Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need a "SYSTEM FIX" fix


  • This topic is locked This topic is locked
46 replies to this topic

#1 wiglet

wiglet

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 29 December 2011 - 05:02 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ralph at 16:13:06 on 2011-12-29
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\jdiNQqhyasYS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\ProgramData\wfZuAOhqd8nOFh.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ralph\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.bing.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: ShowToolbar Class: {2bc57ba4-14fa-4019-9fa8-735bf4555f74} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: VIP Access Toolbar: {c951c541-144c-4ae0-ad99-41d008af19aa} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [?????????] ??????????????e
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ralph\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] c:\program files\microsoft office\office14\MSOSYNC.EXE
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [winupd] c:\users\ralph\appdata\local\Temp:winupd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jdiNQqhyasYS.exe] c:\programdata\jdiNQqhyasYS.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: advent.com\abos1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.employflorida.com/controls/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : NameServer = 192.168.1.254,68.94.156.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&client=firefox-a&rlz=1R0RNFA_en&tab=nw
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ralph\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? osppsvc;Office Software Protection Platform
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TFSysMon;TFSysMon
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FontCache;Windows Font Cache Service
S? IDSVix86;IDSVix86
S? MyWebSearchService;My Web Search Service
S? N360;Norton 360
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? uwdorpoc;uwdorpoc
.
=============== Created Last 30 ================
.
2011-12-29 21:10:23 -------- d-----w- c:\users\ralph\appdata\local\CrashDumps
2011-12-29 20:12:33 100864 ----a-w- C:\uwdorpoc.sys
2011-12-29 17:05:41 -------- d--h--w- c:\users\ralph\appdata\roaming\Tific
2011-12-29 16:45:53 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-29 16:45:41 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 16:44:34 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-12-29 16:44:34 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-12-29 16:44:34 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-12-29 16:44:34 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-12-29 16:44:34 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-12-29 16:44:34 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-12-29 16:44:34 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-12-29 16:44:08 -------- d--h--w- c:\windows\system32\drivers\N360
2011-12-29 16:44:08 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-12-29 16:44:04 -------- d-----w- c:\program files\Norton 360
2011-12-29 16:35:31 -------- d--h--w- c:\programdata\NortonInstaller
2011-12-29 16:35:31 -------- d-----w- c:\program files\NortonInstaller
2011-12-29 16:32:05 -------- d--h--w- c:\programdata\Norton
2011-12-29 13:49:41 -------- d--h--w- c:\users\ralph\appdata\local\LogMeIn Rescue Applet
2011-12-29 13:45:06 -------- d--h--w- c:\users\ralph\appdata\roaming\McAFee TechCheck
2011-12-29 13:40:09 -------- d--h--w- c:\users\ralph\appdata\local\Threat Expert
2011-12-29 13:39:39 -------- d--h--w- c:\users\ralph\appdata\roaming\TechCheck
2011-12-28 18:53:48 -------- d-----w- c:\program files\PC Tools
2011-12-28 18:51:09 185560 ---ha-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-28 18:51:09 -------- d-----w- c:\program files\common files\PC Tools
2011-12-28 18:45:08 -------- d--h--w- c:\users\ralph\appdata\roaming\TestApp
2011-12-28 18:45:08 -------- d--h--w- c:\programdata\PC Tools
2011-12-27 22:46:02 356608 ---ha-w- c:\programdata\wfZuAOhqd8nOFh.exe
2011-12-27 22:12:58 451328 ---ha-w- c:\programdata\jdiNQqhyasYS.exe
2011-12-27 12:25:41 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\offreg.dll
2011-12-27 12:25:35 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\mpengine.dll
2011-12-21 16:17:39 -------- d--h--w- c:\program files\iPod
2011-12-21 16:17:30 -------- d--h--w- c:\program files\iTunes
2011-12-15 23:13:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:13:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 23:13:16 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:13:14 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:13:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 23:13:10 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 18:44:17 -------- d--h--w- c:\program files\Citrix
2011-12-13 18:43:57 60304 ---ha-w- c:\users\ralph\g2mdlhlpx.exe
2011-12-05 12:28:41 -------- d--h--w- c:\users\ralph\appdata\roaming\MusicNet
2011-12-05 12:28:40 -------- d--h--w- c:\programdata\283D0
2011-12-05 12:28:35 -------- d--h--w- c:\users\ralph\appdata\local\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\programdata\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\program files\iMesh Applications
2011-12-05 12:26:24 -------- dc-h--w- c:\programdata\{05505732-706C-4AFB-8CB4-779D17872B48}
2011-12-05 12:25:40 -------- d--h--w- c:\users\ralph\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-12-16 15:35:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 14:11:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-07 14:11:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:13:36.44 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ralph at 16:13:06 on 2011-12-29
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\jdiNQqhyasYS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\ProgramData\wfZuAOhqd8nOFh.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ralph\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.bing.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: ShowToolbar Class: {2bc57ba4-14fa-4019-9fa8-735bf4555f74} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: VIP Access Toolbar: {c951c541-144c-4ae0-ad99-41d008af19aa} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [?????????] ??????????????e
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ralph\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] c:\program files\microsoft office\office14\MSOSYNC.EXE
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [winupd] c:\users\ralph\appdata\local\Temp:winupd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jdiNQqhyasYS.exe] c:\programdata\jdiNQqhyasYS.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: advent.com\abos1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.employflorida.com/controls/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : NameServer = 192.168.1.254,68.94.156.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&client=firefox-a&rlz=1R0RNFA_en&tab=nw
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ralph\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? osppsvc;Office Software Protection Platform
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TFSysMon;TFSysMon
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FontCache;Windows Font Cache Service
S? IDSVix86;IDSVix86
S? MyWebSearchService;My Web Search Service
S? N360;Norton 360
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? uwdorpoc;uwdorpoc
.
=============== Created Last 30 ================
.
2011-12-29 21:10:23 -------- d-----w- c:\users\ralph\appdata\local\CrashDumps
2011-12-29 20:12:33 100864 ----a-w- C:\uwdorpoc.sys
2011-12-29 17:05:41 -------- d--h--w- c:\users\ralph\appdata\roaming\Tific
2011-12-29 16:45:53 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-29 16:45:41 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 16:44:34 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-12-29 16:44:34 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-12-29 16:44:34 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-12-29 16:44:34 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-12-29 16:44:34 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-12-29 16:44:34 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-12-29 16:44:34 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-12-29 16:44:08 -------- d--h--w- c:\windows\system32\drivers\N360
2011-12-29 16:44:08 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-12-29 16:44:04 -------- d-----w- c:\program files\Norton 360
2011-12-29 16:35:31 -------- d--h--w- c:\programdata\NortonInstaller
2011-12-29 16:35:31 -------- d-----w- c:\program files\NortonInstaller
2011-12-29 16:32:05 -------- d--h--w- c:\programdata\Norton
2011-12-29 13:49:41 -------- d--h--w- c:\users\ralph\appdata\local\LogMeIn Rescue Applet
2011-12-29 13:45:06 -------- d--h--w- c:\users\ralph\appdata\roaming\McAFee TechCheck
2011-12-29 13:40:09 -------- d--h--w- c:\users\ralph\appdata\local\Threat Expert
2011-12-29 13:39:39 -------- d--h--w- c:\users\ralph\appdata\roaming\TechCheck
2011-12-28 18:53:48 -------- d-----w- c:\program files\PC Tools
2011-12-28 18:51:09 185560 ---ha-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-28 18:51:09 -------- d-----w- c:\program files\common files\PC Tools
2011-12-28 18:45:08 -------- d--h--w- c:\users\ralph\appdata\roaming\TestApp
2011-12-28 18:45:08 -------- d--h--w- c:\programdata\PC Tools
2011-12-27 22:46:02 356608 ---ha-w- c:\programdata\wfZuAOhqd8nOFh.exe
2011-12-27 22:12:58 451328 ---ha-w- c:\programdata\jdiNQqhyasYS.exe
2011-12-27 12:25:41 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\offreg.dll
2011-12-27 12:25:35 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\mpengine.dll
2011-12-21 16:17:39 -------- d--h--w- c:\program files\iPod
2011-12-21 16:17:30 -------- d--h--w- c:\program files\iTunes
2011-12-15 23:13:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:13:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 23:13:16 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:13:14 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:13:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 23:13:10 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 18:44:17 -------- d--h--w- c:\program files\Citrix
2011-12-13 18:43:57 60304 ---ha-w- c:\users\ralph\g2mdlhlpx.exe
2011-12-05 12:28:41 -------- d--h--w- c:\users\ralph\appdata\roaming\MusicNet
2011-12-05 12:28:40 -------- d--h--w- c:\programdata\283D0
2011-12-05 12:28:35 -------- d--h--w- c:\users\ralph\appdata\local\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\programdata\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\program files\iMesh Applications
2011-12-05 12:26:24 -------- dc-h--w- c:\programdata\{05505732-706C-4AFB-8CB4-779D17872B48}
2011-12-05 12:25:40 -------- d--h--w- c:\users\ralph\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-12-16 15:35:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 14:11:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-07 14:11:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:13:36.44 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ralph at 16:13:06 on 2011-12-29
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\jdiNQqhyasYS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\ProgramData\wfZuAOhqd8nOFh.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ralph\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.bing.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: ShowToolbar Class: {2bc57ba4-14fa-4019-9fa8-735bf4555f74} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: VIP Access Toolbar: {c951c541-144c-4ae0-ad99-41d008af19aa} - c:\program files\verisign\vipaccesstoolbar\VIPToolbar.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [?????????] ??????????????e
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ralph\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] c:\program files\microsoft office\office14\MSOSYNC.EXE
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [winupd] c:\users\ralph\appdata\local\Temp:winupd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jdiNQqhyasYS.exe] c:\programdata\jdiNQqhyasYS.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: advent.com\abos1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.employflorida.com/controls/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : NameServer = 192.168.1.254,68.94.156.1
TCP: Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&client=firefox-a&rlz=1R0RNFA_en&tab=nw
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\ralph\appdata\roaming\mozilla\firefox\profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ralph\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? osppsvc;Office Software Protection Platform
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TFSysMon;TFSysMon
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FontCache;Windows Font Cache Service
S? IDSVix86;IDSVix86
S? MyWebSearchService;My Web Search Service
S? N360;Norton 360
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? uwdorpoc;uwdorpoc
.
=============== Created Last 30 ================
.
2011-12-29 21:10:23 -------- d-----w- c:\users\ralph\appdata\local\CrashDumps
2011-12-29 20:12:33 100864 ----a-w- C:\uwdorpoc.sys
2011-12-29 17:05:41 -------- d--h--w- c:\users\ralph\appdata\roaming\Tific
2011-12-29 16:45:53 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-29 16:45:41 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-29 16:44:34 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-12-29 16:44:34 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-12-29 16:44:34 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-12-29 16:44:34 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-12-29 16:44:34 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-12-29 16:44:34 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-12-29 16:44:34 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-12-29 16:44:08 -------- d--h--w- c:\windows\system32\drivers\N360
2011-12-29 16:44:08 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-12-29 16:44:04 -------- d-----w- c:\program files\Norton 360
2011-12-29 16:35:31 -------- d--h--w- c:\programdata\NortonInstaller
2011-12-29 16:35:31 -------- d-----w- c:\program files\NortonInstaller
2011-12-29 16:32:05 -------- d--h--w- c:\programdata\Norton
2011-12-29 13:49:41 -------- d--h--w- c:\users\ralph\appdata\local\LogMeIn Rescue Applet
2011-12-29 13:45:06 -------- d--h--w- c:\users\ralph\appdata\roaming\McAFee TechCheck
2011-12-29 13:40:09 -------- d--h--w- c:\users\ralph\appdata\local\Threat Expert
2011-12-29 13:39:39 -------- d--h--w- c:\users\ralph\appdata\roaming\TechCheck
2011-12-28 18:53:48 -------- d-----w- c:\program files\PC Tools
2011-12-28 18:51:09 185560 ---ha-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-28 18:51:09 -------- d-----w- c:\program files\common files\PC Tools
2011-12-28 18:45:08 -------- d--h--w- c:\users\ralph\appdata\roaming\TestApp
2011-12-28 18:45:08 -------- d--h--w- c:\programdata\PC Tools
2011-12-27 22:46:02 356608 ---ha-w- c:\programdata\wfZuAOhqd8nOFh.exe
2011-12-27 22:12:58 451328 ---ha-w- c:\programdata\jdiNQqhyasYS.exe
2011-12-27 12:25:41 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\offreg.dll
2011-12-27 12:25:35 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{a6703bd1-ef8e-4c9a-a70e-5b62d42df7aa}\mpengine.dll
2011-12-21 16:17:39 -------- d--h--w- c:\program files\iPod
2011-12-21 16:17:30 -------- d--h--w- c:\program files\iTunes
2011-12-15 23:13:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:13:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 23:13:16 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:13:14 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:13:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 23:13:10 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 18:44:17 -------- d--h--w- c:\program files\Citrix
2011-12-13 18:43:57 60304 ---ha-w- c:\users\ralph\g2mdlhlpx.exe
2011-12-05 12:28:41 -------- d--h--w- c:\users\ralph\appdata\roaming\MusicNet
2011-12-05 12:28:40 -------- d--h--w- c:\programdata\283D0
2011-12-05 12:28:35 -------- d--h--w- c:\users\ralph\appdata\local\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\programdata\iMesh
2011-12-05 12:27:01 -------- d--h--w- c:\program files\iMesh Applications
2011-12-05 12:26:24 -------- dc-h--w- c:\programdata\{05505732-706C-4AFB-8CB4-779D17872B48}
2011-12-05 12:25:40 -------- d--h--w- c:\users\ralph\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-12-16 15:35:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 14:11:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-07 14:11:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:13:36.44 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-29 16:06:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f Hitachi_ rev.V54O
Running: ivounz7z.exe; Driver: C:\Users\ralph\AppData\Local\Temp\uwdorpoc.sys


