMSIPCI - ok
21:15:11.0265 0720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:15:11.0421 0720 Gpc - ok
21:15:11.0562 0720 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:11.0578 0720 gupdate - ok
21:15:11.0578 0720 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:11.0609 0720 gupdatem - ok
21:15:11.0671 0720 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:15:11.0703 0720 gusvc - ok
21:15:11.0750 0720 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:15:11.0921 0720 helpsvc - ok
21:15:11.0921 0720 HidServ - ok
21:15:11.0953 0720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:15:12.0109 0720 HidUsb - ok
21:15:12.0140 0720 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:15:12.0296 0720 hkmsvc - ok
21:15:12.0312 0720 hpn - ok
21:15:12.0359 0720 HSFHWBS2 (376a3060770e356158e326a0a6983eb0) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:15:12.0390 0720 HSFHWBS2 ( UnsignedFile.Multi.Generic ) - warning
21:15:12.0390 0720 HSFHWBS2 - detected UnsignedFile.Multi.Generic (1)
21:15:12.0468 0720 HSF_DP (78ea911be6dcfb8d9a98a72550ec6c69) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:15:12.0546 0720 HSF_DP ( UnsignedFile.Multi.Generic ) - warning
21:15:12.0546 0720 HSF_DP - detected UnsignedFile.Multi.Generic (1)
21:15:12.0593 0720 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
21:15:12.0859 0720 hsf_msft - ok
21:15:12.0906 0720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:15:12.0953 0720 HTTP - ok
21:15:12.0984 0720 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:15:13.0140 0720 HTTPFilter - ok
21:15:13.0140 0720 i2omgmt - ok
21:15:13.0156 0720 i2omp - ok
21:15:13.0187 0720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:15:13.0359 0720 i8042prt - ok
21:15:13.0515 0720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:15:13.0593 0720 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:15:13.0593 0720 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:15:13.0703 0720 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:13.0812 0720 idsvc - ok
21:15:13.0843 0720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:15:13.0984 0720 Imapi - ok
21:15:14.0031 0720 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:15:14.0203 0720 ImapiService - ok
21:15:14.0218 0720 ini910u - ok
21:15:14.0234 0720 IntelIde - ok
21:15:14.0312 0720 ioloSystemService - ok
21:15:14.0359 0720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:15:14.0531 0720 Ip6Fw - ok
21:15:14.0546 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:15:14.0796 0720 IpFilterDriver - ok
21:15:14.0812 0720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:15:14.0953 0720 IpInIp - ok
21:15:15.0109 0720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:15:15.0281 0720 IpNat - ok
21:15:15.0312 0720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:15:15.0453 0720 IPSec - ok
21:15:15.0484 0720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:15:15.0640 0720 IRENUM - ok
21:15:15.0656 0720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:15:15.0812 0720 isapnp - ok
21:15:15.0906 0720 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:15:15.0937 0720 JavaQuickStarterService - ok
21:15:15.0937 0720 JiaoCap - ok
21:15:16.0000 0720 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
21:15:16.0281 0720 K56 - ok
21:15:16.0312 0720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:15:16.0453 0720 Kbdclass - ok
21:15:16.0500 0720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:15:16.0718 0720 kmixer - ok
21:15:16.0765 0720 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
21:15:16.0796 0720 KMWDFILTER - ok
21:15:16.0843 0720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:15:16.0906 0720 KSecDD - ok
21:15:16.0937 0720 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:15:17.0031 0720 lanmanserver - ok
21:15:17.0078 0720 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:15:17.0125 0720 lanmanworkstation - ok
21:15:17.0140 0720 lbrtfdc - ok
21:15:17.0171 0720 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:15:17.0375 0720 LmHosts - ok
21:15:17.0390 0720 LVUSBSta - ok
21:15:17.0453 0720 MagicTune (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTiCtwl.sys
21:15:17.0468 0720 MagicTune ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0468 0720 MagicTune - detected UnsignedFile.Multi.Generic (1)
21:15:17.0515 0720 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
21:15:17.0531 0720 mcdbus ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0531 0720 mcdbus - detected UnsignedFile.Multi.Generic (1)
21:15:17.0718 0720 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:15:17.0750 0720 MDM - ok
21:15:17.0812 0720 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:15:17.0812 0720 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0812 0720 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
21:15:17.0859 0720 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys
21:15:17.0875 0720 meiudf ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0875 0720 meiudf - detected UnsignedFile.Multi.Generic (1)
21:15:17.0906 0720 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:15:18.0062 0720 Messenger - ok
21:15:18.0109 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:15:18.0328 0720 mnmdd - ok
21:15:18.0359 0720 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:15:18.0515 0720 mnmsrvc - ok
21:15:18.0562 0720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:15:18.0718 0720 Modem - ok
21:15:18.0765 0720 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:15:18.0984 0720 MODEMCSA - ok
21:15:19.0015 0720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:15:19.0156 0720 Mouclass - ok
21:15:19.0187 0720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:15:19.0406 0720 mouhid - ok
21:15:19.0453 0720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:15:19.0609 0720 MountMgr - ok
21:15:19.0640 0720 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:15:19.0671 0720 MozillaMaintenance - ok
21:15:19.0671 0720 mraid35x - ok
21:15:19.0718 0720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:15:19.0875 0720 MRxDAV - ok
