Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe uses CPU, 12,000 cookies, very slow


  • This topic is locked This topic is locked
29 replies to this topic

#1 oklisa

oklisa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2011 - 05:20 PM

I have a Toshiba laptop running Vista. It started out slow system then found ping.exe was using most of CPU usage. Ran AVG 2012 found 12,000 cookies and Agent_r.ARN and Agent_r.AHN, could not remove files White listed and critical files. Ran mbam and it found a mightypup and removed, but found nothing else.

I have turned off wireless internet connection and will work from desktop until fixed.
Unable to turn on Windows firewall. States Windows firewall service is not running and can not start service.
Tried to do an update, but it just runs. States updating, but nothing is happening.
My Vista system only show backup of files not system. So I tried backing it up 3 times with Paragon Backup & Recovery, but it gets to 83% and staps saying unable to read volume data.

Here are my logs.
Thank you in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Owner at 13:21:10 on 2011-11-30
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\HPSIsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\System32\SAiAdmin.exe
C:\Windows\System32\SAiDownloaderVista.exe
C:\Windows\System32\SAiLicSvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: edcor.com
Trusted Zone: honda.com
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondapqr.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA}
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{B58F0408-F9FE-44FC-9562-A39D345B4AC0} : DhcpNameServer = 192.168.10.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: EYctqiAwfdFS - {58C5B69C-8B75-4B0D-A598-D0B95828FDBF} - wcbrujoxzxnf.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\j3y450fb.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0b5284e2-1bad-4df0-8496-52745af43261%7D&mid=932c936004ba47d1b4c6d1e997721453-13118248f419b164f385124fb27eb6d6ae533923&ds=AVG&v=8.0.0.40&lang=en&pr=pr&d=2011-11-19%2006%3A23%3A01&sap=ku&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\owner\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? winbondcir;Winbond IR Transceiver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? FwLnk;FwLnk Driver
S? hotcore3;hc3ServiceName
S? HP LaserJet Service;HP LaserJet Service
S? HPSIService;HP SI Service
S? RemoveAny;RemoveAny driver
S? SAiAdmin;SAiAdmin
S? SAiDownloaderVista;SAiDownloaderVista
S? SAiLicSvr;SAiLicSvr
S? SentinelKeysServer;Sentinel Keys Server
S? TomTomHOMEService;TomTomHOMEService
.
=============== Created Last 30 ================
.
2011-11-30 17:36:10 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-11-30 17:36:10 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-30 17:33:45 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-30 03:53:19 -------- d-----w- C:\archive_db
2011-11-30 02:13:03 -------- d-----w- c:\programdata\launcher
2011-11-30 02:01:34 57112 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-11-30 02:01:04 40824 ----a-w- c:\windows\system32\drivers\UimBus.sys
2011-11-29 21:55:30 -------- d-----w- c:\users\owner\{3658ed17-1cdb-4bf2-a3f8-d871aef0675f}
2011-11-29 21:54:17 -------- d-----w- c:\program files\Paragon Software
2011-11-29 15:45:41 -------- d-----w- c:\program files\HeavenWard
2011-11-29 14:49:17 -------- d-----w- c:\windows\system32\EventProviders
2011-11-29 14:48:59 -------- d-----w- C:\bee8e92d032911418744f837f85990
2011-11-21 19:04:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 20:53:30 -------- d-sh--w- C:\found.000
2011-11-19 17:50:36 -------- d-----w- c:\users\owner\appdata\roaming\AVG
2011-11-19 12:17:54 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-19 12:08:42 -------- d-----w- c:\programdata\MFAData
2011-11-15 22:54:30 -------- d-----w- c:\program files\SignMax
2011-11-14 14:58:34 15096 ----a-w- c:\windows\system32\drivers\RemoveAny.sys
2011-11-06 03:32:16 -------- d-----w- c:\programdata\IObit
2011-11-06 03:32:14 -------- d-----w- c:\program files\IObit
2011-11-06 02:59:55 -------- d-----w- c:\users\owner\appdata\roaming\DriverCure
2011-11-06 02:59:53 -------- d-----w- c:\users\owner\appdata\roaming\ParetoLogic
2011-11-06 02:59:42 -------- d-----w- c:\program files\ParetoLogic
2011-11-06 02:59:41 -------- d-----w- c:\programdata\ParetoLogic
2011-11-06 02:40:25 -------- d-----w- c:\program files\TomTom International B.V
.
==================== Find3M ====================
.
.
============= FINISH: 13:22:27.02 ===============
Attached File  ark.txt   14.41KB   2 downloadsAttached File  Attach.txt   9.68KB   1 downloads

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 01 December 2011 - 03:38 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Looks like you may be infected with ZeroAccess. Please run these scans for me:

OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 01 December 2011 - 08:36 AM

OTS LOG

OTS logfile created on: 12/1/2011 7:30:52 AM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 71.63 Gb Free Space | 48.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 983.72 Mb Total Space | 964.00 Mb Free Space | 98.00% Space Free | Partition Type: FAT
 
Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/12/01 07:20:52 | 000,646,144 | ---- | M] (OldTimer Tools)
googlecrashhandler.exe -> C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe -> [2011/10/23 18:57:35 | 000,140,952 | ---- | M] (Google Inc.)
tomtomhomeservice.exe -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom)
sailicsvr.exe -> C:\Windows\System32\SAiLicSvr.exe -> [2011/01/29 16:47:05 | 000,086,016 | ---- | M] (SA International)
hpsisvc.exe -> C:\Windows\System32\HPSIsvc.exe -> [2010/04/07 06:57:42 | 000,099,896 | ---- | M] (HP)
psiservice_2.exe -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.)
hplaserjetservice.exe -> C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -> [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP)
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
ping.exe -> C:\Windows\System32\PING.EXE -> [2008/01/18 22:33:20 | 000,015,360 | ---- | M] (Microsoft Corporation)
saidownloadervista.exe -> C:\Windows\System32\SAiDownloaderVista.exe -> [2007/09/11 10:23:40 | 000,077,824 | ---- | M] (TODO: <Company name>)
saiadmin.exe -> C:\Windows\System32\SAiAdmin.exe -> [2007/08/27 13:01:48 | 000,065,536 | ---- | M] (TODO: <Company name>)
tnavisrv.exe -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
toscosrv.exe -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
tosbtsrv.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
swupdtmr.exe -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2007/01/25 18:50:26 | 000,063,096 | ---- | M] ()
cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems)
sntlkeyssrvr.exe -> C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -> [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.)
toddsrv.exe -> C:\Windows\System32\TODDSrv.exe -> [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
crypserv.exe -> C:\Windows\System32\Crypserv.exe -> [2006/02/28 19:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.)
 
[Modules - No Company Name]
rarext.dll -> C:\Program Files\WinRAR\RarExt.dll -> [2007/09/20 17:34:58 | 000,129,024 | ---- | M] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2007/07/28 00:26:30 | 000,159,744 | ---- | M] ()
 
[Win32 Services - Safe List]
(RoxLiveShare9) LiveShare P2P Server 9 [Auto | Stopped] ->  -> File not found
(TomTomHOMEService) TomTomHOMEService [Auto | Running] -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom)
(SAiLicSvr) SAiLicSvr [Auto | Running] -> C:\Windows\System32\SAiLicSvr.exe -> [2011/01/29 16:47:05 | 000,086,016 | ---- | M] (SA International)
(HPSIService) HP SI Service [Auto | Running] -> C:\Windows\System32\HPSIsvc.exe -> [2010/04/07 06:57:42 | 000,099,896 | ---- | M] (HP)
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.)
(HP LaserJet Service) HP LaserJet Service [Auto | Running] -> C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -> [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/06/01 21:06:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(SAiDownloaderVista) SAiDownloaderVista [Auto | Running] -> C:\Windows\System32\SAiDownloaderVista.exe -> [2007/09/11 10:23:40 | 000,077,824 | ---- | M] (TODO: <Company name>)
(SAiAdmin) SAiAdmin [Auto | Running] -> C:\Windows\System32\SAiAdmin.exe -> [2007/08/27 13:01:48 | 000,065,536 | ---- | M] (TODO: <Company name>)
(TNaviSrv) TOSHIBA Navi Support Service [Auto | Running] -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation)
(TosCoSrv) TOSHIBA Power Saver [Auto | Running] -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation)
(Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Auto | Running] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)
(Swupdtmr) Swupdtmr [Auto | Running] -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2007/01/25 18:50:26 | 000,063,096 | ---- | M] ()
(pinger) pinger [Disabled | Stopped] -> C:\Toshiba\IVP\ISM\pinger.exe -> [2007/01/25 18:47:50 | 000,136,816 | ---- | M] ()
(CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems)
(UleadBurningHelper) Ulead Burning Helper [Disabled | Stopped] -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
(SentinelKeysServer) Sentinel Keys Server [Auto | Running] -> C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -> [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.)
(TODDSrv) TOSHIBA Optical Disc Drive Service [Auto | Running] -> C:\Windows\System32\TODDSrv.exe -> [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
(Crypkey License) Crypkey License [Auto | Running] -> C:\Windows\System32\Crypserv.exe -> [2006/02/28 19:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.)
 