---- System - GMER 1.0.15 ----

SSDT 87E31D30 ZwAlertResumeThread
SSDT 87E31E10 ZwAlertThread
SSDT 87E04740 ZwAllocateVirtualMemory
SSDT 87D77FB0 ZwAlpcConnectPort
SSDT 87E314D8 ZwAssignProcessToJobObject
SSDT 87E31A80 ZwCreateMutant
SSDT 87E311F8 ZwCreateSymbolicLinkObject
SSDT 87E04C08 ZwCreateThread
SSDT 87E315B8 ZwDebugActiveProcess
SSDT 87E04910 ZwDuplicateObject
SSDT 87E04560 ZwFreeVirtualMemory
SSDT 87E31B70 ZwImpersonateAnonymousToken
SSDT 87E31C50 ZwImpersonateThread
SSDT 87671538 ZwLoadDriver
SSDT 87E04460 ZwMapViewOfSection
SSDT 87E319A0 ZwOpenEvent
SSDT 87E04AF0 ZwOpenProcess
SSDT 87E04830 ZwOpenProcessToken
SSDT 87E317E0 ZwOpenSection
SSDT 87E04A00 ZwOpenThread
SSDT 87E313E8 ZwProtectVirtualMemory
SSDT 87E31EF0 ZwResumeThread
SSDT 87E041B0 ZwSetContextThread
SSDT 87E04290 ZwSetInformationProcess
SSDT 87E31698 ZwSetSystemInformation
SSDT 87E318C0 ZwSuspendProcess
SSDT 87E31FD0 ZwSuspendThread
SSDT 87E04CE8 ZwTerminateProcess
SSDT 87E040D0 ZwTerminateThread
SSDT 87E04380 ZwUnmapViewOfSection
SSDT 87E04650 ZwWriteVirtualMemory
SSDT 87E312E8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824C38A0 8 Bytes [30, 1D, E3, 87, 10, 1E, E3, ...] {XOR [0x1e1087e3], BL; JECXZ 0xffffffffffffff8f}
.text ntkrnlpa.exe!KeSetEvent + 131 824C38B4 4 Bytes [40, 47, E0, 87] {INC EAX; INC EDI; LOOPNZ 0xffffffffffffff8b}
.text ntkrnlpa.exe!KeSetEvent + 13D 824C38C0 4 Bytes [B0, 7F, D7, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 824C3914 4 Bytes [D8, 14, E3, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824C3978 4 Bytes [80, 1A, E3, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91209340, 0x3DB197, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\ralph\AppData\Local\Temp:winupd.exe[576] kernel32.dll!WriteFile 7707ABE1 5 Bytes JMP 007D000C
.text C:\Users\ralph\AppData\Local\Temp:winupd.exe[576] USER32.dll!WindowFromPoint 760A884F 5 Bytes JMP 0168000A
.text C:\Users\ralph\AppData\Local\Temp:winupd.exe[576] USER32.dll!GetForegroundWindow 760B32C4 5 Bytes JMP 016A000A
.text C:\Users\ralph\AppData\Local\Temp:winupd.exe[576] USER32.dll!GetCursorPos 760C0B88 5 Bytes JMP 0163000A
.text C:\Users\ralph\AppData\Local\Temp:winupd.exe[576] ole32.dll!CoCreateInstance 75D99F3E 5 Bytes JMP 0157000A
.text C:\Program Files\Real\realplayer\Update\realsched.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 7705A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C52 2 Bytes [B0, 00] {MOV AL, 0x0}
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C56 2 Bytes [AE, 00]
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C5A 2 Bytes [B0, 00] {MOV AL, 0x0}
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C5E 2 Bytes [AE, 00]
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C62 2 Bytes [AE, 00]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Users\ralph\AppData\Local\Temp:winupd.exe (*** hidden *** ) @ C:\Users\ralph\AppData\Local\Temp:winupd.exe [576] 0x00400000

---- Files - GMER 1.0.15 ----

ADS C:\Users\ralph\AppData\Local\Temp:winupd.exe 131072 bytes executable

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:37 PM

Posted 31 December 2011 - 08:45 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide me with the above logs, as well as an update on how your computer is currently running.

Edited by SweetTech, 31 December 2011 - 08:46 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 05:16 AM

unsure if my posting was successful. Norton blocked a risk, and I'm getting "out of memory" messages from "website". "Systemfix" again?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 03:52:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f Hitachi_ rev.V54O
Running: gmer.exe; Driver: C:\Users\ralph\AppData\Local\Temp\uwdorpoc.sys