21:15:19.0921 0720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:15:20.0031 0720 MRxSmb - ok
21:15:20.0062 0720 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:15:20.0218 0720 MSDTC - ok
21:15:20.0250 0720 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
21:15:20.0390 0720 MSDV - ok
21:15:20.0421 0720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:15:20.0562 0720 Msfs - ok
21:15:20.0578 0720 MSIServer - ok
21:15:20.0593 0720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:15:20.0750 0720 MSKSSRV - ok
21:15:20.0750 0720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:15:20.0906 0720 MSPCLOCK - ok
21:15:20.0906 0720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:15:21.0046 0720 MSPQM - ok
21:15:21.0078 0720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:15:21.0218 0720 mssmbios - ok
21:15:21.0250 0720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:15:21.0390 0720 MSTEE - ok
21:15:21.0468 0720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:15:21.0500 0720 Mup - ok
21:15:21.0531 0720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:15:21.0703 0720 NABTSFEC - ok
21:15:21.0750 0720 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:15:21.0906 0720 napagent - ok
21:15:21.0953 0720 NCPro (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTictwl.sys
21:15:21.0953 0720 NCPro ( UnsignedFile.Multi.Generic ) - warning
21:15:21.0953 0720 NCPro - detected UnsignedFile.Multi.Generic (1)
21:15:21.0984 0720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:15:22.0140 0720 NDIS - ok
21:15:22.0171 0720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:15:22.0312 0720 NdisIP - ok
21:15:22.0343 0720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:15:22.0375 0720 NdisTapi - ok
21:15:22.0406 0720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:15:22.0562 0720 Ndisuio - ok
21:15:22.0609 0720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:15:22.0765 0720 NdisWan - ok
21:15:22.0796 0720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:15:22.0859 0720 NDProxy - ok
21:15:22.0890 0720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:15:23.0031 0720 NetBIOS - ok
21:15:23.0062 0720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:15:23.0218 0720 NetBT - ok
21:15:23.0265 0720 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:23.0406 0720 NetDDE - ok
21:15:23.0406 0720 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:23.0546 0720 NetDDEdsdm - ok
21:15:23.0578 0720 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:23.0734 0720 Netlogon - ok
21:15:23.0765 0720 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:15:23.0921 0720 Netman - ok
21:15:24.0000 0720 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:24.0015 0720 NetTcpPortSharing - ok
21:15:24.0046 0720 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:15:24.0203 0720 NIC1394 - ok
21:15:24.0234 0720 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:15:24.0312 0720 Nla - ok
21:15:24.0343 0720 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:15:24.0515 0720 nmwcd - ok
21:15:24.0578 0720 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:15:24.0656 0720 nmwcdc - ok
21:15:24.0703 0720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:15:24.0859 0720 Npfs - ok
21:15:24.0906 0720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:15:25.0125 0720 Ntfs - ok
21:15:25.0156 0720 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:15:25.0296 0720 NtLmSsp - ok
21:15:25.0343 0720 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:15:25.0546 0720 NtmsSvc - ok
21:15:25.0593 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:15:25.0812 0720 Null - ok
21:15:25.0859 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:15:26.0078 0720 NwlnkFlt - ok
21:15:26.0093 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:15:26.0328 0720 NwlnkFwd - ok
21:15:26.0562 0720 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:15:26.0609 0720 odserv - ok
21:15:26.0656 0720 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:15:26.0796 0720 ohci1394 - ok
21:15:26.0843 0720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:26.0859 0720 ose - ok
21:15:26.0906 0720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:15:27.0046 0720 Parport - ok
21:15:27.0062 0720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:15:27.0203 0720 PartMgr - ok
21:15:27.0250 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:15:27.0484 0720 ParVdm - ok
21:15:27.0515 0720 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:15:27.0578 0720 pccsmcfd - ok
21:15:27.0625 0720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:15:27.0765 0720 PCI - ok
21:15:27.0781 0720 PCIDump - ok
21:15:27.0781 0720 PCIIde - ok
21:15:27.0812 0720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:15:28.0015 0720 Pcmcia - ok
21:15:28.0078 0720 PDCOMP - ok
21:15:28.0093 0720 PDFRAME - ok
21:15:28.0156 0720 PDRELI - ok
21:15:28.0171 0720 PDRFRAME - ok
21:15:28.0187 0720 perc2 - ok
21:15:28.0203 0720 perc2hib - ok
21:15:28.0234 0720 PID_0928 - ok
21:15:28.0265 0720 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:28.0312 0720 PlugPlay - ok
21:15:28.0343 0720 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
21:15:28.0375 0720 Point32 - ok
21:15:28.0421 0720 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:28.0546 0720 PolicyAgent - ok
21:15:28.0578 0720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:15:28.0734 0720 PptpMiniport - ok
21:15:28.0750 0720 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:15:28.0906 0720 Processor - ok
21:15:28.0906 0720 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:29.0046 0720 ProtectedStorage - ok
21:15:29.0062 0720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:15:29.0218 0720 PSched - ok
21:15:29.0250 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:15:29.0468 0720 Ptilink - ok
21:15:29.0546 0720 PVM Service (5cdccdeb28ad6d9004d2d670e8ce3f26) C:\Program Files\RingThree\bin\pvmservice.exe
21:15:29.0609 0720 PVM Service ( UnsignedFile.Multi.Generic ) - warning
21:15:29.0609 0720 PVM Service - detected UnsignedFile.Multi.Generic (1)