[Driver Services - Safe List]
(RemoveAny) RemoveAny driver [Kernel | System | Running] -> C:\Windows\System32\drivers\RemoveAny.sys -> [2011/11/14 08:58:34 | 000,015,096 | ---- | M] (HeavenWard)
(Uim_IM) UIM Drive Backup Image Plugin [Kernel | System | Stopped] -> C:\Windows\System32\drivers\Uim_IM.sys -> [2011/01/21 14:52:18 | 000,381,032 | ---- | M] (Paragon)
(hotcore3) hc3ServiceName [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\hotcore3.sys -> [2011/01/21 14:52:18 | 000,057,112 | ---- | M] (Paragon Software Group)
(UimBus) Universal Image Mounter Controller [Kernel | System | Stopped] -> C:\Windows\System32\drivers\UimBus.sys -> [2011/01/21 14:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2008/02/14 05:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            )
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\i8042prt.sys -> [2008/01/18 20:49:20 | 000,054,784 | ---- | M] ()
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\tos_sps32.sys -> [2007/08/01 15:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2007/07/28 00:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2007/07/14 03:30:00 | 000,742,400 | ---- | M] (Atheros Communications, Inc.)
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ftdibus.sys -> [2007/06/27 07:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.)
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ftser2k.sys -> [2007/06/27 07:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.)
(winbondcir) Winbond IR Transceiver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winbondcir.sys -> [2007/03/28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC)
(KR3NPXP) KR3NPXP [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr3npxp.sys -> [2007/01/03 02:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\FwLnk.sys -> [2006/11/20 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation)
(KR10I) KR10I [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr10i.sys -> [2006/11/09 16:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION)
(KR10N) KR10N [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr10n.sys -> [2006/11/09 16:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION)
(amdide) amdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\amdide.sys -> [2006/11/02 03:49:26 | 000,015,464 | ---- | M] ()
(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\AtiPcie.sys -> [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.)
(tosrfec) Bluetooth ACPI [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfec.sys -> [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation)
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tdcmdpst.sys -> [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.)
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\TVALZ_O.SYS -> [2006/10/05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\pfc.sys -> [2006/05/23 15:00:26 | 000,010,368 | ---- | M] (Padus, Inc.)
(NetworkX) NetworkX [Kernel | System | Running] -> C:\Windows\system32\ckldrv.sys -> [2006/01/09 20:47:27 | 000,031,846 | ---- | M] ()
(Hardlock) Hardlock [Kernel | Auto | Running] -> C:\Windows\System32\drivers\hardlock.sys -> [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(TPkd) TPkd [Kernel | Boot | Stopped] -> C:\Windows\System32\Tpkd.vxd -> [1999/09/15 20:04:44 | 000,041,797 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Search\\"Local Page" -> http://www.Google.com/ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> <local>;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\j3y450fb.default\prefs.js -> 
browser.search.selectedEngine -> "MySpace.com" ->
extensions.enabledItems -> {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 ->
extensions.enabledItems -> moveplayer@movenetworks.com:7 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> toolbar@ask.com:3.13.1.100008 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 ->
keyword.URL -> "http://isearch.avg.com/search?cid=%7B0b5284e2-1bad-4df0-8496-52745af43261%7D&mid=932c936004ba47d1b4c6d1e997721453-13118248f419b164f385124fb27eb6d6ae533923&ds=AVG&v=8.0.0.40&lang=en&pr=pr&d=2011-11-19%2006%3A23%3A01&sap=ku&q=" ->
network.proxy.no_proxies_on -> "*.local" ->
< FireFox Settings [User.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\j3y450fb.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8} -> C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\] -> [2010/03/04 15:24:27 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.24\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/11/28 16:01:45 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/11/19 11:45:31 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Extensions -> [2008/10/16 09:00:42 | 000,000,000 | ---D | M]
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com -> [2008/08/27 17:34:07 | 000,000,000 | ---D | M]
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions -> [2011/11/29 15:20:04 | 000,000,000 | ---D | M]
"ColorfulTabs"   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} -> [2008/10/21 13:09:50 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/15 06:33:17 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/05/29 21:21:37 | 000,000,000 | ---D | M]
DownloadHelper   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2011/03/13 12:22:49 | 000,000,000 | ---D | M]
Web Developer   -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} -> [2008/10/16 09:03:11 | 000,000,000 | ---D | M]
  -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j3y450fb.default\extensions\toolbar@ask.com -> [2011/11/13 10:03:15 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 MySpace.xml -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\j3y450fb.default\searchplugins\MySpace.xml -> [2008/12/12 12:23:54 | 000,002,158 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2008/10/16 08:59:32 | 000,000,000 | ---D | M]
Google Gears -> C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX -> [2010/03/04 15:24:27 | 000,000,000 | ---D | M]
Move Media Player -> C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS -> [2009/05/10 16:13:50 | 000,000,000 | ---D | M]
"Ask Toolbar" -> C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J3Y450FB.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM -> [2011/11/13 10:03:15 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [Program Folders] > -> 
Hosts file not found -> -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [ContributeBHO Class] -> [2007/03/16 14:13:06 | 000,118,784 | ---- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/11/09 11:30:46 | 000,304,736 | ---- | M] (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> [2007/06/14 19:32:35 | 000,509,592 | ---- | M] (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Google Gears Helper] -> [2010/02/23 05:51:18 | 002,121,728 | ---- | M] (Google Inc.)
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} [HKLM] -> C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll [ChromeFrame BHO] -> [2011/11/14 23:39:51 | 001,952,824 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [Contribute Toolbar] -> [2007/03/16 14:13:06 | 000,118,784 | ---- | M] ()
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
WebBrowser\\"{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"EnableShellExecuteHooks" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDesktopCleanupWizard" ->  [1] -> File not found
\\"EnableShellExecuteHooks" ->  [1] -> File not found
\\"HideSCAHealth" ->  [1] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [Menu: Sun Java Console] -> [2007/06/14 19:32:35 | 000,509,592 | ---- | M] (Sun Microsystems, Inc.)
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [Menu: &Gears Settings] -> [2010/02/23 05:51:18 | 002,121,728 | ---- | M] (Google Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 24 domain(s) found. -> 
164.109.25.72 .[*] -> Trusted sites -> 
207.130.86.35 .[*] -> Trusted sites -> 
acura.com .[*] -> Trusted sites -> 
acurainfo.programhq.com .[*] -> Trusted sites -> 
acuraspinplay.programhq.com .[*] -> Trusted sites -> 
ahmdealer.com .[*] -> Trusted sites -> 
ahm-ownerlink.com .[*] -> Trusted sites -> 
edcor.com .[*] -> Trusted sites -> 
honda.com .[*] -> Trusted sites -> 
honda.vo.llnwd.net .[*] -> Trusted sites -> 
hondaadcmd.com .[*] -> Trusted sites -> 
hondacars.com .[*] -> Trusted sites -> 
hondainfo.programhq.com .[*] -> Trusted sites -> 
hondamap.com .[*] -> Trusted sites -> 
hondapqr.com .[*] -> Trusted sites -> 
hondaprofessional.com .[*] -> Trusted sites -> 
hondaspinplay.programhq.com .[*] -> Trusted sites -> 
hondasso.com .[*] -> Trusted sites -> 
jdpa.com .[*] -> Trusted sites -> 
jdpower.com .[*] -> Trusted sites -> 
pcsc.acurasrs.com .[*] -> Trusted sites -> 
prospectingacurasrs.com .[*] -> Trusted sites -> 
travelhq.com .[*] -> Trusted sites -> 
xmradio.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{21F49842-BFA9-11D2-A89C-00104B62BDDA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> 
{297DE2B6-509A-4B36-93C5-A65276606900} [HKLM] -> http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB [RRAAINAX_02.RRAAINAX] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{5727FF4C-EF4E-4d96-A96C-03AD91910448} [HKLM] -> http://www.srtest.com/srl_bin/sysreqlab_ind.cab [System Requirements Lab Class] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab [PopCapLoader Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{B58F0408-F9FE-44FC-9562-A39D345B4AC0}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Atheros AR5007EG Wireless Network Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\Userinit.exe -> C:\Windows\System32\userinit.exe -> [2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon ->  -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{58C5B69C-8B75-4B0D-A598-D0B95828FDBF}" [HKLM] ->  [EYctqiAwfdFS] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] ->  [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll ->  -> File not found