---- System - GMER 1.0.15 ----

SSDT 87E31D30 ZwAlertResumeThread
SSDT 87E31E10 ZwAlertThread
SSDT 87E04740 ZwAllocateVirtualMemory
SSDT 87D77FB0 ZwAlpcConnectPort
SSDT 87E314D8 ZwAssignProcessToJobObject
SSDT 87E31A80 ZwCreateMutant
SSDT 87E311F8 ZwCreateSymbolicLinkObject
SSDT 87E04C08 ZwCreateThread
SSDT 87E315B8 ZwDebugActiveProcess
SSDT 87E04910 ZwDuplicateObject
SSDT 87E04560 ZwFreeVirtualMemory
SSDT 87E31B70 ZwImpersonateAnonymousToken
SSDT 87E31C50 ZwImpersonateThread
SSDT 87671538 ZwLoadDriver
SSDT 87E04460 ZwMapViewOfSection
SSDT 87E319A0 ZwOpenEvent
SSDT 87E04AF0 ZwOpenProcess
SSDT 87E04830 ZwOpenProcessToken
SSDT 87E317E0 ZwOpenSection
SSDT 87E04A00 ZwOpenThread
SSDT 87E313E8 ZwProtectVirtualMemory
SSDT 87E31EF0 ZwResumeThread
SSDT 87E041B0 ZwSetContextThread
SSDT 87E04290 ZwSetInformationProcess
SSDT 87E31698 ZwSetSystemInformation
SSDT 87E318C0 ZwSuspendProcess
SSDT 87E31FD0 ZwSuspendThread
SSDT 87E04CE8 ZwTerminateProcess
SSDT 87E040D0 ZwTerminateThread
SSDT 87E04380 ZwUnmapViewOfSection
SSDT 87E04650 ZwWriteVirtualMemory
SSDT 87E312E8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824C38A0 8 Bytes [30, 1D, E3, 87, 10, 1E, E3, ...] {XOR [0x1e1087e3], BL; JECXZ 0xffffffffffffff8f}
.text ntkrnlpa.exe!KeSetEvent + 131 824C38B4 4 Bytes [40, 47, E0, 87] {INC EAX; INC EDI; LOOPNZ 0xffffffffffffff8b}
.text ntkrnlpa.exe!KeSetEvent + 13D 824C38C0 4 Bytes [B0, 7F, D7, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 824C3914 4 Bytes [D8, 14, E3, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824C3978 4 Bytes [80, 1A, E3, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91209340, 0x3DB197, 0xE8000020]
? C:\Users\ralph\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ntdll.dll!NtMapViewOfSection 772F4974 5 Bytes JMP 05FC003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!ReadProcessMemory + 3E 77031CB3 7 Bytes JMP 05FC00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!WriteProcessMemory + 106 77031DBE 7 Bytes JMP 05FC0319
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!CreateIoCompletionPort + 52 77059DA6 7 Bytes JMP 05FC03CF
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!VirtualAllocEx + 54 7707AF70 7 Bytes JMP 05FC0263
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 70F07303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] kernel32.dll!GetProcessHandleCount + 35 770C5D4F 7 Bytes JMP 05FC01AD
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 70F42194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!CallNextHookEx 760A8E3B 5 Bytes JMP 70F67BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 70F8EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!EnableWindow 760ACD8B 5 Bytes JMP 70F49A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DefWindowProcA 760ADB88 7 Bytes JMP 70F0952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!CreateWindowExA 760ADC2A 5 Bytes JMP 70F13363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!CreateWindowExW 760B1305 5 Bytes JMP 70F6FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DefWindowProcW 760C03B4 7 Bytes JMP 70F67C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DialogBoxParamW 760D10B0 5 Bytes JMP 70EA170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DialogBoxIndirectParamW 760D2EF5 5 Bytes JMP 710962BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DialogBoxParamA 760E8152 5 Bytes JMP 71096259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!DialogBoxIndirectParamA 760E847D 5 Bytes JMP 71096323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!MessageBoxIndirectA 760FD4D9 5 Bytes JMP 710961E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!MessageBoxIndirectW 760FD5D3 5 Bytes JMP 71096167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!MessageBoxExA 760FD639 5 Bytes JMP 71096103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] USER32.dll!MessageBoxExW 760FD65D 5 Bytes JMP 7109609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ole32.dll!OleLoadFromStream 75D61E80 5 Bytes JMP 71096A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ole32.dll!CoGetTreatAsClass + D2F 75D7FAE3 4 Bytes JMP 05FC0485
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ole32.dll!CoGetClassObject 75D7FAE8 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb}
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ole32.dll!CoCreateInstance + 3E 75D99F7C 4 Bytes JMP 05FC053F
.text C:\Program Files\Internet Explorer\iexplore.exe[1736] ole32.dll!CoCreateInstanceEx 75D99F81 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb}
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ntdll.dll!NtMapViewOfSection 772F4974 5 Bytes JMP 090E003A
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!ReadProcessMemory + 3E 77031CB3 7 Bytes JMP 090E00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!WriteProcessMemory + 106 77031DBE 7 Bytes JMP 090E0319
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateIoCompletionPort + 52 77059DA6 7 Bytes JMP 090E03CF
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!VirtualAllocEx + 54 7707AF70 7 Bytes JMP 090E0263
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 70F07303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] kernel32.dll!GetProcessHandleCount + 35 770C5D4F 7 Bytes JMP 090E01AD
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 70F42194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!CallNextHookEx 760A8E3B 5 Bytes JMP 70F67BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 70F8EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!EnableWindow 760ACD8B 5 Bytes JMP 70F49A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DefWindowProcA 760ADB88 7 Bytes JMP 70F0952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!CreateWindowExA 760ADC2A 5 Bytes JMP 70F13363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!CreateWindowExW 760B1305 5 Bytes JMP 70F6FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DefWindowProcW 760C03B4 7 Bytes JMP 70F67C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamW 760D10B0 5 Bytes JMP 70EA170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamW 760D2EF5 5 Bytes JMP 710962BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamA 760E8152 5 Bytes JMP 71096259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamA 760E847D 5 Bytes JMP 71096323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectA 760FD4D9 5 Bytes JMP 710961E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectW 760FD5D3 5 Bytes JMP 71096167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExA 760FD639 5 Bytes JMP 71096103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExW 760FD65D 5 Bytes JMP 7109609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ole32.dll!OleLoadFromStream 75D61E80 5 Bytes JMP 71096A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ole32.dll!CoGetTreatAsClass + D2F 75D7FAE3 7 Bytes JMP 090E0485
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] ole32.dll!CoCreateInstance + 3E 75D99F7C 7 Bytes JMP 090E053F
.text C:\Program Files\Real\realplayer\update\realsched.exe[4212] kernel32.dll!SetUnhandledExceptionFilter 7705A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 70F07303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateDialogParamW 760A72A2 5 Bytes JMP 71096628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!GetAsyncKeyState 760A863C 5 Bytes JMP 70EEDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 70F42194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CallNextHookEx 760A8E3B 5 Bytes JMP 70F67BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 70F8EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!EnableWindow 760ACD8B 5 Bytes JMP 70F49A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DefWindowProcA 760ADB88 7 Bytes JMP 70F0952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateWindowExA 760ADC2A 5 Bytes JMP 70F13363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateWindowExW 760B1305 5 Bytes JMP 70F6FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!GetKeyState 760B8CB1 5 Bytes JMP 70EEDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DefWindowProcW 760C03B4 7 Bytes JMP 70F67C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!IsDialogMessageW 760C0745 5 Bytes JMP 71096D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateDialogParamA 760C17AA 5 Bytes JMP 710965F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!IsDialogMessage 760C1847 2 Bytes JMP 71096D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!IsDialogMessage + 3 760C184A 2 Bytes [FD, FA] {STD ; CLI }
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateDialogIndirectParamA 760C26F1 5 Bytes JMP 71096660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!CreateDialogIndirectParamW 760C9A62 5 Bytes JMP 71096698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!SetKeyboardState 760D0987 5 Bytes JMP 71097649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DialogBoxParamW 760D10B0 5 Bytes JMP 70EA170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DialogBoxIndirectParamW 760D2EF5 5 Bytes JMP 710962BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!SendInput 760D2F75 5 Bytes JMP 710975F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!EndDialog 760D326E 5 Bytes JMP 7109702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!SetCursorPos 760E6FB2 5 Bytes JMP 710976CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DialogBoxParamA 760E8152 5 Bytes JMP 71096259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!DialogBoxIndirectParamA 760E847D 5 Bytes JMP 71096323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!MessageBoxIndirectA 760FD4D9 5 Bytes JMP 710961E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!MessageBoxIndirectW 760FD5D3 5 Bytes JMP 71096167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!MessageBoxExA 760FD639 5 Bytes JMP 71096103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!MessageBoxExW 760FD65D 5 Bytes JMP 7109609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] USER32.dll!keybd_event 760FD972 5 Bytes JMP 710975AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] SHELL32.dll!SHRestricted + D95 761C89A8 4 Bytes [CF, 01, 75, 70] {IRET ; ADD [EBP+0x70], ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] SHELL32.dll!SHRestricted + D9D 761C89B0 8 Bytes [E0, 61, 74, 70, 79, F7, 74, ...] {LOOPNZ 0x63; JZ 0x74; JNS 0xfffffffffffffffd; JZ 0x78}
.text C:\Program Files\Internet Explorer\iexplore.exe[4732] ole32.dll!OleLoadFromStream 75D61E80 5 Bytes JMP 71096A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!EnableWindow 760ACD8B 5 Bytes JMP 70F49A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!DialogBoxParamW 760D10B0 5 Bytes JMP 70EA170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!DialogBoxIndirectParamW 760D2EF5 5 Bytes JMP 710962BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!DialogBoxParamA 760E8152 5 Bytes JMP 71096259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!DialogBoxIndirectParamA 760E847D 5 Bytes JMP 71096323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!MessageBoxIndirectA 760FD4D9 5 Bytes JMP 710961E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!MessageBoxIndirectW 760FD5D3 5 Bytes JMP 71096167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!MessageBoxExA 760FD639 5 Bytes JMP 71096103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4940] USER32.dll!MessageBoxExW 760FD65D 5 Bytes JMP 7109609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C52 2 Bytes [B0, 00] {MOV AL, 0x0}
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C56 2 Bytes [AE, 00]
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C5A 2 Bytes [B0, 00] {MOV AL, 0x0}
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C5E 2 Bytes [AE, 00]
.text C:\ProgramData\wfZuAOhqd8nOFh.exe[5316] explorer.exe 040D1C62 2 Bytes [AE, 00]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)