21:15:29.0640 0720 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:15:29.0671 0720 PxHelp20 - ok
21:15:29.0671 0720 ql1080 - ok
21:15:29.0687 0720 Ql10wnt - ok
21:15:29.0703 0720 ql12160 - ok
21:15:29.0718 0720 ql1240 - ok
21:15:29.0734 0720 ql1280 - ok
21:15:29.0765 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:15:29.0984 0720 RasAcd - ok
21:15:30.0015 0720 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:15:30.0156 0720 RasAuto - ok
21:15:30.0187 0720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:15:30.0312 0720 Rasl2tp - ok
21:15:30.0359 0720 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:15:30.0531 0720 RasMan - ok
21:15:30.0562 0720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:15:30.0734 0720 RasPppoe - ok
21:15:30.0781 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:15:31.0015 0720 Raspti - ok
21:15:31.0046 0720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:15:31.0187 0720 Rdbss - ok
21:15:31.0218 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:15:31.0437 0720 RDPCDD - ok
21:15:31.0468 0720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:15:31.0625 0720 rdpdr - ok
21:15:31.0671 0720 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:15:32.0687 0720 RDPWD - ok
21:15:34.0703 0720 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:15:34.0859 0720 RDSessMgr - ok
21:15:34.0890 0720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:15:35.0031 0720 redbook - ok
21:15:35.0062 0720 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:15:35.0203 0720 RemoteAccess - ok
21:15:35.0250 0720 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:15:35.0406 0720 RemoteRegistry - ok
21:15:35.0453 0720 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:15:35.0609 0720 RFCOMM - ok
21:15:35.0640 0720 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
21:15:35.0906 0720 Rksample - ok
21:15:35.0953 0720 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
21:15:36.0109 0720 RpcLocator - ok
21:15:36.0156 0720 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:15:36.0265 0720 RpcSs - ok
21:15:36.0312 0720 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
21:15:36.0546 0720 RSVP - ok
21:15:36.0578 0720 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:36.0718 0720 SamSs - ok
21:15:36.0750 0720 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:15:36.0953 0720 SCardSvr - ok
21:15:37.0000 0720 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:15:37.0171 0720 Schedule - ok
21:15:37.0218 0720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:15:37.0375 0720 Secdrv - ok
21:15:37.0406 0720 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:15:37.0578 0720 seclogon - ok
21:15:37.0609 0720 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:15:37.0828 0720 SENS - ok
21:15:37.0859 0720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:15:38.0015 0720 serenum - ok
21:15:38.0046 0720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:15:38.0187 0720 Serial - ok
21:15:38.0328 0720 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:15:38.0390 0720 ServiceLayer - ok
21:15:38.0437 0720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:15:38.0593 0720 Sfloppy - ok
21:15:38.0625 0720 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:15:38.0828 0720 SharedAccess - ok
21:15:38.0859 0720 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:38.0890 0720 ShellHWDetection - ok
21:15:38.0890 0720 Simbad - ok
21:15:38.0921 0720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:15:39.0062 0720 SLIP - ok
21:15:39.0109 0720 SNCT511 (d0646a58b5d1252d9b1d0bfb86bd1c06) C:\WINDOWS\system32\DRIVERS\snct511.sys
21:15:39.0140 0720 SNCT511 ( UnsignedFile.Multi.Generic ) - warning
21:15:39.0140 0720 SNCT511 - detected UnsignedFile.Multi.Generic (1)
21:15:39.0187 0720 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
21:15:39.0437 0720 SoftFax - ok
21:15:39.0500 0720 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:15:39.0718 0720 SONYPVU1 - ok
21:15:39.0734 0720 Sparrow - ok
21:15:39.0765 0720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:15:39.0906 0720 splitter - ok
21:15:39.0953 0720 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:15:40.0000 0720 Spooler - ok
21:15:40.0062 0720 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
21:15:40.0062 0720 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
21:15:40.0078 0720 sptd ( LockedFile.Multi.Generic ) - warning
21:15:40.0078 0720 sptd - detected LockedFile.Multi.Generic (1)
21:15:40.0093 0720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:15:40.0234 0720 sr - ok
21:15:40.0281 0720 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:15:40.0437 0720 srservice - ok
21:15:40.0500 0720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:15:40.0593 0720 Srv - ok
21:15:40.0625 0720 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:15:40.0781 0720 SSDPSRV - ok
21:15:40.0812 0720 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:15:41.0015 0720 stisvc - ok
21:15:41.0062 0720 StreamDispatcher (5e2d5b8d8032fb05f9525a3ccfbb0600) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
21:15:41.0093 0720 StreamDispatcher ( UnsignedFile.Multi.Generic ) - warning
21:15:41.0093 0720 StreamDispatcher - detected UnsignedFile.Multi.Generic (1)
21:15:41.0125 0720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:15:41.0265 0720 streamip - ok
21:15:41.0296 0720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:15:41.0437 0720 swenum - ok
21:15:41.0453 0720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:15:41.0609 0720 swmidi - ok
21:15:41.0625 0720 SwPrv - ok
21:15:41.0640 0720 symc810 - ok
21:15:41.0656 0720 symc8xx - ok
21:15:41.0671 0720 sym_hi - ok
21:15:41.0687 0720 sym_u3 - ok
21:15:41.0718 0720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:15:41.0875 0720 sysaudio - ok
21:15:41.0921 0720 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:15:42.0078 0720 SysmonLog - ok
21:15:42.0109 0720 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:15:42.0265 0720 TapiSrv - ok
21:15:42.0312 0720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:15:42.0437 0720 Tcpip - ok