digest.dll ->  -> File not found
msnsspc.dll ->  -> File not found
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\Ivp\ISM\pinger.exe [C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2007/01/25 18:47:50 | 000,136,816 | ---- | M] ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine] -> [2007/01/25 18:49:34 | 000,472,688 | ---- | M] (TOSHIBA Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 15:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{009c7aca-da91-11df-a5d1-00a0d196fda0}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{009c7aca-da91-11df-a5d1-00a0d196fda0}\shell
\{009c7aca-da91-11df-a5d1-00a0d196fda0}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{009c7aca-da91-11df-a5d1-00a0d196fda0}\shell\AutoRun\command
\{009c7aca-da91-11df-a5d1-00a0d196fda0}\shell\AutoRun\command\\"" ->  [G:\SISetup.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<key>\shell\[command]\command -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/12/01 07:29:37 | 000,646,144 | ---- | C] (OldTimer Tools)
 archive_db -> C:\archive_db -> [2011/11/29 21:53:19 | 000,000,000 | ---D | C]
 launcher -> C:\ProgramData\launcher -> [2011/11/29 20:13:03 | 000,000,000 | ---D | C]
 hotcore3.sys -> C:\Windows\System32\drivers\hotcore3.sys -> [2011/11/29 20:01:34 | 000,057,112 | ---- | C] (Paragon Software Group)
 Paragon Backup & Recovery™ 2011 (Advanced) Free -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2011 (Advanced) Free -> [2011/11/29 20:01:31 | 000,000,000 | ---D | C]
 UimBus.sys -> C:\Windows\System32\drivers\UimBus.sys -> [2011/11/29 20:01:04 | 000,040,824 | ---- | C] (Windows (R) 2000 DDK provider)
 {3658ed17-1cdb-4bf2-a3f8-d871aef0675f} -> C:\Users\Owner\{3658ed17-1cdb-4bf2-a3f8-d871aef0675f} -> [2011/11/29 15:55:30 | 000,000,000 | ---D | C]
 Paragon Software -> C:\Program Files\Paragon Software -> [2011/11/29 15:54:17 | 000,000,000 | ---D | C]
 dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2011/11/29 12:46:40 | 000,607,260 | R--- | C] (Swearware)
 HeavenWard -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeavenWard -> [2011/11/29 09:45:42 | 000,000,000 | ---D | C]
 HeavenWard -> C:\Program Files\HeavenWard -> [2011/11/29 09:45:41 | 000,000,000 | ---D | C]
 EventProviders -> C:\Windows\System32\EventProviders -> [2011/11/29 08:49:17 | 000,000,000 | ---D | C]
 bee8e92d032911418744f837f85990 -> C:\bee8e92d032911418744f837f85990 -> [2011/11/29 08:48:59 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/11/21 13:04:36 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/11/21 13:04:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation)
 found.000 -> C:\found.000 -> [2011/11/20 14:53:30 | 000,000,000 | -HSD | C]
 avg -> C:\Users\Owner\Documents\avg -> [2011/11/19 14:30:31 | 000,000,000 | ---D | C]
 AVG -> C:\Users\Owner\AppData\Roaming\AVG -> [2011/11/19 11:50:36 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\System32\drivers\AVG -> [2011/11/19 06:17:54 | 000,000,000 | ---D | C]
 MFAData -> C:\ProgramData\MFAData -> [2011/11/19 06:08:42 | 000,000,000 | ---D | C]
 Funtime Rhinestone -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funtime Rhinestone -> [2011/11/15 16:55:29 | 000,000,000 | ---D | C]
 SignMax -> C:\Program Files\SignMax -> [2011/11/15 16:54:30 | 000,000,000 | ---D | C]
 RemoveAny.sys -> C:\Windows\System32\drivers\RemoveAny.sys -> [2011/11/14 08:58:34 | 000,015,096 | ---- | C] (HeavenWard)
 IObit -> C:\ProgramData\IObit -> [2011/11/05 21:32:16 | 000,000,000 | ---D | C]
 IObit -> C:\Program Files\IObit -> [2011/11/05 21:32:14 | 000,000,000 | ---D | C]
 DriverCure -> C:\Users\Owner\AppData\Roaming\DriverCure -> [2011/11/05 20:59:55 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Users\Owner\AppData\Roaming\ParetoLogic -> [2011/11/05 20:59:53 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Program Files\ParetoLogic -> [2011/11/05 20:59:42 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\ProgramData\ParetoLogic -> [2011/11/05 20:59:41 | 000,000,000 | ---D | C]
 TomTom International B.V -> C:\Program Files\TomTom International B.V -> [2011/11/05 20:40:25 | 000,000,000 | ---D | C]
 System Security  2012 -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012 -> [2011/11/05 16:44:55 | 000,000,000 | ---D | C]
 mlP1DomZUOtPc1v -> C:\Users\Owner\AppData\Roaming\mlP1DomZUOtPc1v -> [2011/11/05 16:44:54 | 000,000,000 | ---D | C]
 Ciii3Ga6WJ8gqYU -> C:\Users\Owner\AppData\Roaming\Ciii3Ga6WJ8gqYU -> [2011/11/05 16:44:53 | 000,000,000 | ---D | C]
 G11ii3Ga6W7gq -> C:\Users\Owner\AppData\Roaming\G11ii3Ga6W7gq -> [2011/11/05 16:44:52 | 000,000,000 | ---D | C]
 CZZhYXwUelIBzPy -> C:\Users\Owner\AppData\Roaming\CZZhYXwUelIBzPy -> [2011/11/05 16:44:39 | 000,000,000 | ---D | C]
 CZZ9hYXXUVeIBzP -> C:\Users\Owner\AppData\Roaming\CZZ9hYXXUVeIBzP -> [2011/11/05 16:44:39 | 000,000,000 | ---D | C]
 U0GgO37CPoJXz2d -> C:\Users\Owner\AppData\Roaming\U0GgO37CPoJXz2d -> [2011/11/05 16:44:34 | 000,000,000 | ---D | C]
 K0GgO37CPoJXz2d -> C:\Users\Owner\AppData\Roaming\K0GgO37CPoJXz2d -> [2011/11/05 16:44:34 | 000,000,000 | ---D | C]
 LIS6jP4EkyF -> C:\Users\Owner\AppData\Roaming\LIS6jP4EkyF -> [2011/11/05 16:44:33 | 000,000,000 | ---D | C]
 uTXXqjjYC -> C:\Users\Owner\AppData\Roaming\uTXXqjjYC -> [2011/11/05 16:44:22 | 000,000,000 | ---D | C]
 HgTXXqjjYCkIrzN -> C:\Users\Owner\AppData\Roaming\HgTXXqjjYCkIrzN -> [2011/11/05 16:44:22 | 000,000,000 | ---D | C]
 CcccSibbD3pG4QH -> C:\Users\Owner\AppData\Roaming\CcccSibbD3pG4QH -> [2011/11/05 16:44:22 | 000,000,000 | ---D | C]
 yA5dRCByS35 -> C:\Users\Owner\AppData\Roaming\yA5dRCByS35 -> [2011/11/05 16:44:21 | 000,000,000 | ---D | C]
 TXety1ops -> C:\Users\Owner\AppData\Roaming\TXety1ops -> [2011/11/05 16:44:20 | 000,000,000 | ---D | C]
 szfNDsTUyo57ghU -> C:\Users\Owner\AppData\Roaming\szfNDsTUyo57ghU -> [2011/11/05 16:44:19 | 000,000,000 | ---D | C]
 kbWe3IcafYBiaWL -> C:\Users\Owner\AppData\Roaming\kbWe3IcafYBiaWL -> [2011/11/05 16:44:19 | 000,000,000 | ---D | C]
 2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 User_Feed_Synchronization-{06F3C5E4-85F3-44C5-ADAC-8B1CB7F17BF3}.job -> C:\Windows\tasks\User_Feed_Synchronization-{06F3C5E4-85F3-44C5-ADAC-8B1CB7F17BF3}.job -> [2011/12/01 07:32:15 | 000,000,418 | -H-- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/12/01 07:30:20 | 000,624,458 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/12/01 07:30:20 | 000,112,928 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/12/01 07:29:04 | 000,067,584 | --S- | M] ()
 OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/12/01 07:20:52 | 000,646,144 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/11/30 16:02:21 | 000,000,884 | ---- | M] ()
 TempFile -> C:\Windows\TempFile -> [2011/11/30 15:10:13 | 008,405,015 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/11/30 15:10:13 | 000,000,880 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/11/30 15:10:08 | 000,003,568 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/11/30 15:10:08 | 000,003,568 | -H-- | M] ()
 defogger_reenable -> C:\Users\Owner\defogger_reenable -> [2011/11/30 13:20:55 | 000,000,020 | ---- | M] ()
 Paragon Backup & Recovery™ 2011 (Advanced) Free.lnk -> C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 (Advanced) Free.lnk -> [2011/11/29 20:01:31 | 000,002,348 | ---- | M] ()
 gmer.zip -> C:\Users\Owner\Desktop\gmer.zip -> [2011/11/29 12:48:31 | 000,294,216 | ---- | M] ()
 dds.scr -> C:\Users\Owner\Desktop\dds.scr -> [2011/11/29 12:46:42 | 000,607,260 | R--- | M] (Swearware)
 Defogger.exe -> C:\Users\Owner\Desktop\Defogger.exe -> [2011/11/29 12:45:40 | 000,050,477 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/11/28 08:49:56 | 001,778,512 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/11/28 08:47:56 | 257,783,667 | ---- | M] ()
 avgresults.csv -> C:\Users\Owner\Documents\avgresults.csv -> [2011/11/22 09:18:19 | 000,005,590 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/21 13:04:37 | 000,000,917 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/11/20 09:12:28 | 000,117,248 | ---- | M] ()
 QBChanUtil_Trigger.ini -> C:\Windows\QBChanUtil_Trigger.ini -> [2011/11/19 18:19:07 | 000,000,090 | ---- | M] ()
 iavifw.avm.old -> C:\Windows\System32\drivers\AVG\iavifw.avm.old -> [2011/11/19 06:50:20 | 000,618,058 | ---- | M] ()
 A11temp.pdf -> C:\Users\Owner\Documents\A11temp.pdf -> [2011/11/18 20:00:18 | 000,051,837 | ---- | M] ()
 Funtime Rhinestone.lnk -> C:\Users\Public\Desktop\Funtime Rhinestone.lnk -> [2011/11/15 16:55:34 | 000,001,868 | ---- | M] ()
 1VjM2R.dat -> C:\ProgramData\1VjM2R.dat -> [2011/11/15 13:57:24 | 000,000,112 | ---- | M] ()
 RemoveAny.sys -> C:\Windows\System32\drivers\RemoveAny.sys -> [2011/11/14 08:58:34 | 000,015,096 | ---- | M] (HeavenWard)
 d3d9caps.dat -> C:\Users\Owner\AppData\Local\d3d9caps.dat -> [2011/11/06 12:15:07 | 000,000,680 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2011/11/05 21:55:34 | 000,000,954 | ---- | M] ()
 census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2011/11/05 21:29:46 | 000,345,584 | ---- | M] ()
 ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2011/11/05 21:29:10 | 000,245,033 | ---- | M] ()
 housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2011/11/05 21:14:20 | 000,000,036 | ---- | M] ()
 63 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 63 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 23 C:\Users\Owner\AppData\Local\Temp\*.tmp files -> C:\Users\Owner\AppData\Local\Temp\*.tmp -> 
 2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 1 C:\Users\Owner\AppData\Local\Temp\is-HKMRV.tmp\_isetup\*.tmp files -> C:\Users\Owner\AppData\Local\Temp\is-HKMRV.tmp\_isetup\*.tmp -> 
 