---- Files - GMER 1.0.15 ----

ADS C:\Users\ralph\AppData\Local\Temp:winupd.exe 131072 bytes executable

---- EOF - GMER 1.0.15 ----

04:05:52.0241 5804 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
04:05:52.0678 5804 ============================================================
04:05:52.0678 5804 Current date / time: 2012/01/04 04:05:52.0678
04:05:52.0678 5804 SystemInfo:
04:05:52.0678 5804
04:05:52.0678 5804 OS Version: 6.0.6002 ServicePack: 2.0
04:05:52.0678 5804 Product type: Workstation
04:05:52.0678 5804 ComputerName: RALPH-PC
04:05:52.0678 5804 UserName: ralph
04:05:52.0678 5804 Windows directory: C:\Windows
04:05:52.0678 5804 System windows directory: C:\Windows
04:05:52.0678 5804 Processor architecture: Intel x86
04:05:52.0678 5804 Number of processors: 2
04:05:52.0678 5804 Page size: 0x1000
04:05:52.0678 5804 Boot type: Normal boot
04:05:52.0678 5804 ============================================================
04:05:53.0692 5804 Initialize success
04:06:16.0468 0156 ============================================================
04:06:16.0468 0156 Scan started
04:06:16.0468 0156 Mode: Manual; SigCheck; TDLFS;
04:06:16.0468 0156 ============================================================
04:06:16.0858 0156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:06:16.0967 0156 ACPI - ok
04:06:17.0014 0156 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:06:17.0029 0156 adp94xx - ok
04:06:17.0060 0156 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:06:17.0076 0156 adpahci - ok
04:06:17.0154 0156 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:06:17.0170 0156 adpu160m - ok
04:06:17.0216 0156 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:06:17.0232 0156 adpu320 - ok
04:06:17.0341 0156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:06:17.0388 0156 AFD - ok
04:06:17.0466 0156 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:06:17.0482 0156 agp440 - ok
04:06:17.0528 0156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:06:17.0544 0156 aic78xx - ok
04:06:17.0575 0156 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:06:17.0591 0156 aliide - ok
04:06:17.0669 0156 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:06:17.0684 0156 amdagp - ok
04:06:17.0700 0156 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:06:17.0731 0156 amdide - ok
04:06:17.0762 0156 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:06:17.0825 0156 AmdK7 - ok
04:06:17.0856 0156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:06:17.0903 0156 AmdK8 - ok
04:06:17.0996 0156 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:06:18.0012 0156 arc - ok
04:06:18.0059 0156 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:06:18.0074 0156 arcsas - ok
04:06:18.0121 0156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:06:18.0152 0156 AsyncMac - ok
04:06:18.0230 0156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:06:18.0246 0156 atapi - ok
04:06:18.0386 0156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:06:18.0433 0156 Beep - ok
04:06:18.0589 0156 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
04:06:18.0652 0156 BHDrvx86 - ok
04:06:18.0714 0156 blbdrive - ok
04:06:18.0776 0156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:06:18.0792 0156 bowser - ok
04:06:18.0870 0156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:06:18.0901 0156 BrFiltLo - ok
04:06:18.0932 0156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:06:18.0948 0156 BrFiltUp - ok
04:06:18.0995 0156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:06:19.0057 0156 Brserid - ok
04:06:19.0073 0156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:06:19.0120 0156 BrSerWdm - ok
04:06:19.0151 0156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:06:19.0198 0156 BrUsbMdm - ok
04:06:19.0276 0156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:06:19.0338 0156 BrUsbSer - ok
04:06:19.0369 0156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:06:19.0432 0156 BTHMODEM - ok
04:06:19.0525 0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:06:19.0556 0156 cdfs - ok
04:06:19.0588 0156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:06:19.0619 0156 cdrom - ok
04:06:19.0666 0156 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:06:19.0728 0156 circlass - ok
04:06:19.0790 0156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:06:19.0822 0156 CLFS - ok
04:06:19.0884 0156 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:06:19.0900 0156 cmdide - ok
04:06:19.0946 0156 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:06:19.0962 0156 Compbatt - ok
04:06:19.0993 0156 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:06:20.0009 0156 crcdisk - ok
04:06:20.0040 0156 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:06:20.0087 0156 Crusoe - ok
04:06:20.0165 0156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:06:20.0196 0156 DfsC - ok
04:06:20.0274 0156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:06:20.0290 0156 disk - ok
04:06:20.0352 0156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:06:20.0383 0156 drmkaud - ok
04:06:20.0430 0156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:06:20.0461 0156 DXGKrnl - ok
04:06:20.0555 0156 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:06:20.0617 0156 E1G60 - ok
04:06:20.0664 0156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:06:20.0695 0156 Ecache - ok
04:06:20.0773 0156 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:06:20.0820 0156 eeCtrl - ok
04:06:20.0929 0156 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:06:20.0960 0156 elxstor - ok
04:06:21.0054 0156 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:06:21.0070 0156 EraserUtilRebootDrv - ok
04:06:21.0194 0156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:06:21.0210 0156 exfat - ok
04:06:21.0241 0156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:06:21.0272 0156 fastfat - ok
04:06:21.0319 0156 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:06:21.0382 0156 fdc - ok
04:06:21.0475 0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:06:21.0491 0156 FileInfo - ok
04:06:21.0522 0156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:06:21.0584 0156 Filetrace - ok
04:06:21.0631 0156 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:06:21.0694 0156 flpydisk - ok
04:06:21.0772 0156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:06:21.0787 0156 FltMgr - ok
04:06:21.0850 0156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:06:21.0881 0156 Fs_Rec - ok
04:06:21.0959 0156 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:06:21.0974 0156 gagp30kx - ok
04:06:22.0021 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:06:22.0052 0156 GEARAspiWDM - ok
04:06:22.0130 0156 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
04:06:22.0162 0156 grmnusb - ok
04:06:22.0286 0156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:06:22.0364 0156 HdAudAddService - ok
04:06:22.0411 0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:06:22.0442 0156 HDAudBus - ok
04:06:22.0536 0156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:06:22.0598 0156 HidBth - ok
04:06:22.0614 0156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:06:22.0676 0156 HidIr - ok
04:06:22.0723 0156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:06:22.0754 0156 HidUsb - ok
04:06:22.0786 0156 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:06:22.0801 0156 HpCISSs - ok
04:06:22.0895 0156 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:06:22.0910 0156 HTTP - ok
04:06:22.0942 0156 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:06:22.0957 0156 i2omp - ok
04:06:23.0066 0156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:06:23.0113 0156 i8042prt - ok
04:06:23.0160 0156 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:06:23.0176 0156 iaStorV - ok
04:06:23.0269 0156 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys
04:06:23.0300 0156 IDSVix86 - ok
04:06:23.0378 0156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:06:23.0394 0156 iirsp - ok
04:06:23.0488 0156 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
04:06:23.0503 0156 int15 - ok
04:06:23.0644 0156 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
04:06:23.0722 0156 IntcAzAudAddService - ok
04:06:23.0815 0156 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:06:23.0831 0156 intelide - ok
04:06:23.0862 0156 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
04:06:23.0940 0156 intelppm - ok
04:06:24.0034 0156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:06:24.0080 0156 IpFilterDriver - ok
04:06:24.0096 0156 IpInIp - ok
04:06:24.0143 0156 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:06:24.0205 0156 IPMIDRV - ok
04:06:24.0252 0156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:06:24.0283 0156 IPNAT - ok
04:06:24.0392 0156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:06:24.0424 0156 IRENUM - ok
04:06:24.0455 0156 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:06:24.0470 0156 isapnp - ok
04:06:24.0517 0156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:06:24.0533 0156 iScsiPrt - ok
04:06:24.0611 0156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:06:24.0626 0156 iteatapi - ok
04:06:24.0673 0156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:06:24.0704 0156 iteraid - ok
04:06:24.0736 0156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:06:24.0767 0156 kbdclass - ok
04:06:24.0845 0156 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:06:24.0876 0156 kbdhid - ok
04:06:24.0907 0156 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:06:24.0938 0156 KSecDD - ok
04:06:25.0032 0156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:06:25.0063 0156 lltdio - ok
04:06:25.0172 0156 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:06:25.0188 0156 LSI_FC - ok
04:06:25.0219 0156 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:06:25.0235 0156 LSI_SAS - ok
04:06:25.0250 0156 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:06:25.0266 0156 LSI_SCSI - ok
04:06:25.0313 0156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:06:25.0344 0156 luafv - ok
04:06:25.0438 0156 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
04:06:25.0438 0156 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
04:06:25.0438 0156 MCSTRM - detected UnsignedFile.Multi.Generic (1)
04:06:25.0484 0156 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:06:25.0484 0156 megasas - ok
04:06:25.0531 0156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:06:25.0578 0156 Modem - ok
04:06:25.0656 0156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:06:25.0703 0156 monitor - ok
04:06:25.0734 0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:06:25.0750 0156 mouclass - ok
04:06:25.0828 0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:06:25.0859 0156 mouhid - ok
04:06:25.0890 0156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:06:25.0906 0156 MountMgr - ok
04:06:25.0968 0156 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:06:25.0984 0156 mpio - ok
04:06:26.0046 0156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:06:26.0077 0156 mpsdrv - ok
04:06:26.0108 0156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:06:26.0124 0156 Mraid35x - ok
04:06:26.0186 0156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:06:26.0218 0156 MRxDAV - ok
04:06:26.0280 0156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:06:26.0311 0156 mrxsmb - ok
04:06:26.0374 0156 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:06:26.0389 0156 mrxsmb10 - ok
04:06:26.0452 0156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:06:26.0483 0156 mrxsmb20 - ok
04:06:26.0530 0156 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:06:26.0545 0156 msahci - ok
04:06:26.0576 0156 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:06:26.0592 0156 msdsm - ok
04:06:26.0654 0156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:06:26.0686 0156 Msfs - ok
04:06:26.0748 0156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:06:26.0764 0156 msisadrv - ok
04:06:26.0842 0156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:06:26.0888 0156 MSKSSRV - ok
04:06:26.0935 0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:06:26.0982 0156 MSPCLOCK - ok
04:06:27.0029 0156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:06:27.0060 0156 MSPQM - ok
04:06:27.0138 0156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:06:27.0154 0156 MsRPC - ok
04:06:27.0185 0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:06:27.0200 0156 mssmbios - ok
04:06:27.0232 0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:06:27.0263 0156 MSTEE - ok
04:06:27.0310 0156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:06:27.0325 0156 Mup - ok
04:06:27.0419 0156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:06:27.0450 0156 NativeWifiP - ok
04:06:27.0559 0156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVENG.SYS
04:06:27.0575 0156 NAVENG - ok
04:06:27.0637 0156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVEX15.SYS
04:06:27.0684 0156 NAVEX15 - ok
04:06:27.0793 0156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:06:27.0824 0156 NDIS - ok
04:06:27.0871 0156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:06:27.0902 0156 NdisTapi - ok
04:06:27.0980 0156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:06:28.0012 0156 Ndisuio - ok
04:06:28.0058 0156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:06:28.0090 0156 NdisWan - ok
04:06:28.0121 0156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:06:28.0152 0156 NDProxy - ok
04:06:28.0246 0156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:06:28.0277 0156 NetBIOS - ok
04:06:28.0324 0156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:06:28.0370 0156 netbt - ok
04:06:28.0417 0156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:06:28.0433 0156 nfrd960 - ok
04:06:28.0526 0156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:06:28.0558 0156 Npfs - ok
04:06:28.0604 0156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:06:28.0636 0156 nsiproxy - ok
04:06:28.0698 0156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:06:28.0745 0156 Ntfs - ok
04:06:28.0823 0156 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:06:28.0838 0156 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
04:06:28.0838 0156 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
04:06:28.0870 0156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:06:28.0916 0156 ntrigdigi - ok
04:06:28.0948 0156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:06:28.0994 0156 Null - ok
04:06:29.0306 0156 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:06:29.0556 0156 nvlddmkm - ok
04:06:29.0650 0156 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:06:29.0665 0156 nvraid - ok
04:06:29.0712 0156 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
04:06:29.0728 0156 nvstor - ok
04:06:29.0759 0156 nvstor32 (86b1b96806829066982ed67b7aba74ef) C:\Windows\system32\drivers\nvstor32.sys
04:06:29.0774 0156 nvstor32 - ok
04:06:29.0868 0156 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:06:29.0884 0156 nv_agp - ok
04:06:29.0899 0156 NwlnkFlt - ok
04:06:29.0915 0156 NwlnkFwd - ok
04:06:29.0962 0156 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:06:29.0993 0156 ohci1394 - ok
04:06:30.0149 0156 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
04:06:30.0180 0156 Parport - ok
04:06:30.0196 0156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:06:30.0227 0156 partmgr - ok
04:06:30.0242 0156 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
04:06:30.0274 0156 Parvdm - ok
04:06:30.0320 0156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:06:30.0336 0156 pci - ok
04:06:30.0414 0156 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:06:30.0430 0156 pciide - ok
04:06:30.0476 0156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:06:30.0492 0156 pcmcia - ok
04:06:30.0601 0156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:06:30.0679 0156 PEAUTH - ok
04:06:30.0773 0156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:06:30.0804 0156 PptpMiniport - ok
04:06:30.0835 0156 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:06:30.0898 0156 Processor - ok
04:06:30.0991 0156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:06:31.0022 0156 PSched - ok
04:06:31.0054 0156 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
04:06:31.0054 0156 PSDFilter ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0054 0156 PSDFilter - detected UnsignedFile.Multi.Generic (1)
04:06:31.0069 0156 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
04:06:31.0085 0156 PSDNServ ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0085 0156 PSDNServ - detected UnsignedFile.Multi.Generic (1)
04:06:31.0116 0156 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
04:06:31.0116 0156 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0116 0156 psdvdisk - detected UnsignedFile.Multi.Generic (1)
04:06:31.0256 0156 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:06:31.0288 0156 ql2300 - ok
04:06:31.0319 0156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:06:31.0350 0156 ql40xx - ok
04:06:31.0412 0156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:06:31.0428 0156 QWAVEdrv - ok
04:06:31.0490 0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:06:31.0522 0156 RasAcd - ok
04:06:31.0568 0156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:06:31.0615 0156 Rasl2tp - ok
04:06:31.0662 0156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:06:31.0693 0156 RasPppoe - ok
04:06:31.0740 0156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:06:31.0756 0156 RasSstp - ok
04:06:31.0787 0156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:06:31.0818 0156 rdbss - ok
04:06:31.0849 0156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:06:31.0880 0156 RDPCDD - ok
04:06:31.0943 0156 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:06:32.0005 0156 rdpdr - ok
04:06:32.0052 0156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:06:32.0083 0156 RDPENCDD - ok