21:15:42.0484 0720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:15:42.0625 0720 TDPIPE - ok
21:15:42.0640 0720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:15:42.0781 0720 TDTCP - ok
21:15:42.0812 0720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:15:42.0968 0720 TermDD - ok
21:15:43.0000 0720 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:15:43.0171 0720 TermService - ok
21:15:43.0203 0720 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:43.0218 0720 Themes - ok
21:15:43.0265 0720 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
21:15:43.0406 0720 TlntSvr - ok
21:15:43.0484 0720 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
21:15:43.0718 0720 Tones - ok
21:15:43.0734 0720 TosIde - ok
21:15:43.0765 0720 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:15:43.0906 0720 TrkWks - ok
21:15:43.0953 0720 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
21:15:43.0968 0720 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
21:15:43.0968 0720 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
21:15:44.0015 0720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:15:44.0156 0720 Udfs - ok
21:15:44.0171 0720 ultra - ok
21:15:44.0218 0720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:15:44.0421 0720 Update - ok
21:15:44.0484 0720 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:15:44.0671 0720 upnphost - ok
21:15:44.0718 0720 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:15:44.0812 0720 upperdev - ok
21:15:44.0843 0720 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:15:44.0984 0720 UPS - ok
21:15:45.0000 0720 USBAAPL - ok
21:15:45.0046 0720 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:15:45.0187 0720 usbaudio - ok
21:15:45.0218 0720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:15:45.0375 0720 usbccgp - ok
21:15:45.0390 0720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:15:45.0546 0720 usbehci - ok
21:15:45.0578 0720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:15:45.0734 0720 usbhub - ok
21:15:45.0750 0720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:15:45.0906 0720 usbprint - ok
21:15:45.0921 0720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:15:46.0062 0720 usbscan - ok
21:15:46.0078 0720 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:15:46.0234 0720 usbser - ok
21:15:46.0250 0720 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:15:46.0343 0720 UsbserFilt - ok
21:15:46.0375 0720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:15:46.0562 0720 USBSTOR - ok
21:15:46.0593 0720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:15:46.0765 0720 usbuhci - ok
21:15:46.0812 0720 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:15:46.0953 0720 usbvideo - ok
21:15:47.0000 0720 uti2mju5 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti2mju5.sys
21:15:47.0015 0720 uti2mju5 ( UnsignedFile.Multi.Generic ) - warning
21:15:47.0015 0720 uti2mju5 - detected UnsignedFile.Multi.Generic (1)
21:15:47.0078 0720 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
21:15:47.0390 0720 V124 - ok
21:15:47.0406 0720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:15:47.0562 0720 VgaSave - ok
21:15:47.0609 0720 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
21:15:47.0625 0720 viaagp1 - ok
21:15:47.0687 0720 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys
21:15:47.0734 0720 viagfx - ok
21:15:47.0750 0720 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:15:47.0921 0720 ViaIde - ok
21:15:47.0953 0720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:48.0171 0720 VolSnap - ok
21:15:48.0234 0720 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:15:48.0437 0720 VSS - ok
21:15:48.0500 0720 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
21:15:48.0500 0720 vulfnths ( UnsignedFile.Multi.Generic ) - warning
21:15:48.0500 0720 vulfnths - detected UnsignedFile.Multi.Generic (1)
21:15:48.0531 0720 vulfntrs (541447e05eddd1164a5ea925778b209d) C:\WINDOWS\System32\Drivers\vulfntr.sys
21:15:48.0546 0720 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
21:15:48.0546 0720 vulfntrs - detected UnsignedFile.Multi.Generic (1)
21:15:48.0578 0720 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:15:48.0734 0720 W32Time - ok
21:15:48.0765 0720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:48.0921 0720 Wanarp - ok
21:15:48.0968 0720 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:15:49.0015 0720 Wdf01000 - ok
21:15:49.0015 0720 WDICA - ok
21:15:49.0046 0720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:49.0203 0720 wdmaud - ok
21:15:49.0234 0720 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:15:49.0390 0720 WebClient - ok
21:15:49.0468 0720 winachsf (ee6ce0a6b5fda622160dddd8a2ca0032) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:15:49.0546 0720 winachsf ( UnsignedFile.Multi.Generic ) - warning
21:15:49.0546 0720 winachsf - detected UnsignedFile.Multi.Generic (1)
21:15:49.0625 0720 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
21:15:49.0640 0720 WinDefend - ok
21:15:49.0718 0720 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:15:49.0875 0720 winmgmt - ok
21:15:49.0953 0720 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:15:50.0031 0720 WLSetupSvc - ok
21:15:50.0062 0720 WMDM PMSP Service (668056d5c3c11ab7d266819a96b964e8) C:\WINDOWS\system32\MsPMSPSv.exe
21:15:50.0093 0720 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
21:15:50.0093 0720 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
21:15:50.0125 0720 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
21:15:50.0203 0720 WmdmPmSN - ok
21:15:50.0265 0720 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:15:50.0375 0720 Wmi - ok
21:15:50.0421 0720 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:15:50.0593 0720 WmiApSrv - ok
21:15:50.0671 0720 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:15:50.0765 0720 WMPNetworkSvc - ok
21:15:50.0812 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:15:50.0828 0720 WpdUsb - ok
21:15:50.0875 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:15:51.0125 0720 WS2IFSL - ok
21:15:51.0156 0720 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:15:51.0312 0720 wscsvc - ok