[Files - No Company Name]
 gmer.exe -> C:\Users\Owner\Desktop\gmer.exe -> [2011/11/30 13:29:26 | 000,302,592 | ---- | C] ()
 defogger_reenable -> C:\Users\Owner\defogger_reenable -> [2011/11/30 13:20:40 | 000,000,020 | ---- | C] ()
 i8042prt.sys -> C:\Windows\System32\drivers\i8042prt.sys -> [2011/11/30 11:33:45 | 000,054,784 | ---- | C] ()
 Paragon Backup & Recovery™ 2011 (Advanced) Free.lnk -> C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 (Advanced) Free.lnk -> [2011/11/29 20:01:31 | 000,002,348 | ---- | C] ()
 gmer.zip -> C:\Users\Owner\Desktop\gmer.zip -> [2011/11/29 12:48:32 | 000,294,216 | ---- | C] ()
 Defogger.exe -> C:\Users\Owner\Desktop\Defogger.exe -> [2011/11/29 12:45:39 | 000,050,477 | ---- | C] ()
 avgresults.csv -> C:\Users\Owner\Documents\avgresults.csv -> [2011/11/22 09:18:19 | 000,005,590 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/21 13:04:37 | 000,000,917 | ---- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/11/21 12:35:05 | 257,783,667 | ---- | C] ()
 iavifw.avm.old -> C:\Windows\System32\drivers\AVG\iavifw.avm.old -> [2011/11/19 06:50:20 | 000,618,058 | ---- | C] ()
 Funtime Rhinestone.lnk -> C:\Users\Public\Desktop\Funtime Rhinestone.lnk -> [2011/11/15 16:55:34 | 000,001,868 | ---- | C] ()
 1VjM2R.dat -> C:\ProgramData\1VjM2R.dat -> [2011/11/15 13:55:17 | 000,000,112 | ---- | C] ()
 census.cache -> C:\Users\Owner\AppData\Local\census.cache -> [2011/11/05 21:29:46 | 000,345,584 | ---- | C] ()
 ars.cache -> C:\Users\Owner\AppData\Local\ars.cache -> [2011/11/05 21:29:10 | 000,245,033 | ---- | C] ()
 housecall.guid.cache -> C:\Users\Owner\AppData\Local\housecall.guid.cache -> [2011/11/05 21:14:20 | 000,000,036 | ---- | C] ()
 6jwoqohp2e2fuyf3o2j5ej3 -> C:\Users\Owner\AppData\Local\6jwoqohp2e2fuyf3o2j5ej3 -> [2011/08/10 12:57:04 | 000,009,596 | -HS- | C] ()
 Certificat.sm -> C:\Users\Owner\AppData\Local\Certificat.sm -> [2011/01/31 17:57:48 | 000,000,384 | ---- | C] ()
 UimFIO.sys -> C:\Windows\System32\drivers\UimFIO.sys -> [2011/01/21 14:52:18 | 000,243,480 | ---- | C] ()
 HP1100SM.EXE -> C:\Windows\System32\HP1100SM.EXE -> [2010/10/20 16:51:32 | 001,511,424 | ---- | C] ()
 HP1100LM.DLL -> C:\Windows\System32\HP1100LM.DLL -> [2010/10/20 16:51:32 | 000,147,456 | ---- | C] ()
 mvhlewsi.DLL -> C:\Windows\System32\mvhlewsi.DLL -> [2010/10/20 16:46:54 | 000,284,160 | ---- | C] ()
 HP1100SMs.dll -> C:\Windows\System32\HP1100SMs.dll -> [2010/10/20 16:46:49 | 000,047,104 | ---- | C] ()
 KPCMS.INI -> C:\Windows\KPCMS.INI -> [2010/10/08 20:13:17 | 000,000,173 | ---- | C] ()
 iccsigs.dat -> C:\Windows\iccsigs.dat -> [2010/10/08 20:13:04 | 000,040,129 | ---- | C] ()
 MSVCRT10.DLL -> C:\Windows\System32\MSVCRT10.DLL -> [2010/10/08 20:12:57 | 000,210,944 | ---- | C] ()
 QBChanUtil_Trigger.ini -> C:\Windows\QBChanUtil_Trigger.ini -> [2010/04/26 15:04:32 | 000,000,090 | ---- | C] ()
 unins000.exe -> C:\Windows\unins000.exe -> [2009/11/17 17:26:05 | 000,704,346 | ---- | C] ()
 unins000.dat -> C:\Windows\unins000.dat -> [2009/11/17 17:26:05 | 000,000,844 | ---- | C] ()
 mvtcpui.ini -> C:\Windows\mvtcpui.ini -> [2009/04/01 09:48:16 | 000,053,478 | ---- | C] ()
 pool.bin -> C:\Windows\System32\pool.bin -> [2009/03/10 23:01:10 | 000,000,256 | ---- | C] ()
 A5W.INI -> C:\Windows\A5W.INI -> [2009/02/09 19:37:46 | 000,000,035 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2009/02/03 17:17:41 | 000,000,376 | ---- | C] ()
 wklnhst.dat -> C:\Users\Owner\AppData\Roaming\wklnhst.dat -> [2009/01/30 19:21:07 | 000,001,392 | ---- | C] ()
 cdplayer.ini -> C:\Windows\cdplayer.ini -> [2008/11/09 11:31:50 | 000,000,065 | ---- | C] ()
 qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/11/06 10:37:32 | 003,596,288 | ---- | C] ()
 DivXWMPExtType.dll -> C:\Windows\System32\DivXWMPExtType.dll -> [2008/11/06 10:33:02 | 000,012,288 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2008/10/16 09:00:43 | 000,000,000 | ---- | C] ()
 SharedSettings.ccs -> C:\Users\Owner\AppData\Roaming\SharedSettings.ccs -> [2008/09/26 10:13:27 | 000,117,760 | ---- | C] ()
 xpysys.dll -> C:\Windows\System32\xpysys.dll -> [2008/09/26 10:13:11 | 000,000,208 | ---- | C] ()
 d3d9caps.dat -> C:\Users\Owner\AppData\Local\d3d9caps.dat -> [2008/09/13 09:37:28 | 000,000,680 | ---- | C] ()
 NPSWF32.dll -> C:\Windows\System32\NPSWF32.dll -> [2008/09/06 06:55:59 | 002,463,976 | ---- | C] ()
 StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2008/08/16 02:01:00 | 000,106,605 | ---- | C] ()
 StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2008/08/16 02:01:00 | 000,018,904 | ---- | C] ()
 ToDisc.INI -> C:\Windows\ToDisc.INI -> [2008/06/01 20:03:55 | 000,000,000 | ---- | C] ()
 Embedit.INI -> C:\Windows\Embedit.INI -> [2008/05/27 20:51:10 | 000,000,040 | ---- | C] ()
 lffpx7.dll -> C:\Windows\System32\lffpx7.dll -> [2008/05/27 20:48:02 | 000,338,944 | ---- | C] ()
 lfkodak.dll -> C:\Windows\System32\lfkodak.dll -> [2008/05/27 20:48:02 | 000,118,784 | ---- | C] ()
 password.ini -> C:\Windows\password.ini -> [2008/05/26 15:41:59 | 000,000,075 | ---- | C] ()
 WINRESAZ.INI -> C:\Windows\WINRESAZ.INI -> [2008/05/26 14:49:38 | 000,000,120 | ---- | C] ()
 vx86036.dat -> C:\Windows\vx86036.dat -> [2008/05/19 15:24:58 | 000,000,004 | ---- | C] ()
 Crypkey.ini -> C:\Windows\Crypkey.ini -> [2008/05/19 15:22:12 | 000,000,057 | ---- | C] ()
 Ckldrv.sys -> C:\Windows\System32\Ckldrv.sys -> [2008/05/19 15:21:58 | 000,031,846 | ---- | C] ()
 Setup_ck.exe -> C:\Windows\Setup_ck.exe -> [2008/05/19 15:21:58 | 000,027,648 | R--- | C] ()
 Setup_ck.dll -> C:\Windows\Setup_ck.dll -> [2008/05/19 15:21:58 | 000,018,432 | ---- | C] ()
 Ckrfresh.exe -> C:\Windows\Ckrfresh.exe -> [2008/05/19 15:21:58 | 000,011,776 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/04/15 13:08:18 | 000,117,248 | ---- | C] ()
 swupdate.INI -> C:\Windows\swupdate.INI -> [2008/03/24 17:18:41 | 000,000,067 | ---- | C] ()
 NDSTray.INI -> C:\Windows\NDSTray.INI -> [2007/08/22 14:33:11 | 000,000,000 | ---- | C] ()
 IVIresizeW7.dll -> C:\Windows\System32\IVIresizeW7.dll -> [2007/08/22 14:18:54 | 000,204,800 | ---- | C] ()
 IVIresizeA6.dll -> C:\Windows\System32\IVIresizeA6.dll -> [2007/08/22 14:18:54 | 000,200,704 | ---- | C] ()
 IVIresizeP6.dll -> C:\Windows\System32\IVIresizeP6.dll -> [2007/08/22 14:18:54 | 000,192,512 | ---- | C] ()
 IVIresizeM6.dll -> C:\Windows\System32\IVIresizeM6.dll -> [2007/08/22 14:18:54 | 000,192,512 | ---- | C] ()
 IVIresizePX.dll -> C:\Windows\System32\IVIresizePX.dll -> [2007/08/22 14:18:54 | 000,188,416 | ---- | C] ()
 IVIresize.dll -> C:\Windows\System32\IVIresize.dll -> [2007/08/22 14:18:54 | 000,020,480 | ---- | C] ()
 csellang.ini -> C:\Windows\System32\csellang.ini -> [2007/08/22 13:49:10 | 000,128,113 | ---- | C] ()
 csellang.dll -> C:\Windows\System32\csellang.dll -> [2007/08/22 13:49:10 | 000,045,056 | ---- | C] ()
 tosmreg.ini -> C:\Windows\System32\tosmreg.ini -> [2007/08/22 13:49:10 | 000,010,150 | ---- | C] ()
 cseltbl.ini -> C:\Windows\System32\cseltbl.ini -> [2007/08/22 13:49:10 | 000,007,671 | ---- | C] ()
 rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/22 13:45:08 | 000,016,480 | ---- | C] ()
 RTHDAEQ1.dat -> C:\Windows\System32\drivers\RTHDAEQ1.dat -> [2007/08/22 13:39:42 | 000,000,176 | ---- | C] ()
 RTHDAEQ0.dat -> C:\Windows\System32\drivers\RTHDAEQ0.dat -> [2007/08/22 13:39:42 | 000,000,176 | ---- | C] ()
 atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2007/07/28 00:26:30 | 000,159,744 | ---- | C] ()
 atiumdva.dat -> C:\Windows\System32\atiumdva.dat -> [2007/07/28 00:01:12 | 003,107,788 | ---- | C] ()
 atiicdxx.dat -> C:\Windows\System32\atiicdxx.dat -> [2007/02/20 17:39:10 | 000,144,773 | ---- | C] ()
 TosBtAcc.dll -> C:\Windows\System32\TosBtAcc.dll -> [2006/12/05 14:05:04 | 000,114,688 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 06:57:28 | 000,067,584 | --S- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 06:47:37 | 001,778,512 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 06:35:32 | 000,005,632 | ---- | C] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 04:33:01 | 000,624,458 | ---- | C] ()
 perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 04:33:01 | 000,287,440 | ---- | C] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 04:33:01 | 000,112,928 | ---- | C] ()
 perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 04:33:01 | 000,030,674 | ---- | C] ()
 dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 04:23:21 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2006/11/02 02:58:30 | 000,043,131 | ---- | C] ()
 amdide.sys -> C:\Windows\System32\drivers\amdide.sys -> [2006/11/02 02:51:36 | 000,015,464 | ---- | C] ()
 aliide.sys -> C:\Windows\System32\drivers\aliide.sys -> [2006/11/02 02:51:35 | 000,014,952 | ---- | C] ()
 NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 02:19:00 | 000,000,741 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 01:40:29 | 000,013,750 | ---- | C] ()
 mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 01:25:31 | 000,673,088 | ---- | C] ()
 WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/03/09 11:58:00 | 001,060,424 | ---- | C] ()
 TosCommAPI.dll -> C:\Windows\System32\TosCommAPI.dll -> [2005/07/22 22:30:18 | 000,065,536 | ---- | C] ()
 OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 01 December 2011 - 08:41 PM