04:06:32.0114 0156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:06:32.0146 0156 RDPWD - ok
04:06:32.0239 0156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:06:32.0270 0156 rspndr - ok
04:06:32.0348 0156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:06:32.0364 0156 sbp2port - ok
04:06:32.0411 0156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:06:32.0473 0156 secdrv - ok
04:06:32.0536 0156 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
04:06:32.0582 0156 Serenum - ok
04:06:32.0645 0156 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
04:06:32.0676 0156 Serial - ok
04:06:32.0707 0156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:06:32.0738 0156 sermouse - ok
04:06:32.0832 0156 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:06:32.0879 0156 sffdisk - ok
04:06:32.0926 0156 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:06:32.0988 0156 sffp_mmc - ok
04:06:33.0004 0156 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:06:33.0066 0156 sffp_sd - ok
04:06:33.0113 0156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:06:33.0160 0156 sfloppy - ok
04:06:33.0206 0156 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:06:33.0222 0156 sisagp - ok
04:06:33.0284 0156 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:06:33.0284 0156 SiSRaid2 - ok
04:06:33.0347 0156 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:06:33.0362 0156 SiSRaid4 - ok
04:06:33.0440 0156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:06:33.0472 0156 Smb - ok
04:06:33.0565 0156 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
04:06:33.0643 0156 smserial - ok
04:06:33.0721 0156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:06:33.0737 0156 spldr - ok
04:06:33.0846 0156 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
04:06:33.0893 0156 SRTSP - ok
04:06:33.0971 0156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
04:06:33.0986 0156 SRTSPX - ok
04:06:34.0049 0156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:06:34.0080 0156 srv - ok
04:06:34.0111 0156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:06:34.0127 0156 srv2 - ok
04:06:34.0174 0156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:06:34.0189 0156 srvnet - ok
04:06:34.0283 0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:06:34.0298 0156 swenum - ok
04:06:34.0330 0156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:06:34.0345 0156 Symc8xx - ok
04:06:34.0423 0156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
04:06:34.0454 0156 SymDS - ok
04:06:34.0532 0156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
04:06:34.0564 0156 SymEFA - ok
04:06:34.0610 0156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:06:34.0626 0156 SymEvent - ok
04:06:34.0688 0156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
04:06:34.0704 0156 SymIRON - ok
04:06:34.0766 0156 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
04:06:34.0813 0156 SYMTDIv - ok
04:06:34.0876 0156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:06:34.0891 0156 Sym_hi - ok
04:06:34.0922 0156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:06:34.0938 0156 Sym_u3 - ok
04:06:35.0047 0156 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:06:35.0094 0156 Tcpip - ok
04:06:35.0141 0156 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:06:35.0203 0156 Tcpip6 - ok
04:06:35.0281 0156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:06:35.0312 0156 tcpipreg - ok
04:06:35.0344 0156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:06:35.0406 0156 TDPIPE - ok
04:06:35.0437 0156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:06:35.0500 0156 TDTCP - ok
04:06:35.0562 0156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:06:35.0593 0156 tdx - ok
04:06:35.0640 0156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:06:35.0656 0156 TermDD - ok
04:06:35.0687 0156 TfFsMon - ok
04:06:35.0702 0156 TfNetMon - ok
04:06:35.0718 0156 TFSysMon - ok
04:06:35.0796 0156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:06:35.0843 0156 tssecsrv - ok
04:06:35.0905 0156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:06:35.0921 0156 tunmp - ok
04:06:35.0983 0156 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:06:35.0999 0156 tunnel - ok
04:06:36.0030 0156 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:06:36.0046 0156 uagp35 - ok
04:06:36.0077 0156 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
04:06:36.0092 0156 UBHelper ( UnsignedFile.Multi.Generic ) - warning
04:06:36.0092 0156 UBHelper - detected UnsignedFile.Multi.Generic (1)
04:06:36.0139 0156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:06:36.0170 0156 udfs - ok
04:06:36.0264 0156 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:06:36.0280 0156 uliagpkx - ok
04:06:36.0311 0156 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:06:36.0326 0156 uliahci - ok
04:06:36.0373 0156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:06:36.0389 0156 UlSata - ok
04:06:36.0436 0156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:06:36.0451 0156 ulsata2 - ok
04:06:36.0498 0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:06:36.0529 0156 umbus - ok
04:06:36.0592 0156 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
04:06:36.0623 0156 USBAAPL - ok
04:06:36.0670 0156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:06:36.0701 0156 usbccgp - ok
04:06:36.0779 0156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:06:36.0841 0156 usbcir - ok
04:06:36.0904 0156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:06:36.0935 0156 usbehci - ok
04:06:36.0997 0156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:06:37.0028 0156 usbhub - ok
04:06:37.0044 0156 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:06:37.0075 0156 usbohci - ok
04:06:37.0106 0156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:06:37.0153 0156 usbprint - ok
04:06:37.0200 0156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:06:37.0231 0156 USBSTOR - ok
04:06:37.0278 0156 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:06:37.0325 0156 usbuhci - ok
04:06:37.0387 0156 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:06:37.0450 0156 vga - ok
04:06:37.0512 0156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:06:37.0543 0156 VgaSave - ok
04:06:37.0606 0156 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:06:37.0621 0156 viaagp - ok
04:06:37.0652 0156 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:06:37.0762 0156 ViaC7 - ok
04:06:37.0793 0156 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:06:37.0808 0156 viaide - ok
04:06:37.0855 0156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:06:37.0871 0156 volmgr - ok
04:06:37.0933 0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:06:37.0949 0156 volmgrx - ok
04:06:37.0996 0156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:06:38.0027 0156 volsnap - ok
04:06:38.0074 0156 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:06:38.0074 0156 vsmraid - ok
04:06:38.0152 0156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:06:38.0214 0156 WacomPen - ok
04:06:38.0261 0156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:38.0276 0156 Wanarp - ok
04:06:38.0292 0156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:38.0323 0156 Wanarpv6 - ok
04:06:38.0386 0156 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:06:38.0401 0156 Wd - ok
04:06:38.0464 0156 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:06:38.0510 0156 Wdf01000 - ok
04:06:38.0635 0156 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
04:06:38.0651 0156 winusb - ok
04:06:38.0713 0156 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:06:38.0791 0156 WmiAcpi - ok
04:06:38.0885 0156 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:06:38.0900 0156 WpdUsb - ok
04:06:38.0978 0156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:06:39.0025 0156 ws2ifsl - ok
04:06:39.0103 0156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:06:39.0134 0156 WUDFRd - ok
04:06:39.0197 0156 yukonwlh (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
04:06:39.0212 0156 yukonwlh - ok
04:06:39.0244 0156 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
04:06:40.0024 0156 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:06:40.0024 0156 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:06:40.0039 0156 Boot (0x1200) (00a9e8c88f9f5fdaf0e8cf9a0bc77c3a) \Device\Harddisk0\DR0\Partition0
04:06:40.0055 0156 \Device\Harddisk0\DR0\Partition0 - ok
04:06:40.0070 0156 Boot (0x1200) (605606dbbe9c474e340602688b9993ae) \Device\Harddisk0\DR0\Partition1
04:06:40.0070 0156 \Device\Harddisk0\DR0\Partition1 - ok
04:06:40.0070 0156 ============================================================
04:06:40.0070 0156 Scan finished
04:06:40.0070 0156 ============================================================
04:06:40.0102 1888 Detected object count: 7
04:06:40.0102 1888 Actual detected object count: 7
04:06:45.0452 1888 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0452 1888 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0452 1888 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0452 1888 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0484 1888 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0484 1888 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0484 1888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:06:45.0484 1888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:07:18.0618 5584 ============================================================
04:07:18.0618 5584 Scan started
04:07:18.0618 5584 Mode: Manual; SigCheck; TDLFS;
04:07:18.0618 5584 ============================================================
04:07:18.0930 5584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:07:18.0961 5584 ACPI - ok
04:07:19.0008 5584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:07:19.0024 5584 adp94xx - ok
04:07:19.0055 5584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:07:19.0086 5584 adpahci - ok
04:07:19.0164 5584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:07:19.0180 5584 adpu160m - ok
04:07:19.0211 5584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:07:19.0226 5584 adpu320 - ok
04:07:19.0289 5584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:07:19.0304 5584 AFD - ok
04:07:19.0351 5584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:07:19.0367 5584 agp440 - ok
04:07:19.0429 5584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:07:19.0445 5584 aic78xx - ok
04:07:19.0476 5584 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:07:19.0492 5584 aliide - ok
04:07:19.0523 5584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:07:19.0538 5584 amdagp - ok
04:07:19.0585 5584 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:07:19.0601 5584 amdide - ok
04:07:19.0632 5584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:07:19.0694 5584 AmdK7 - ok
04:07:19.0757 5584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:07:19.0804 5584 AmdK8 - ok
04:07:19.0835 5584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:07:19.0850 5584 arc - ok
04:07:19.0882 5584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:07:19.0897 5584 arcsas - ok
04:07:19.0960 5584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:07:19.0991 5584 AsyncMac - ok
04:07:20.0053 5584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:07:20.0069 5584 atapi - ok
04:07:20.0131 5584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:07:20.0162 5584 Beep - ok
04:07:20.0287 5584 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
04:07:20.0318 5584 BHDrvx86 - ok
04:07:20.0396 5584 blbdrive - ok
04:07:20.0428 5584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:07:20.0459 5584 bowser - ok
04:07:20.0474 5584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:07:20.0506 5584 BrFiltLo - ok
04:07:20.0521 5584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:07:20.0552 5584 BrFiltUp - ok
04:07:20.0615 5584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:07:20.0662 5584 Brserid - ok
04:07:20.0724 5584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:07:20.0786 5584 BrSerWdm - ok
04:07:20.0802 5584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:07:20.0864 5584 BrUsbMdm - ok
04:07:20.0911 5584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:07:20.0958 5584 BrUsbSer - ok
04:07:21.0020 5584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:07:21.0083 5584 BTHMODEM - ok
04:07:21.0161 5584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:07:21.0192 5584 cdfs - ok
04:07:21.0223 5584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:07:21.0254 5584 cdrom - ok
04:07:21.0317 5584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:07:21.0364 5584 circlass - ok
04:07:21.0410 5584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:07:21.0426 5584 CLFS - ok
04:07:21.0504 5584 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:07:21.0520 5584 cmdide - ok
04:07:21.0566 5584 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:07:21.0582 5584 Compbatt - ok
04:07:21.0613 5584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:07:21.0629 5584 crcdisk - ok
04:07:21.0644 5584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:07:21.0707 5584 Crusoe - ok
04:07:21.0785 5584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:07:21.0800 5584 DfsC - ok
04:07:21.0878 5584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:07:21.0894 5584 disk - ok
04:07:21.0956 5584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:07:21.0973 5584 drmkaud - ok
04:07:22.0035 5584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:07:22.0067 5584 DXGKrnl - ok
04:07:22.0129 5584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:07:22.0191 5584 E1G60 - ok
04:07:22.0269 5584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:07:22.0285 5584 Ecache - ok
04:07:22.0425 5584 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:07:22.0457 5584 eeCtrl - ok
04:07:22.0597 5584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:07:22.0613 5584 elxstor - ok
04:07:22.0753 5584 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:07:22.0769 5584 EraserUtilRebootDrv - ok
04:07:22.0878 5584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:07:22.0893 5584 exfat - ok
04:07:22.0925 5584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:07:22.0956 5584 fastfat - ok
04:07:22.0987 5584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:07:23.0050 5584 fdc - ok
04:07:23.0144 5584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:07:23.0175 5584 FileInfo - ok
04:07:23.0206 5584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:07:23.0253 5584 Filetrace - ok
04:07:23.0316 5584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:07:23.0378 5584 flpydisk - ok
04:07:23.0440 5584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:07:23.0456 5584 FltMgr - ok
04:07:23.0503 5584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:07:23.0534 5584 Fs_Rec - ok
04:07:23.0581 5584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:07:23.0596 5584 gagp30kx - ok
04:07:23.0659 5584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:07:23.0674 5584 GEARAspiWDM - ok
04:07:23.0706 5584 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
04:07:23.0721 5584 grmnusb - ok
04:07:23.0799 5584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:07:23.0862 5584 HdAudAddService - ok
04:07:23.0940 5584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:07:23.0971 5584 HDAudBus - ok
04:07:24.0033 5584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:07:24.0080 5584 HidBth - ok
04:07:24.0111 5584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:07:24.0174 5584 HidIr - ok
04:07:24.0236 5584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:07:24.0252 5584 HidUsb - ok
04:07:24.0283 5584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:07:24.0298 5584 HpCISSs - ok
04:07:24.0376 5584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:07:24.0392 5584 HTTP - ok
04:07:24.0454 5584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:07:24.0470 5584 i2omp - ok
04:07:24.0532 5584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:07:24.0548 5584 i8042prt - ok
04:07:24.0579 5584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:07:24.0610 5584 iaStorV - ok
04:07:24.0704 5584 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys
04:07:24.0720 5584 IDSVix86 - ok
04:07:24.0813 5584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:07:24.0829 5584 iirsp - ok
04:07:24.0922 5584 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
04:07:24.0938 5584 int15 - ok
04:07:25.0063 5584 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
04:07:25.0125 5584 IntcAzAudAddService - ok
04:07:25.0219 5584 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:07:25.0234 5584 intelide - ok
04:07:25.0266 5584 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
04:07:25.0312 5584 intelppm - ok
04:07:25.0375 5584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:07:25.0406 5584 IpFilterDriver - ok
04:07:25.0484 5584 IpInIp - ok
04:07:25.0531 5584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:07:25.0593 5584 IPMIDRV - ok
04:07:25.0624 5584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:07:25.0671 5584 IPNAT - ok
04:07:25.0765 5584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:07:25.0796 5584 IRENUM - ok
04:07:25.0827 5584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:07:25.0843 5584 isapnp - ok
04:07:25.0890 5584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:07:25.0905 5584 iScsiPrt - ok
04:07:25.0983 5584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:07:26.0014 5584 iteatapi - ok
04:07:26.0046 5584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:07:26.0061 5584 iteraid - ok
04:07:26.0108 5584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:07:26.0124 5584 kbdclass - ok
04:07:26.0186 5584 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:07:26.0233 5584 kbdhid - ok
04:07:26.0295 5584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:07:26.0326 5584 KSecDD - ok
04:07:26.0420 5584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:07:26.0451 5584 lltdio - ok