21:15:51.0359 0720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:15:51.0515 0720 WSTCODEC - ok
21:15:51.0562 0720 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:15:51.0734 0720 wuauserv - ok
21:15:51.0765 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:15:51.0843 0720 WudfPf - ok
21:15:51.0875 0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:15:51.0906 0720 WudfRd - ok
21:15:51.0937 0720 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:15:51.0968 0720 WudfSvc - ok
21:15:52.0031 0720 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:15:52.0234 0720 WZCSVC - ok
21:15:52.0281 0720 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:15:52.0500 0720 xmlprov - ok
21:15:52.0546 0720 Z302Mic (4ae48a210e3b773462a9939304e788f1) C:\WINDOWS\system32\drivers\UsbMicfilt.sys
21:15:52.0625 0720 Z302Mic - ok
21:15:52.0671 0720 ZSMC302 (3c482e427f0e62a29ac839398831e2bc) C:\WINDOWS\system32\Drivers\usbvm302.sys
21:15:52.0765 0720 ZSMC302 - ok
21:15:53.0093 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:15:56.0187 0720 \Device\Harddisk0\DR0 - ok
21:15:56.0187 0720 Boot (0x1200) (3f36e2be40eeeb770b9d00c7dcad72e3) \Device\Harddisk0\DR0\Partition0
21:15:56.0187 0720 \Device\Harddisk0\DR0\Partition0 - ok
21:15:56.0203 0720 ============================================================
21:15:56.0203 0720 Scan finished
21:15:56.0203 0720 ============================================================
21:15:56.0328 1392 Detected object count: 35
21:15:56.0328 1392 Actual detected object count: 35
04:13:42.0046 1392 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0046 1392 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0062 1392 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0062 1392 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0062 1392 cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0062 1392 cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0078 1392 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0078 1392 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0093 1392 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0093 1392 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0093 1392 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0093 1392 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0109 1392 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0109 1392 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0125 1392 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0125 1392 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0125 1392 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0125 1392 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0140 1392 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0140 1392 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0156 1392 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0156 1392 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0156 1392 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0156 1392 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0171 1392 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0171 1392 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0171 1392 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0171 1392 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0187 1392 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0187 1392 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0203 1392 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0203 1392 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0203 1392 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0203 1392 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0218 1392 HSFHWBS2 ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0218 1392 HSFHWBS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0234 1392 HSF_DP ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0234 1392 HSF_DP ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0234 1392 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0234 1392 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0250 1392 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0250 1392 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0265 1392 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0265 1392 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0265 1392 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0265 1392 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0281 1392 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0281 1392 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0296 1392 NCPro ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0296 1392 NCPro ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0312 1392 PVM Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0312 1392 PVM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0312 1392 SNCT511 ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0312 1392 SNCT511 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0328 1392 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:13:42.0328 1392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
04:13:42.0343 1392 StreamDispatcher ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0343 1392 StreamDispatcher ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0343 1392 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0343 1392 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0359 1392 uti2mju5 ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0359 1392 uti2mju5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0375 1392 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0375 1392 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0375 1392 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0375 1392 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0390 1392 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0390 1392 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:42.0406 1392 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:13:42.0406 1392 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:13:54.0062 1264 Deinitialize success