Good Evening!

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 24 domain(s) found.
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {21F49842-BFA9-11D2-A89C-00104B62BDDA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.]
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{58C5B69C-8B75-4B0D-A598-D0B95828FDBF}" [HKLM] -> [EYctqiAwfdFS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> []
[Files/Folders - Created Within 30 Days]
NY ->  {3658ed17-1cdb-4bf2-a3f8-d871aef0675f} -> C:\Users\Owner\{3658ed17-1cdb-4bf2-a3f8-d871aef0675f}
NY ->  System Security  2012 -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012
NY ->  mlP1DomZUOtPc1v -> C:\Users\Owner\AppData\Roaming\mlP1DomZUOtPc1v
NY ->  Ciii3Ga6WJ8gqYU -> C:\Users\Owner\AppData\Roaming\Ciii3Ga6WJ8gqYU
NY ->  G11ii3Ga6W7gq -> C:\Users\Owner\AppData\Roaming\G11ii3Ga6W7gq
NY ->  CZZhYXwUelIBzPy -> C:\Users\Owner\AppData\Roaming\CZZhYXwUelIBzPy
NY ->  CZZ9hYXXUVeIBzP -> C:\Users\Owner\AppData\Roaming\CZZ9hYXXUVeIBzP
NY ->  U0GgO37CPoJXz2d -> C:\Users\Owner\AppData\Roaming\U0GgO37CPoJXz2d
NY ->  K0GgO37CPoJXz2d -> C:\Users\Owner\AppData\Roaming\K0GgO37CPoJXz2d
NY ->  LIS6jP4EkyF -> C:\Users\Owner\AppData\Roaming\LIS6jP4EkyF
NY ->  uTXXqjjYC -> C:\Users\Owner\AppData\Roaming\uTXXqjjYC
NY ->  HgTXXqjjYCkIrzN -> C:\Users\Owner\AppData\Roaming\HgTXXqjjYCkIrzN
NY ->  CcccSibbD3pG4QH -> C:\Users\Owner\AppData\Roaming\CcccSibbD3pG4QH
NY ->  yA5dRCByS35 -> C:\Users\Owner\AppData\Roaming\yA5dRCByS35
NY ->  TXety1ops -> C:\Users\Owner\AppData\Roaming\TXety1ops
NY ->  szfNDsTUyo57ghU -> C:\Users\Owner\AppData\Roaming\szfNDsTUyo57ghU
NY ->  kbWe3IcafYBiaWL -> C:\Users\Owner\AppData\Roaming\kbWe3IcafYBiaWL
[Files/Folders - Modified Within 30 Days]
NY ->  TempFile -> C:\Windows\TempFile
NY ->  1VjM2R.dat -> C:\ProgramData\1VjM2R.dat
[Files - No Company Name]
NY ->  1VjM2R.dat -> C:\ProgramData\1VjM2R.dat
NY ->  6jwoqohp2e2fuyf3o2j5ej3 -> C:\Users\Owner\AppData\Local\6jwoqohp2e2fuyf3o2j5ej3
[Alternate Data Streams]
NY -> @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
NY -> @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:CB0AACC9
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 01 December 2011 - 09:56 PM

Good Evening

Hereis the OTS Fix log and currently the combofix has been runningfor about 40 minutes.
It says:
Scanning for infected files....
It will take about 10 minutes.
Time may double if badly infected
then a blinking cursor


All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ created successfully.
Starting removal of ActiveX control {21F49842-BFA9-11D2-A89C-00104B62BDDA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{21F49842-BFA9-11D2-A89C-00104B62BDDA}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21F49842-BFA9-11D2-A89C-00104B62BDDA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\Contains\Files\ not found.
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EYctqiAwfdFS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58C5B69C-8B75-4B0D-A598-D0B95828FDBF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Users\Owner\{3658ed17-1cdb-4bf2-a3f8-d871aef0675f} folder moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012 folder moved successfully.
C:\Users\Owner\AppData\Roaming\mlP1DomZUOtPc1v folder moved successfully.
C:\Users\Owner\AppData\Roaming\Ciii3Ga6WJ8gqYU folder moved successfully.
C:\Users\Owner\AppData\Roaming\G11ii3Ga6W7gq folder moved successfully.
C:\Users\Owner\AppData\Roaming\CZZhYXwUelIBzPy folder moved successfully.
C:\Users\Owner\AppData\Roaming\CZZ9hYXXUVeIBzP folder moved successfully.
C:\Users\Owner\AppData\Roaming\U0GgO37CPoJXz2d folder moved successfully.
C:\Users\Owner\AppData\Roaming\K0GgO37CPoJXz2d folder moved successfully.
C:\Users\Owner\AppData\Roaming\LIS6jP4EkyF folder moved successfully.
C:\Users\Owner\AppData\Roaming\uTXXqjjYC folder moved successfully.
C:\Users\Owner\AppData\Roaming\HgTXXqjjYCkIrzN folder moved successfully.
C:\Users\Owner\AppData\Roaming\CcccSibbD3pG4QH folder moved successfully.
C:\Users\Owner\AppData\Roaming\yA5dRCByS35 folder moved successfully.
C:\Users\Owner\AppData\Roaming\TXety1ops folder moved successfully.
C:\Users\Owner\AppData\Roaming\szfNDsTUyo57ghU folder moved successfully.
C:\Users\Owner\AppData\Roaming\kbWe3IcafYBiaWL folder moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Windows\TempFile scheduled to be moved on reboot.
C:\ProgramData\1VjM2R.dat moved successfully.
[Files - No Company Name]
File C:\ProgramData\1VjM2R.dat not found!
C:\Users\Owner\AppData\Local\6jwoqohp2e2fuyf3o2j5ej3 moved successfully.
[Alternate Data Streams]
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 949 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 12012011_195752

Files\Folders moved on Reboot...
File move failed. C:\Windows\TempFile scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 02 December 2011 - 02:47 AM

Hi!