04:07:26.0560 5584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:07:26.0576 5584 LSI_FC - ok
04:07:26.0592 5584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:07:26.0607 5584 LSI_SAS - ok
04:07:26.0638 5584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:07:26.0654 5584 LSI_SCSI - ok
04:07:26.0685 5584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:07:26.0716 5584 luafv - ok
04:07:26.0810 5584 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
04:07:26.0810 5584 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
04:07:26.0810 5584 MCSTRM - detected UnsignedFile.Multi.Generic (1)
04:07:26.0857 5584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:07:26.0872 5584 megasas - ok
04:07:26.0904 5584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:07:26.0950 5584 Modem - ok
04:07:26.0982 5584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:07:27.0013 5584 monitor - ok
04:07:27.0091 5584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:07:27.0106 5584 mouclass - ok
04:07:27.0138 5584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:07:27.0169 5584 mouhid - ok
04:07:27.0216 5584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:07:27.0231 5584 MountMgr - ok
04:07:27.0309 5584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:07:27.0340 5584 mpio - ok
04:07:27.0372 5584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:07:27.0403 5584 mpsdrv - ok
04:07:27.0450 5584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:07:27.0465 5584 Mraid35x - ok
04:07:27.0543 5584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:07:27.0574 5584 MRxDAV - ok
04:07:27.0606 5584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:07:27.0637 5584 mrxsmb - ok
04:07:27.0668 5584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:07:27.0684 5584 mrxsmb10 - ok
04:07:27.0762 5584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:07:27.0777 5584 mrxsmb20 - ok
04:07:27.0808 5584 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:07:27.0824 5584 msahci - ok
04:07:27.0855 5584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:07:27.0871 5584 msdsm - ok
04:07:27.0918 5584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:07:27.0949 5584 Msfs - ok
04:07:28.0027 5584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:07:28.0042 5584 msisadrv - ok
04:07:28.0074 5584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:07:28.0105 5584 MSKSSRV - ok
04:07:28.0152 5584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:07:28.0183 5584 MSPCLOCK - ok
04:07:28.0198 5584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:07:28.0245 5584 MSPQM - ok
04:07:28.0323 5584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:07:28.0354 5584 MsRPC - ok
04:07:28.0386 5584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:07:28.0401 5584 mssmbios - ok
04:07:28.0432 5584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:07:28.0464 5584 MSTEE - ok
04:07:28.0542 5584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:07:28.0573 5584 Mup - ok
04:07:28.0635 5584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:07:28.0666 5584 NativeWifiP - ok
04:07:28.0760 5584 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVENG.SYS
04:07:28.0776 5584 NAVENG - ok
04:07:28.0854 5584 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVEX15.SYS
04:07:28.0916 5584 NAVEX15 - ok
04:07:29.0025 5584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:07:29.0056 5584 NDIS - ok
04:07:29.0088 5584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:07:29.0119 5584 NdisTapi - ok
04:07:29.0212 5584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:07:29.0244 5584 Ndisuio - ok
04:07:29.0290 5584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:07:29.0322 5584 NdisWan - ok
04:07:29.0368 5584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:07:29.0400 5584 NDProxy - ok
04:07:29.0493 5584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:07:29.0524 5584 NetBIOS - ok
04:07:29.0556 5584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:07:29.0587 5584 netbt - ok
04:07:29.0649 5584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:07:29.0665 5584 nfrd960 - ok
04:07:29.0758 5584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:07:29.0805 5584 Npfs - ok
04:07:29.0852 5584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:07:29.0883 5584 nsiproxy - ok
04:07:29.0930 5584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:07:29.0977 5584 Ntfs - ok
04:07:30.0070 5584 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:07:30.0086 5584 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
04:07:30.0086 5584 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
04:07:30.0102 5584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:07:30.0148 5584 ntrigdigi - ok
04:07:30.0180 5584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:07:30.0226 5584 Null - ok
04:07:30.0429 5584 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:07:30.0632 5584 nvlddmkm - ok
04:07:30.0726 5584 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:07:30.0741 5584 nvraid - ok
04:07:30.0772 5584 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
04:07:30.0804 5584 nvstor - ok
04:07:30.0819 5584 nvstor32 (86b1b96806829066982ed67b7aba74ef) C:\Windows\system32\drivers\nvstor32.sys
04:07:30.0835 5584 nvstor32 - ok
04:07:30.0928 5584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:07:30.0944 5584 nv_agp - ok
04:07:30.0960 5584 NwlnkFlt - ok
04:07:30.0975 5584 NwlnkFwd - ok
04:07:31.0022 5584 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:07:31.0053 5584 ohci1394 - ok
04:07:31.0116 5584 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
04:07:31.0147 5584 Parport - ok
04:07:31.0240 5584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:07:31.0256 5584 partmgr - ok
04:07:31.0272 5584 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
04:07:31.0303 5584 Parvdm - ok
04:07:31.0350 5584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:07:31.0365 5584 pci - ok
04:07:31.0396 5584 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:07:31.0412 5584 pciide - ok
04:07:31.0490 5584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:07:31.0506 5584 pcmcia - ok
04:07:31.0568 5584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:07:31.0646 5584 PEAUTH - ok
04:07:31.0786 5584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:07:31.0818 5584 PptpMiniport - ok
04:07:31.0864 5584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:07:31.0927 5584 Processor - ok
04:07:31.0958 5584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:07:31.0989 5584 PSched - ok
04:07:32.0067 5584 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
04:07:32.0083 5584 PSDFilter ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0083 5584 PSDFilter - detected UnsignedFile.Multi.Generic (1)
04:07:32.0098 5584 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
04:07:32.0114 5584 PSDNServ ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0114 5584 PSDNServ - detected UnsignedFile.Multi.Generic (1)
04:07:32.0130 5584 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
04:07:32.0145 5584 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0145 5584 psdvdisk - detected UnsignedFile.Multi.Generic (1)
04:07:32.0223 5584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:07:32.0254 5584 ql2300 - ok
04:07:32.0332 5584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:07:32.0364 5584 ql40xx - ok
04:07:32.0410 5584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:07:32.0426 5584 QWAVEdrv - ok
04:07:32.0457 5584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:07:32.0504 5584 RasAcd - ok
04:07:32.0582 5584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:07:32.0629 5584 Rasl2tp - ok
04:07:32.0660 5584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:07:32.0691 5584 RasPppoe - ok
04:07:32.0722 5584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:07:32.0738 5584 RasSstp - ok
04:07:32.0832 5584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:07:32.0863 5584 rdbss - ok
04:07:32.0894 5584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:07:32.0925 5584 RDPCDD - ok
04:07:32.0972 5584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:07:33.0034 5584 rdpdr - ok
04:07:33.0112 5584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:07:33.0144 5584 RDPENCDD - ok
04:07:33.0190 5584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:07:33.0222 5584 RDPWD - ok
04:07:33.0300 5584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:07:33.0331 5584 rspndr - ok
04:07:33.0378 5584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:07:33.0393 5584 sbp2port - ok
04:07:33.0487 5584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:07:33.0549 5584 secdrv - ok
04:07:33.0580 5584 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
04:07:33.0627 5584 Serenum - ok
04:07:33.0658 5584 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
04:07:33.0690 5584 Serial - ok
04:07:33.0736 5584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:07:33.0768 5584 sermouse - ok
04:07:33.0877 5584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:07:33.0924 5584 sffdisk - ok
04:07:33.0939 5584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:07:34.0002 5584 sffp_mmc - ok
04:07:34.0033 5584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:07:34.0080 5584 sffp_sd - ok
04:07:34.0126 5584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:07:34.0189 5584 sfloppy - ok
04:07:34.0251 5584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:07:34.0267 5584 sisagp - ok
04:07:34.0314 5584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:07:34.0329 5584 SiSRaid2 - ok
04:07:34.0345 5584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:07:34.0360 5584 SiSRaid4 - ok
04:07:34.0470 5584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:07:34.0516 5584 Smb - ok
04:07:34.0563 5584 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
04:07:34.0641 5584 smserial - ok
04:07:34.0750 5584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:07:34.0766 5584 spldr - ok
04:07:34.0828 5584 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
04:07:34.0860 5584 SRTSP - ok
04:07:34.0938 5584 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
04:07:34.0953 5584 SRTSPX - ok
04:07:34.0984 5584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:07:35.0016 5584 srv - ok
04:07:35.0062 5584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:07:35.0078 5584 srv2 - ok
04:07:35.0140 5584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:07:35.0172 5584 srvnet - ok
04:07:35.0218 5584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:07:35.0234 5584 swenum - ok
04:07:35.0281 5584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:07:35.0296 5584 Symc8xx - ok
04:07:35.0421 5584 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
04:07:35.0452 5584 SymDS - ok
04:07:35.0499 5584 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
04:07:35.0530 5584 SymEFA - ok
04:07:35.0608 5584 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:07:35.0624 5584 SymEvent - ok
04:07:35.0686 5584 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
04:07:35.0718 5584 SymIRON - ok
04:07:35.0796 5584 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
04:07:35.0827 5584 SYMTDIv - ok
04:07:35.0858 5584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:07:35.0874 5584 Sym_hi - ok
04:07:35.0905 5584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:07:35.0920 5584 Sym_u3 - ok
04:07:36.0061 5584 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:07:36.0108 5584 Tcpip - ok
04:07:36.0139 5584 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:07:36.0186 5584 Tcpip6 - ok
04:07:36.0217 5584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:07:36.0232 5584 tcpipreg - ok
04:07:36.0310 5584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:07:36.0357 5584 TDPIPE - ok
04:07:36.0404 5584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:07:36.0435 5584 TDTCP - ok
04:07:36.0482 5584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:07:36.0513 5584 tdx - ok
04:07:36.0576 5584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:07:36.0591 5584 TermDD - ok
04:07:36.0607 5584 TfFsMon - ok
04:07:36.0638 5584 TfNetMon - ok
04:07:36.0654 5584 TFSysMon - ok
04:07:36.0732 5584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:07:36.0763 5584 tssecsrv - ok
04:07:36.0810 5584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:07:36.0825 5584 tunmp - ok
04:07:36.0888 5584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:07:36.0903 5584 tunnel - ok
04:07:36.0934 5584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:07:36.0950 5584 uagp35 - ok
04:07:36.0997 5584 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
04:07:37.0012 5584 UBHelper ( UnsignedFile.Multi.Generic ) - warning
04:07:37.0012 5584 UBHelper - detected UnsignedFile.Multi.Generic (1)
04:07:37.0075 5584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:07:37.0106 5584 udfs - ok
04:07:37.0184 5584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:07:37.0200 5584 uliagpkx - ok
04:07:37.0231 5584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:07:37.0246 5584 uliahci - ok
04:07:37.0309 5584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:07:37.0324 5584 UlSata - ok
04:07:37.0356 5584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:07:37.0371 5584 ulsata2 - ok
04:07:37.0434 5584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:07:37.0480 5584 umbus - ok
04:07:37.0527 5584 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
04:07:37.0543 5584 USBAAPL - ok
04:07:37.0605 5584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:07:37.0636 5584 usbccgp - ok
04:07:37.0683 5584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:07:37.0746 5584 usbcir - ok
04:07:37.0792 5584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:07:37.0808 5584 usbehci - ok
04:07:37.0870 5584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:07:37.0902 5584 usbhub - ok
04:07:37.0948 5584 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:07:37.0980 5584 usbohci - ok
04:07:38.0011 5584 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:07:38.0042 5584 usbprint - ok
04:07:38.0089 5584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:07:38.0120 5584 USBSTOR - ok
04:07:38.0182 5584 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:07:38.0276 5584 usbuhci - ok
04:07:38.0338 5584 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:07:38.0401 5584 vga - ok
04:07:38.0416 5584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:07:38.0448 5584 VgaSave - ok
04:07:38.0526 5584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:07:38.0541 5584 viaagp - ok
04:07:38.0557 5584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:07:38.0619 5584 ViaC7 - ok
04:07:38.0666 5584 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:07:38.0682 5584 viaide - ok
04:07:38.0713 5584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:07:38.0728 5584 volmgr - ok
04:07:38.0791 5584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:07:38.0822 5584 volmgrx - ok
04:07:38.0869 5584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:07:38.0900 5584 volsnap - ok
04:07:38.0962 5584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:07:38.0978 5584 vsmraid - ok
04:07:39.0040 5584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:07:39.0103 5584 WacomPen - ok
04:07:39.0150 5584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:07:39.0181 5584 Wanarp - ok
04:07:39.0196 5584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:07:39.0228 5584 Wanarpv6 - ok
04:07:39.0274 5584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:07:39.0290 5584 Wd - ok
04:07:39.0368 5584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:07:39.0384 5584 Wdf01000 - ok
04:07:39.0524 5584 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
04:07:39.0555 5584 winusb - ok
04:07:39.0633 5584 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:07:39.0680 5584 WmiAcpi - ok
04:07:39.0758 5584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:07:39.0774 5584 WpdUsb - ok
04:07:39.0867 5584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:07:39.0898 5584 ws2ifsl - ok
04:07:39.0961 5584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:07:40.0008 5584 WUDFRd - ok
04:07:40.0054 5584 yukonwlh (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
04:07:40.0086 5584 yukonwlh - ok
04:07:40.0117 5584 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
04:07:40.0866 5584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:07:40.0866 5584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:07:40.0897 5584 Boot (0x1200) (00a9e8c88f9f5fdaf0e8cf9a0bc77c3a) \Device\Harddisk0\DR0\Partition0
04:07:40.0897 5584 \Device\Harddisk0\DR0\Partition0 - ok
04:07:40.0912 5584 Boot (0x1200) (605606dbbe9c474e340602688b9993ae) \Device\Harddisk0\DR0\Partition1
04:07:40.0912 5584 \Device\Harddisk0\DR0\Partition1 - ok
04:07:40.0928 5584 ============================================================
04:07:40.0928 5584 Scan finished
04:07:40.0928 5584 ============================================================
04:07:40.0944 5764 Detected object count: 7
04:07:40.0944 5764 Actual detected object count: 7
04:07:57.0573 5764 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0573 5764 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0573 5764 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0589 5764 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0589 5764 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0604 5764 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0604 5764 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0604 5764 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0604 5764 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0620 5764 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:07:57.0620 5764 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#4 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 11:44 AM