#18
CompCav

Posted 23 May 2012 - 09:42 PM

Member 5k

Expert
12,454 posts

Thanks for the TDSSKiller log, please run the OTL fix in Post #16.

#19
DragonFromWales

Posted 23 May 2012 - 09:49 PM

Member

Topic Starter
Member
97 posts

OTL

{2nd time - I had to run it twice as I afiled to copy the first attempt. Sorry. Only one text file was produced.)

OTL logfile created on: 24/05/2012 04:45:52 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Robin.PRIF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

991.49 Mb Total Physical Memory | 579.57 Mb Available Physical Memory | 58.45% Memory free
4.88 Gb Paging File | 4.65 Gb Available in Paging File | 95.30% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 37.40 Gb Free Space | 32.66% Space Free | Partition Type: NTFS

Computer Name: PRIF | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/24 04:40:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.PRIF\My Documents\Downloads\OTL(2).exe
PRC - [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/03 20:38:56 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/12/29 01:04:02 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/12/29 01:03:34 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2007/08/18 11:54:30 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2003/04/07 07:35:38 | 000,095,292 | ---- | M] () -- C:\WINDOWS\system32\atrac3.acm
MOD - [2002/08/29 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/04 21:33:54 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 20:39:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/08 02:02:30 | 000,294,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files\RingThree\bin\PvmService.exe -- (PVM Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/11/17 16:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\JiaoCap.sys -- (JiaoCap)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ROBIN~1.PRI\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (bsaspi32)
DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/21 15:02:42 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/23 13:58:21 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2003/10/24 05:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/08 13:54:48 | 000,013,535 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/06/19 08:30:18 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/14 17:16:58 | 001,067,008 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/14 17:16:56 | 000,585,472 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/14 17:16:56 | 000,166,144 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/14 17:16:56 | 000,022,400 | ---- | M] (Conexant Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/11/28 18:33:20 | 000,093,962 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2002/11/13 21:10:52 | 000,234,368 | ---- | M] (Ziontek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snct511.sys -- (SNCT511) PC Camera (6005 CIF)
DRV - [2002/08/29 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/05/14 12:05:08 | 000,022,571 | R--- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.1and1.co.uk/?ref=EasyLogin
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{056272D3-20BF-4AA7-8372-1AE31731960C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNWF_enGB469
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 20:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 07:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/04 17:52:47 | 000,000,000 | ---D | M]