Did the ComboFix scan ever finish running or did it get frozen on that screen saying it was scanning for infected files?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 December 2011 - 08:15 AM

No Combofix never ran,

#8 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 December 2011 - 10:15 AM

I did run the appremover to just make sure the uninstall of AVG did its job. AppRemover found no antivirus software, nor did it find any failed uninstallations of antivirus.

#9 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 December 2011 - 11:04 AM

Ran in safe mode and this is what it shows

#10 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 December 2011 - 11:06 AM

Here it isAttached File  screenimage.jpg   70.08KB   5 downloads

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 03 December 2011 - 02:46 AM

Thanks for the screenshots. What option did you choose when you were prompted with: The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 03 December 2011 - 08:26 AM

I picked yes. When my computer shut down and came back up it popped up again and I clicked yes.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 04 December 2011 - 01:24 AM

Hi,

Thanks for that information. So from what i'm gathering when you attempt to run ComboFix it's just staying at the scanning for infected files screen? It's not going through any stages is it?

I'd like to have you try and run this utility.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 oklisa

oklisa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 04 December 2011 - 11:46 AM

Here is the log

10:33:28.0091 2364 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:33:28.0122 2364 ============================================================
10:33:28.0122 2364 Current date / time: 2011/12/04 10:33:28.0122
10:33:28.0122 2364 SystemInfo:
10:33:28.0122 2364
10:33:28.0122 2364 OS Version: 6.0.6001 ServicePack: 1.0
10:33:28.0122 2364 Product type: Workstation
10:33:28.0122 2364 ComputerName: OWNER-PC
10:33:28.0122 2364 UserName: Owner
10:33:28.0122 2364 Windows directory: C:\Windows
10:33:28.0122 2364 System windows directory: C:\Windows
10:33:28.0122 2364 Processor architecture: Intel x86
10:33:28.0122 2364 Number of processors: 2
10:33:28.0122 2364 Page size: 0x1000
10:33:28.0122 2364 Boot type: Normal boot
10:33:28.0122 2364 ============================================================
10:33:29.0339 2364 Initialize success
10:33:42.0724 3428 ============================================================
10:33:42.0724 3428 Scan started
10:33:42.0724 3428 Mode: Manual; SigCheck; TDLFS;
10:33:42.0724 3428 ============================================================
10:33:43.0956 3428 .dfsc - ok
10:33:43.0988 3428 .tdx - ok
10:33:44.0112 3428 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
10:33:44.0222 3428 ACPI - ok
10:33:44.0315 3428 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:33:44.0331 3428 adp94xx - ok
10:33:44.0456 3428 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:33:44.0487 3428 adpahci - ok
10:33:44.0502 3428 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:33:44.0518 3428 adpu160m - ok
10:33:44.0565 3428 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:33:44.0580 3428 adpu320 - ok
10:33:44.0736 3428 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
10:33:44.0846 3428 AFD - ok
10:33:45.0017 3428 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
10:33:45.0095 3428 AgereSoftModem - ok
10:33:45.0220 3428 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:33:45.0220 3428 agp440 - ok
10:33:45.0282 3428 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:33:45.0282 3428 aic78xx - ok
10:33:45.0314 3428 aliide (28a65c8e3a4dcf6ee694ae03a7431c17) C:\Windows\system32\drivers\aliide.sys
10:33:45.0407 3428 aliide ( UnsignedFile.Multi.Generic ) - warning
10:33:45.0407 3428 aliide - detected UnsignedFile.Multi.Generic (1)
10:33:45.0532 3428 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:33:45.0532 3428 amdagp - ok
10:33:45.0563 3428 amdide (692913442eeca9b134403f46b118e50c) C:\Windows\system32\drivers\amdide.sys
10:33:45.0594 3428 amdide ( UnsignedFile.Multi.Generic ) - warning
10:33:45.0594 3428 amdide - detected UnsignedFile.Multi.Generic (1)
10:33:45.0641 3428 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:33:46.0078 3428 AmdK7 - ok
10:33:46.0187 3428 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
10:33:46.0234 3428 AmdK8 - ok
10:33:46.0343 3428 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:33:46.0359 3428 arc - ok
10:33:46.0437 3428 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:33:46.0437 3428 arcsas - ok
10:33:46.0530 3428 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:33:46.0593 3428 AsyncMac - ok
10:33:46.0702 3428 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:33:46.0718 3428 atapi - ok
10:33:46.0796 3428 athr (65b4e571b8c3f5b960ab889c0a770459) C:\Windows\system32\DRIVERS\athr.sys
10:33:46.0920 3428 athr - ok
10:33:47.0154 3428 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
10:33:47.0310 3428 atikmdag - ok
10:33:47.0404 3428 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:33:47.0466 3428 AtiPcie - ok
10:33:47.0607 3428 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:33:47.0654 3428 Beep - ok
10:33:47.0700 3428 blbdrive - ok
10:33:47.0856 3428 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
10:33:47.0903 3428 bowser - ok
10:33:47.0950 3428 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:33:48.0044 3428 BrFiltLo - ok
10:33:48.0153 3428 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:33:48.0200 3428 BrFiltUp - ok
10:33:48.0231 3428 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:33:48.0309 3428 Brserid - ok
10:33:48.0418 3428 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:33:48.0496 3428 BrSerWdm - ok
10:33:48.0527 3428 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:33:48.0605 3428 BrUsbMdm - ok
10:33:48.0714 3428 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:33:48.0761 3428 BrUsbSer - ok
10:33:48.0792 3428 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:33:48.0886 3428 BTHMODEM - ok
10:33:49.0151 3428 catchme - ok
10:33:49.0292 3428 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:33:49.0323 3428 cdfs - ok
10:33:49.0370 3428 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
10:33:49.0401 3428 cdrom - ok
10:33:49.0479 3428 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
10:33:49.0526 3428 circlass - ok
10:33:49.0635 3428 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
10:33:49.0650 3428 CLFS - ok
10:33:49.0760 3428 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:49.0791 3428 CmBatt - ok
10:33:50.0150 3428 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:33:50.0181 3428 cmdide - ok
10:33:50.0446 3428 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:33:50.0446 3428 Compbatt - ok
10:33:50.0586 3428 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:33:50.0602 3428 crcdisk - ok
10:33:50.0633 3428 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:33:50.0711 3428 Crusoe - ok
10:33:51.0070 3428 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
10:33:51.0164 3428 DfsC - ok
10:33:51.0600 3428 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
10:33:51.0600 3428 disk - ok
10:33:51.0834 3428 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:33:51.0897 3428 dot4 - ok
10:33:52.0068 3428 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:33:52.0100 3428 Dot4Print - ok
10:33:52.0131 3428 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:33:52.0162 3428 Dot4Scan - ok
10:33:52.0256 3428 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:33:52.0302 3428 dot4usb - ok
10:33:52.0380 3428 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:33:52.0427 3428 drmkaud - ok
10:33:52.0568 3428 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
10:33:52.0661 3428 DXGKrnl - ok
10:33:52.0724 3428 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:33:52.0802 3428 E1G60 - ok
10:33:52.0989 3428 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
10:33:53.0004 3428 Ecache - ok
10:33:53.0114 3428 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:33:53.0145 3428 elxstor - ok
10:33:53.0332 3428 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
10:33:53.0394 3428 exfat - ok
10:33:53.0441 3428 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
10:33:53.0504 3428 fastfat - ok
10:33:53.0660 3428 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:33:53.0738 3428 fdc - ok
10:33:54.0003 3428 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:33:54.0003 3428 FileInfo - ok
10:33:54.0330 3428 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:33:54.0393 3428 Filetrace - ok
10:33:54.0611 3428 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:54.0674 3428 flpydisk - ok
10:33:54.0783 3428 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
10:33:54.0798 3428 FltMgr - ok
10:33:54.0876 3428 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:33:54.0923 3428 Fs_Rec - ok
10:33:55.0032 3428 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
10:33:55.0032 3428 FTDIBUS - ok
10:33:55.0126 3428 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
10:33:55.0142 3428 FTSER2K - ok
10:33:55.0173 3428 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
10:33:55.0204 3428 FwLnk - ok
10:33:55.0251 3428 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:33:55.0251 3428 gagp30kx - ok
10:33:55.0376 3428 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:33:55.0376 3428 GEARAspiWDM - ok
10:33:55.0516 3428 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys
10:33:55.0594 3428 Hardlock - ok
10:33:55.0688 3428 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:33:55.0781 3428 HdAudAddService - ok
10:33:55.0890 3428 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:33:55.0922 3428 HDAudBus - ok
10:33:56.0015 3428 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:33:56.0093 3428 HidBth - ok
10:33:56.0156 3428 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
10:33:56.0218 3428 HidIr - ok
10:33:56.0312 3428 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
10:33:56.0358 3428 HidUsb - ok
10:33:56.0468 3428 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\Windows\system32\DRIVERS\hotcore3.sys
10:33:56.0499 3428 hotcore3 - ok
10:33:56.0608 3428 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:33:56.0624 3428 HpCISSs - ok