OTL logfile created on: 1/4/2012 11:34:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\ralph\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.98% Memory free
5.71 Gb Paging File | 4.27 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 62.89 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 145.36 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: RALPH-PC | User Name: ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 11:32:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\ralph\Downloads\OTL.exe
PRC - [2011/11/07 09:11:07 | 000,273,528 | -H-- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/07/21 23:07:38 | 000,718,720 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | RH-- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | RH-- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/10/25 20:04:18 | 000,032,849 | -H-- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2010/10/25 20:04:18 | 000,028,762 | -H-- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/01/31 10:01:28 | 000,045,056 | -H-- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/28 19:51:10 | 000,583,048 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/11 16:03:52 | 000,554,616 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/12/08 14:45:32 | 000,045,056 | -H-- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
PRC - [2006/11/17 07:26:58 | 000,453,120 | -H-- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/11/12 20:35:08 | 000,024,576 | -H-- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/11/08 21:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 03:46:38 | 000,089,008 | -H-- | M] () -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
MOD - [2011/10/13 02:36:16 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:35:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:34:16 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:33:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
MOD - [2006/11/16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (Spooler)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/03 19:52:00 | 003,410,576 | RH-- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/10/25 20:04:18 | 000,028,762 | -H-- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/01/31 10:01:28 | 000,045,056 | -H-- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/11/28 19:51:10 | 000,583,048 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/05/11 16:03:52 | 002,983,544 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/05/11 16:03:52 | 000,554,616 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/12/08 14:45:32 | 000,045,056 | -H-- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/12 20:35:08 | 000,024,576 | -H-- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/29 11:45:41 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/29 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/29 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/29 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/29 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 18:35:30 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/04/10 20:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/06/20 00:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/17 20:08:11 | 000,008,413 | -H-- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/11 12:34:22 | 000,097,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/12/07 17:12:02 | 000,076,584 | -H-- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 7B 2A D9 9F 5D CB 01 [binary data]
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3349613358-871281712-187235305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en&client=firefox-a&rlz=1R0RNFA_en&tab=nw"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\ralph\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ralph\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ralph\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/10/25 20:04:32 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/07 09:12:26 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/04 04:11:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2012/01/04 04:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 11:40:59 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/07 09:13:25 | 000,000,000 | -H-D | M]