[2012/01/25 15:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Extensions
[2012/05/02 10:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Firefox\Profiles\13x0v4cf.default\extensions
[2012/02/03 00:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 15:23:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/21 13:02:14 | 000,042,737 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN.PRIF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\13X0V4CF.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012/05/03 20:39:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/23 20:46:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [iolo WebUpdate Reboot] File not found
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Robin.PRIF\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.mrw.inter...er/tdserver.cab (TDServer Control)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.v...unknown (Reg Error: Key error.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.c...es/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1203240243193 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124365501312 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.ibm.com/...ad/IbmEgath.cab (IBM Access Support)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comne...login-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} http://webcamnow.com...tiveXWebCam.cab (WebCam Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7934.2904282407 (Reg Error: Key error.)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://195.62.202.14...in/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} http://www.nwales-tr...ivex/camera.cab (Cameractl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abac...abasetup145.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B1AAA1-C5C0-448A-A0F0-4E2DD54F4FF4}: DhcpNameServer = 10.10.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A746E855-84F1-49DE-8FAA-832298807267}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/09 04:54:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 20:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/23 20:23:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/23 20:15:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/23 20:15:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/23 20:15:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/23 20:15:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/23 20:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/23 20:15:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/23 20:15:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/21 14:09:53 | 068,634,224 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 12:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/20 21:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/05/20 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/05/20 10:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Sony Corporation
[2012/05/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\Picture Motion Browser
[2012/05/20 10:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2012/05/20 10:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2012/05/20 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/05/20 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\vlc
[2012/05/11 05:37:08 | 015,935,168 | ---- | C] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Download Manager
[2012/05/10 14:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/05/10 14:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/05/03 20:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/03 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 14:25:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\My Data Sources
[2012/04/27 05:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/04/25 06:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Desktop\Unused Desktop Shortcuts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/23 23:32:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/23 21:07:52 | 000,012,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/23 21:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/23 20:46:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/23 20:23:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/23 20:11:45 | 000,447,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/23 20:11:45 | 000,073,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/23 15:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/05/23 07:17:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/21 13:23:27 | 068,634,224 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 06:47:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/20 10:36:11 | 000,040,424 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/05/20 10:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/20 10:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 09:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 05:26:35 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 05:40:35 | 015,935,168 | ---- | M] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:36:00 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/04/27 11:37:36 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 20:23:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/23 20:23:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/23 20:15:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/23 20:15:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/23 20:15:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/23 20:15:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/23 20:15:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/23 07:17:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/21 06:47:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/04/27 11:37:36 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2012/04/17 08:13:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/19 13:18:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/13 14:12:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2012/02/14 17:49:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/01 17:09:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 19:25:32 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini

========== LOP Check ==========

[2008/05/03 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/05/23 20:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/01/29 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/08/28 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/12/09 20:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/05/23 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/04/04 17:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/04/04 16:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008/05/31 15:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2004/09/23 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\InterTrust
[2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo
[2012/02/13 14:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\OpenOffice.org
[2012/02/13 14:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\PC Suite
[2012/03/09 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Search Settings
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterTrust
[2008/10/23 16:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PC Suite
[2008/11/15 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Search Settings
[2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/01/25 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Canon
[2012/05/10 14:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/01/25 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\CyberScrub
[2012/02/01 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\EPSON
[2012/03/07 01:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\F-Secure
[2012/03/06 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\FileZilla
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\InterTrust
[2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo
[2012/04/04 17:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Nokia
[2012/01/30 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\OpenOffice.org
[2012/01/25 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PC Suite
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PDF Writer
[2012/01/30 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Search Settings
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/05/25 11:22:00 | 000,000,696 | ---- | M] () -- C:\WINDOWS\Tasks\new.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5) >
Invalid Switch: 21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5)

< IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm >
Invalid Switch: spbasic.htm

< IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net >
Invalid Switch: www.boyns.net

< IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm >
Invalid Switch: spbasic.htm

< IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net >
Invalid Switch: www.boyns.net

< IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm >
Invalid Switch: spbasic.htm

< IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net >
Invalid Switch: www.boyns.net

< IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] >

< IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) >

< IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128 >

< FF - prefs.js..extensions.enabledItems: [email protected]:1.0 >

< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

< [2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected] >
Invalid Switch: 03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

< [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll >
Invalid Switch: 10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

< O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found. >

< O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) >

< O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found. >

< O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found >

< O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found >

< O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [] File not found >

< O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites) >

< O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites) >

< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_30)

< O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.5.0_04)

< O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.5.0_06)

< O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_03)

< O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_05)

< O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_07)

< O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_22)