10:33:56.0717 3428 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
10:33:56.0780 3428 HTTP - ok
10:33:56.0873 3428 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:33:56.0889 3428 i2omp - ok
10:33:56.0998 3428 i8042prt (af1a1aad5f8598cafa8234e689c005f5) C:\Windows\system32\DRIVERS\i8042prt.sys
10:33:56.0998 3428 i8042prt ( Rootkit.Win32.ZAccess.j ) - infected
10:33:56.0998 3428 i8042prt - detected Rootkit.Win32.ZAccess.j (0)
10:33:57.0029 3428 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:33:57.0045 3428 iaStorV - ok
10:33:57.0154 3428 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:33:57.0170 3428 iirsp - ok
10:33:57.0310 3428 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
10:33:57.0388 3428 IntcAzAudAddService - ok
10:33:57.0544 3428 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
10:33:57.0544 3428 intelide - ok
10:33:57.0606 3428 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
10:33:57.0669 3428 intelppm - ok
10:33:57.0809 3428 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:57.0856 3428 IpFilterDriver - ok
10:33:57.0887 3428 IpInIp - ok
10:33:57.0934 3428 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:33:57.0996 3428 IPMIDRV - ok
10:33:58.0106 3428 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:33:58.0168 3428 IPNAT - ok
10:33:58.0340 3428 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:33:58.0371 3428 IRENUM - ok
10:33:58.0418 3428 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:33:58.0433 3428 isapnp - ok
10:33:58.0464 3428 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
10:33:58.0480 3428 iScsiPrt - ok
10:33:58.0558 3428 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:33:58.0574 3428 iteatapi - ok
10:33:58.0620 3428 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:33:58.0620 3428 iteraid - ok
10:33:58.0667 3428 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:33:58.0683 3428 kbdclass - ok
10:33:58.0776 3428 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:33:58.0823 3428 kbdhid - ok
10:33:58.0886 3428 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
10:33:58.0917 3428 KR10I - ok
10:33:59.0026 3428 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
10:33:59.0042 3428 KR10N - ok
10:33:59.0088 3428 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
10:33:59.0135 3428 KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
10:33:59.0135 3428 KR3NPXP - detected UnsignedFile.Multi.Generic (1)
10:33:59.0291 3428 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
10:33:59.0322 3428 KSecDD - ok
10:33:59.0385 3428 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:33:59.0447 3428 lltdio - ok
10:33:59.0494 3428 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:33:59.0510 3428 LSI_FC - ok
10:33:59.0588 3428 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:33:59.0603 3428 LSI_SAS - ok
10:33:59.0619 3428 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:33:59.0619 3428 LSI_SCSI - ok
10:33:59.0681 3428 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:33:59.0712 3428 luafv - ok
10:33:59.0728 3428 mcdbus - ok
10:33:59.0790 3428 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:33:59.0790 3428 megasas - ok
10:33:59.0915 3428 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:33:59.0946 3428 Modem - ok
10:34:00.0024 3428 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:34:00.0056 3428 monitor - ok
10:34:00.0102 3428 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:34:00.0118 3428 mouclass - ok
10:34:00.0196 3428 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:34:00.0227 3428 mouhid - ok
10:34:00.0290 3428 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:34:00.0305 3428 MountMgr - ok
10:34:00.0336 3428 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:34:00.0352 3428 mpio - ok
10:34:00.0430 3428 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:34:00.0477 3428 mpsdrv - ok
10:34:00.0524 3428 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:34:00.0524 3428 Mraid35x - ok
10:34:00.0586 3428 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
10:34:00.0633 3428 MRxDAV - ok
10:34:00.0773 3428 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:00.0789 3428 mrxsmb - ok
10:34:00.0836 3428 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:00.0867 3428 mrxsmb10 - ok
10:34:00.0898 3428 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:00.0929 3428 mrxsmb20 - ok
10:34:01.0038 3428 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:34:01.0054 3428 msahci - ok
10:34:01.0070 3428 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:34:01.0085 3428 msdsm - ok
10:34:01.0163 3428 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:34:01.0210 3428 Msfs - ok
10:34:01.0304 3428 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:34:01.0304 3428 msisadrv - ok
10:34:01.0350 3428 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:01.0397 3428 MSKSSRV - ok
10:34:01.0460 3428 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:01.0491 3428 MSPCLOCK - ok
10:34:01.0569 3428 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:34:01.0616 3428 MSPQM - ok
10:34:01.0678 3428 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
10:34:01.0678 3428 MsRPC - ok
10:34:01.0740 3428 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:34:01.0740 3428 mssmbios - ok
10:34:01.0834 3428 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:34:01.0881 3428 MSTEE - ok
10:34:01.0912 3428 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
10:34:01.0928 3428 Mup - ok
10:34:02.0006 3428 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:02.0052 3428 NativeWifiP - ok
10:34:02.0193 3428 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
10:34:02.0240 3428 NDIS - ok
10:34:02.0286 3428 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:02.0333 3428 NdisTapi - ok
10:34:02.0442 3428 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:02.0474 3428 Ndisuio - ok
10:34:02.0505 3428 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:02.0536 3428 NdisWan - ok
10:34:02.0552 3428 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:34:02.0598 3428 NDProxy - ok
10:34:02.0739 3428 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:34:02.0786 3428 NetBIOS - ok
10:34:02.0817 3428 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
10:34:02.0864 3428 netbt - ok
10:34:03.0020 3428 NetworkX (cc9089185b28201b2e14d0398761ff24) C:\Windows\system32\ckldrv.sys
10:34:03.0051 3428 NetworkX ( UnsignedFile.Multi.Generic ) - warning
10:34:03.0051 3428 NetworkX - detected UnsignedFile.Multi.Generic (1)
10:34:03.0129 3428 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:34:03.0129 3428 nfrd960 - ok
10:34:03.0191 3428 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
10:34:03.0238 3428 Npfs - ok
10:34:03.0347 3428 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:34:03.0410 3428 nsiproxy - ok
10:34:03.0488 3428 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
10:34:03.0550 3428 Ntfs - ok
10:34:03.0659 3428 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:34:03.0706 3428 ntrigdigi - ok
10:34:03.0753 3428 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:34:03.0784 3428 Null - ok
10:34:03.0815 3428 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:34:03.0831 3428 nvraid - ok
10:34:03.0846 3428 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:34:03.0862 3428 nvstor - ok
10:34:03.0909 3428 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:34:03.0909 3428 nv_agp - ok
10:34:03.0956 3428 NwlnkFlt - ok
10:34:03.0971 3428 NwlnkFwd - ok
10:34:04.0049 3428 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
10:34:04.0096 3428 ohci1394 - ok
10:34:04.0236 3428 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:34:04.0299 3428 Parport - ok
10:34:04.0346 3428 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
10:34:04.0361 3428 partmgr - ok
10:34:04.0392 3428 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:34:04.0470 3428 Parvdm - ok
10:34:04.0595 3428 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
10:34:04.0611 3428 pci - ok
10:34:04.0626 3428 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:34:04.0626 3428 pciide - ok
10:34:04.0689 3428 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:34:04.0689 3428 pcmcia - ok
10:34:04.0814 3428 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:34:04.0938 3428 PEAUTH - ok
10:34:05.0063 3428 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
10:34:05.0094 3428 pfc ( UnsignedFile.Multi.Generic ) - warning
10:34:05.0094 3428 pfc - detected UnsignedFile.Multi.Generic (1)
10:34:05.0141 3428 pgfilter - ok
10:34:05.0266 3428 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:05.0313 3428 PptpMiniport - ok
10:34:05.0391 3428 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:34:05.0453 3428 Processor - ok
10:34:05.0562 3428 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
10:34:05.0625 3428 PSched - ok
10:34:05.0734 3428 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:34:05.0765 3428 ql2300 - ok
10:34:05.0843 3428 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:34:05.0859 3428 ql40xx - ok
10:34:05.0937 3428 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:34:05.0952 3428 QWAVEdrv - ok
10:34:05.0984 3428 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:06.0030 3428 RasAcd - ok
10:34:06.0124 3428 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:06.0155 3428 Rasl2tp - ok
10:34:06.0202 3428 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:06.0249 3428 RasPppoe - ok
10:34:06.0296 3428 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:06.0342 3428 RasSstp - ok
10:34:06.0452 3428 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:06.0498 3428 rdbss - ok
10:34:06.0561 3428 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:06.0608 3428 RDPCDD - ok
10:34:06.0686 3428 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:34:06.0779 3428 rdpdr - ok
10:34:06.0857 3428 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:34:06.0904 3428 RDPENCDD - ok
10:34:06.0982 3428 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
10:34:07.0013 3428 RDPWD - ok
10:34:07.0060 3428 RemoveAny (6b1b8adf5aad0ccf3eb07957d2a11a49) C:\Windows\system32\Drivers\removeany.sys
10:34:07.0076 3428 RemoveAny - ok
10:34:07.0138 3428 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:34:07.0185 3428 rimmptsk - ok
10:34:07.0247 3428 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:34:07.0294 3428 rimsptsk - ok