< O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_30)

< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) >
Invalid Switch: ...indows-i586.cab (Java Plug-in 1.6.0_30)

< O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell - "" = AutoRun >

< O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun - "" = Auto&Play >

< O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe >

< [2012/04/23 09:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo >
Invalid Switch: 23 09:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

< [2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint >
Invalid Switch: 20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

< [2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo >
Invalid Switch: 27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo

< [2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo >
Invalid Switch: 19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

< [2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo >
Invalid Switch: 20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo

< [2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo >
Invalid Switch: 04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo

< @Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc >

< >

< >

< :files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< >

< :reg >

< >

< >

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

#20
CompCav

Posted 23 May 2012 - 09:56 PM

Member 5k

Expert
12,454 posts

Read the instructions carefully in Step 3 you must push the Run Fix button not the Run Scan button.

Please go back to Post #16 and carefully read it and run the FIX.

Regards,

CompCav

#21
DragonFromWales

Posted 23 May 2012 - 10:48 PM

Member

Topic Starter
Member
97 posts

Sorry. Not carefull enough.

So I did a Fix, this time. Comp booted up, but a black screen has appeared.

My "good" computer has now caught a bit of a cold too! I've posted a different thread for this here.

Many thanks for your kindness.

#22
CompCav

Posted 23 May 2012 - 10:53 PM

Member 5k

Expert
12,454 posts

So I did a Fix, this time. Comp booted up, but a black screen has appeared.

Can you reboot and see if it boots normal?

#23
DragonFromWales

Posted 23 May 2012 - 11:09 PM

Member

Topic Starter
Member
97 posts

Rebooted, the "Installing Windows" window took 3-4 minutes. A window came up asking me whether I wanted to run OTL, which I did. Then it went into a blue, stripy (Windows type) screen, where it's stuck.

Edited by DragonFromWales, 24 May 2012 - 05:35 AM.

#24
CompCav

Posted 24 May 2012 - 05:37 AM

Member 5k

Expert
12,454 posts

Say no and simply reboot.

#25
CompCav

Posted 24 May 2012 - 08:32 AM

Member 5k

Expert
12,454 posts

I am concerned about the ransomeware on your third computer and so please on this one do this:

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan
Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

#26
DragonFromWales

Posted 24 May 2012 - 01:45 PM

Member

Topic Starter
Member
97 posts

RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Robin [Admin rights]
Mode: Scan -- Date: 05/24/2012 19:20:05

¤¤¤ Bad processes: 1 ¤¤¤
[BLACKLIST] iac25_32.ax -- C:\WINDOWS\system32\iac25_32.ax -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\WLXPGSS.SCR) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX
[FAKED] TPkd.sys : c:\windows\system32\drivers\TPkd.sys --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y120L0 +++++
--- User ---
[MBR] 9150d2fc86516e21202261c45cb8f854
[BSP] 256fde0f055b1077df1ae83c6f4d0cd9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117239 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Robin [Admin rights]
Mode: Remove -- Date: 05/24/2012 20:28:01

¤¤¤ Bad processes: 1 ¤¤¤
[BLACKLIST] iac25_32.ax -- C:\WINDOWS\system32\iac25_32.ax -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\WLXPGSS.SCR) -> REPLACED (c:\windows\system32\logon.scr)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX
[FAKED] TPkd.sys : c:\windows\system32\drivers\TPkd.sys --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y120L0 +++++
--- User ---
[MBR] 9150d2fc86516e21202261c45cb8f854
[BSP] 256fde0f055b1077df1ae83c6f4d0cd9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117239 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Robin [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/24/2012 20:35:55

¤¤¤ Bad processes: 1 ¤¤¤
[BLACKLIST] iac25_32.ax -- C:\WINDOWS\system32\iac25_32.ax -> UNLOADED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 185 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 54 / Fail 0
My documents: Success 2451 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1288 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom1 -- 0x5 --> Skipped
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[W:] \Device\CdRom2 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#27
CompCav

Posted 24 May 2012 - 01:55 PM

Member 5k

Expert
12,454 posts

Do you see the normal desktop now?

#28
DragonFromWales

Posted 24 May 2012 - 02:25 PM

Member

Topic Starter
Member
97 posts

Not yet. The opening screen (Wait while Windows is Loading) took 4 minutes. It went to the Users Icons, but then when I pressed my User Name the screen went blue and wavy, and froze to death!

#29
CompCav

Posted 24 May 2012 - 02:29 PM

Member 5k

Expert
12,454 posts

Try to run this in normal mode but if you cannot boot into Safe Mode and run it.

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.