10:34:07.0341 3428 RimUsb - ok
10:34:07.0403 3428 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
10:34:07.0434 3428 RimVSerPort - ok
10:34:07.0512 3428 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:34:07.0559 3428 rismxdp - ok
10:34:07.0637 3428 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
10:34:07.0668 3428 ROOTMODEM - ok
10:34:07.0746 3428 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:07.0809 3428 rspndr - ok
10:34:07.0887 3428 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:34:07.0949 3428 RTL8169 - ok
10:34:08.0058 3428 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:34:08.0074 3428 sbp2port - ok
10:34:08.0121 3428 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
10:34:08.0168 3428 sdbus - ok
10:34:08.0246 3428 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:34:08.0308 3428 secdrv - ok
10:34:08.0417 3428 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
10:34:08.0480 3428 Serenum - ok
10:34:08.0495 3428 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:34:08.0573 3428 Serial - ok
10:34:08.0667 3428 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:34:08.0714 3428 sermouse - ok
10:34:08.0823 3428 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
10:34:08.0838 3428 sffdisk - ok
10:34:08.0885 3428 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:08.0948 3428 sffp_mmc - ok
10:34:08.0994 3428 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:34:09.0041 3428 sffp_sd - ok
10:34:09.0104 3428 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:34:09.0166 3428 sfloppy - ok
10:34:09.0228 3428 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:34:09.0228 3428 sisagp - ok
10:34:09.0291 3428 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:34:09.0291 3428 SiSRaid2 - ok
10:34:09.0353 3428 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:34:09.0369 3428 SiSRaid4 - ok
10:34:09.0431 3428 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
10:34:09.0478 3428 Smb - ok
10:34:09.0556 3428 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:34:09.0572 3428 spldr - ok
10:34:09.0634 3428 sptd - ok
10:34:09.0712 3428 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
10:34:09.0774 3428 srv - ok
10:34:09.0837 3428 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
10:34:09.0852 3428 srv2 - ok
10:34:09.0946 3428 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:09.0977 3428 srvnet - ok
10:34:10.0086 3428 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:34:10.0086 3428 swenum - ok
10:34:10.0164 3428 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:34:10.0180 3428 Symc8xx - ok
10:34:10.0196 3428 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:34:10.0211 3428 Sym_hi - ok
10:34:10.0227 3428 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:34:10.0242 3428 Sym_u3 - ok
10:34:10.0305 3428 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
10:34:10.0320 3428 SynTP - ok
10:34:10.0430 3428 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
10:34:10.0476 3428 Tcpip - ok
10:34:10.0539 3428 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:10.0570 3428 Tcpip6 - ok
10:34:10.0617 3428 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
10:34:10.0664 3428 tcpipreg - ok
10:34:10.0757 3428 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:34:10.0804 3428 tdcmdpst - ok
10:34:10.0882 3428 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:34:10.0913 3428 TDPIPE - ok
10:34:10.0929 3428 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:34:10.0991 3428 TDTCP - ok
10:34:11.0116 3428 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
10:34:11.0132 3428 tdx - ok
10:34:11.0210 3428 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
10:34:11.0225 3428 TermDD - ok
10:34:11.0334 3428 Tosrfcom - ok
10:34:11.0381 3428 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
10:34:11.0412 3428 tosrfec - ok
10:34:11.0490 3428 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
10:34:11.0506 3428 tos_sps32 - ok
10:34:11.0584 3428 TPkd - ok
10:34:11.0631 3428 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:11.0662 3428 tssecsrv - ok
10:34:11.0709 3428 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:34:11.0756 3428 tunmp - ok
10:34:11.0849 3428 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:11.0880 3428 tunnel - ok
10:34:11.0927 3428 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:34:11.0974 3428 TVALZ - ok
10:34:12.0052 3428 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:34:12.0068 3428 uagp35 - ok
10:34:12.0114 3428 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
10:34:12.0130 3428 udfs - ok
10:34:12.0224 3428 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\Windows\system32\DRIVERS\UimBus.sys
10:34:12.0224 3428 UimBus - ok
10:34:12.0348 3428 Uim_IM (811e4296913821ce402b9e6629740350) C:\Windows\system32\Drivers\Uim_IM.sys
10:34:12.0364 3428 Uim_IM - ok
10:34:12.0411 3428 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:34:12.0411 3428 uliagpkx - ok
10:34:12.0489 3428 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:34:12.0489 3428 uliahci - ok
10:34:12.0551 3428 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:34:12.0567 3428 UlSata - ok
10:34:12.0614 3428 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:34:12.0629 3428 ulsata2 - ok
10:34:12.0707 3428 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:34:12.0754 3428 umbus - ok
10:34:12.0848 3428 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
10:34:12.0879 3428 USBAAPL - ok
10:34:12.0972 3428 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:13.0004 3428 usbccgp - ok
10:34:13.0097 3428 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:34:13.0160 3428 usbcir - ok
10:34:13.0206 3428 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
10:34:13.0253 3428 usbehci - ok
10:34:13.0316 3428 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:13.0378 3428 usbhub - ok
10:34:13.0456 3428 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
10:34:13.0487 3428 usbohci - ok
10:34:13.0581 3428 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:34:13.0612 3428 usbprint - ok
10:34:13.0659 3428 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:13.0706 3428 USBSTOR - ok
10:34:13.0784 3428 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
10:34:13.0830 3428 usbuhci - ok
10:34:13.0893 3428 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
10:34:13.0955 3428 usbvideo - ok
10:34:14.0002 3428 VClone - ok
10:34:14.0080 3428 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:14.0127 3428 vga - ok
10:34:14.0189 3428 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:34:14.0236 3428 VgaSave - ok
10:34:14.0267 3428 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:34:14.0283 3428 viaagp - ok
10:34:14.0392 3428 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:34:14.0486 3428 ViaC7 - ok
10:34:14.0548 3428 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:34:14.0564 3428 viaide - ok
10:34:14.0626 3428 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:34:14.0626 3428 volmgr - ok
10:34:14.0720 3428 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
10:34:14.0735 3428 volmgrx - ok
10:34:14.0798 3428 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
10:34:14.0813 3428 volsnap - ok
10:34:14.0907 3428 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:34:14.0907 3428 vsmraid - ok
10:34:14.0985 3428 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:34:15.0047 3428 WacomPen - ok
10:34:15.0094 3428 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:15.0110 3428 Wanarp - ok
10:34:15.0125 3428 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:15.0141 3428 Wanarpv6 - ok
10:34:15.0234 3428 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:34:15.0234 3428 Wd - ok
10:34:15.0312 3428 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:34:15.0344 3428 Wdf01000 - ok
10:34:15.0453 3428 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
10:34:15.0468 3428 winbondcir - ok
10:34:15.0562 3428 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:34:15.0624 3428 WmiAcpi - ok
10:34:15.0718 3428 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
10:34:15.0765 3428 WpdUsb - ok
10:34:15.0812 3428 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:15.0843 3428 ws2ifsl - ok
10:34:15.0936 3428 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:15.0952 3428 WUDFRd - ok
10:34:15.0999 3428 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:34:16.0139 3428 \Device\Harddisk0\DR0 - ok
10:34:16.0139 3428 Boot (0x1200) (665b18014bdcc6367e6a0c96ae5b42ec) \Device\Harddisk0\DR0\Partition0
10:34:16.0139 3428 \Device\Harddisk0\DR0\Partition0 - ok
10:34:16.0139 3428 ============================================================
10:34:16.0139 3428 Scan finished
10:34:16.0139 3428 ============================================================
10:34:16.0155 2576 Detected object count: 6
10:34:16.0155 2576 Actual detected object count: 6
10:34:48.0275 2576 aliide ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:48.0275 2576 aliide ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:48.0275 2576 amdide ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:48.0275 2576 amdide ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:48.0447 2576 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
10:34:48.0899 2576 Backup copy not found, trying to cure infected file..
10:34:48.0930 2576 Cure success, using it..
10:34:48.0930 2576 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
10:34:52.0784 2576 i8042prt ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
10:34:52.0784 2576 KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:52.0784 2576 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:52.0784 2576 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:52.0784 2576 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:34:52.0799 2576 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:52.0799 2576 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:11.0207 0488 Deinitialize success

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:47 PM

Posted 06 December 2011 - 01:21 AM

Good Evening!

Please don't think that I had forgotten about you. My work schedule has been quite hectic lately, so I'm just getting around to getting online to respond to my logs.

Could you please attempt to do a new scan with ComboFix and see if it will run for you now?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users