[2009/01/10 08:18:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ralph\AppData\Roaming\Mozilla\Extensions
[2011/12/05 07:29:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\extensions
[2010/04/28 17:43:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/05 07:29:03 | 000,000,000 | -H-D | M] (Wincore Mediabar) -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011/06/13 05:01:34 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 12:20:10 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\extensions\searchtoolbar@zugo.com
[2010/09/28 12:20:12 | 000,001,919 | -H-- | M] () -- C:\Users\ralph\AppData\Roaming\Mozilla\Firefox\Profiles\e9xabphw.default\searchplugins\bing-zugo.xml
[2011/11/16 11:46:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/17 18:34:41 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/17 07:32:45 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/27 00:01:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2011/11/16 11:46:26 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 19:53:26 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 19:20:56 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/16 11:46:26 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ralph\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ralph\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ralph\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: TotalRecipeSearch Installer Plugin Stub (Enabled) = C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (ShowToolbar Class) - {2BC57BA4-14FA-4019-9FA8-735BF4555F74} - C:\Program Files\VeriSign\VIPAccessToolbar\VIPToolBar.dll (VeriSign, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (VIP Access Toolbar) - {C951C541-144C-4AE0-AD99-41D008AF19AA} - C:\Program Files\VeriSign\VIPAccessToolbar\VIPToolBar.dll (VeriSign, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3349613358-871281712-187235305-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-3349613358-871281712-187235305-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3349613358-871281712-187235305-1000..\Run: [winupd] C:\Users\ralph\AppData\Local\Temp:winupd.exe File not found
O4 - HKU\S-1-5-21-3349613358-871281712-187235305-1000..\Run: [捁牥吠畯r] File not found
O4 - HKU\S-1-5-21-3349613358-871281712-187235305-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found
O4 - Startup: C:\Users\ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..Trusted Domains: advent.com ([abos1] https in Trusted sites)
O15 - HKU\S-1-5-21-3349613358-871281712-187235305-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.employflorida.com/controls/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: NameServer = 192.168.1.254,68.94.156.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ralph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ralph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3614ac3d-cad1-11dc-a2c0-001921531a2c}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 13:10:31 | 000,000,000 | ---D | C] -- C:\Users\ralph\Desktop\gmer
[2011/12/29 16:12:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ralph\Desktop\dds.scr
[2011/12/29 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\ralph\AppData\Local\CrashDumps
[2011/12/29 15:12:33 | 000,100,864 | ---- | C] (GMER) -- C:\uwdorpoc.sys
[2011/12/29 12:05:41 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\Tific
[2011/12/29 11:51:05 | 000,000,000 | -H-D | C] -- C:\Users\ralph\Documents\Symantec
[2011/12/29 11:45:41 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/29 11:44:34 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/12/29 11:44:34 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/29 11:44:34 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/12/29 11:44:34 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/12/29 11:44:34 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/29 11:44:34 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/12/29 11:44:34 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/29 11:44:08 | 000,000,000 | -H-D | C] -- C:\Windows\System32\drivers\N360
[2011/12/29 11:44:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/12/29 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/12/29 11:44:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/12/29 11:35:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\NortonInstaller
[2011/12/29 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/29 11:32:09 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/12/29 11:32:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton
[2011/12/29 08:49:41 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Local\LogMeIn Rescue Applet
[2011/12/29 08:45:06 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\McAFee TechCheck
[2011/12/29 08:40:09 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Local\Threat Expert
[2011/12/29 08:39:39 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\TechCheck
[2011/12/28 20:18:00 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/28 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/12/28 13:51:09 | 000,185,560 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/12/28 13:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/28 13:45:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP
[2011/12/28 13:45:08 | 000,000,000 | -H-D | C] -- C:\Users\ralph\AppData\Roaming\TestApp
[2011/12/28 13:45:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2011/12/28 13:45:01 | 003,834,832 | -H-- | C] (PC Tools) -- C:\Users\ralph\Desktop\sdsetup_aff.exe
[2011/12/28 13:08:45 | 001,578,288 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\ralph\Desktop\tdsskiller.exe
[2011/12/21 11:19:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/21 11:17:39 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/12/21 11:17:30 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/12/16 03:08:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 03:08:16 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 03:08:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 03:08:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 03:08:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 03:08:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 18:13:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 18:13:19 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 18:13:16 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 18:13:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 18:13:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 18:13:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/13 13:44:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Citrix
[2007/03/20 16:31:59 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006/01/06 23:51:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 11:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 11:28:00 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3349613358-871281712-187235305-1000UA.job
[2012/01/04 11:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 09:40:09 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 09:40:09 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 04:11:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 04:10:38 | 2950,266,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 02:04:17 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3349613358-871281712-187235305-1000Core.job
[2012/01/03 13:09:36 | 000,294,216 | ---- | M] () -- C:\Users\ralph\Desktop\gmer.zip
[2011/12/29 15:15:40 | 000,000,331 | -H-- | M] () -- C:\Users\ralph\Desktop\ivounz7z - Shortcut.lnk
[2011/12/29 15:12:33 | 000,100,864 | ---- | M] (GMER) -- C:\uwdorpoc.sys
[2011/12/29 15:10:26 | 000,000,629 | -H-- | M] () -- C:\Users\ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/29 15:09:17 | 000,000,852 | -H-- | M] () -- C:\Users\ralph\Desktop\Norton Installation Files.lnk
[2011/12/29 15:07:20 | 000,302,592 | ---- | M] () -- C:\Users\ralph\Desktop\ivounz7z.exe
[2011/12/29 14:34:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ralph\Desktop\dds.scr
[2011/12/29 14:27:53 | 000,000,000 | -H-- | M] () -- C:\Users\ralph\defogger_reenable
[2011/12/29 14:26:30 | 000,620,130 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 14:26:29 | 000,004,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/29 11:49:23 | 002,427,430 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/29 11:45:42 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~wfZuAOhqd8nOFh
[2011/12/29 11:45:42 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~wfZuAOhqd8nOFhr
[2011/12/29 11:45:41 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/29 11:45:41 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/29 11:45:41 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/29 11:45:23 | 000,000,408 | -H-- | M] () -- C:\ProgramData\wfZuAOhqd8nOFh
[2011/12/29 07:52:24 | 000,001,356 | -H-- | M] () -- C:\Users\ralph\AppData\Local\d3d9caps.dat
[2011/12/28 20:18:00 | 000,000,605 | -H-- | M] () -- C:\Users\ralph\Desktop\System Fix.lnk
[2011/12/28 15:18:50 | 003,150,774 | -H-- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/28 13:57:55 | 000,414,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 13:45:42 | 003,834,832 | -H-- | M] (PC Tools) -- C:\Users\ralph\Desktop\sdsetup_aff.exe
[2011/12/28 13:09:10 | 001,578,288 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\ralph\Desktop\tdsskiller.exe
[2011/12/28 12:55:57 | 000,000,301 | -H-- | M] () -- C:\Users\ralph\Desktop\iExplore - Shortcut.lnk
[2011/12/28 12:50:46 | 001,008,141 | -H-- | M] () -- C:\Users\ralph\Desktop\rkill.com
[2011/12/27 17:46:03 | 000,356,608 | -H-- | M] () -- C:\ProgramData\wfZuAOhqd8nOFh.exe
[2011/12/27 17:40:08 | 292,445,628 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/27 17:05:50 | 000,001,934 | -H-- | M] () -- C:\Users\ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/12/27 17:05:46 | 000,002,645 | -H-- | M] () -- C:\Users\ralph\Desktop\Microsoft Word 2010.lnk
[2011/12/27 17:05:46 | 000,002,597 | -H-- | M] () -- C:\Users\ralph\Desktop\Microsoft PowerPoint 2010.lnk
[2011/12/27 17:05:46 | 000,001,776 | -H-- | M] () -- C:\Users\ralph\Desktop\Smilebox.lnk
[2011/12/27 17:05:45 | 000,002,645 | -H-- | M] () -- C:\Users\ralph\Desktop\Microsoft Outlook 2010.lnk
[2011/12/27 17:05:45 | 000,002,607 | -H-- | M] () -- C:\Users\ralph\Desktop\Microsoft Excel 2010.lnk
[2011/12/27 17:05:45 | 000,002,052 | -H-- | M] () -- C:\Users\ralph\Desktop\GoToMeeting Quick Connect.lnk
[2011/12/27 17:05:45 | 000,002,046 | -H-- | M] () -- C:\Users\ralph\Desktop\Google Chrome.lnk
[2011/12/27 17:05:45 | 000,001,943 | -H-- | M] () -- C:\Users\ralph\Desktop\Hoyle Casino 2006.lnk
[2011/12/27 17:05:45 | 000,001,807 | -H-- | M] () -- C:\Users\ralph\Desktop\Internet Explorer.lnk
[2011/12/16 10:35:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/13 13:43:58 | 000,060,304 | -H-- | M] () -- C:\Users\ralph\g2mdlhlpx.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/03 13:09:36 | 000,294,216 | ---- | C] () -- C:\Users\ralph\Desktop\gmer.zip
[2011/12/29 15:19:34 | 000,302,592 | ---- | C] () -- C:\Users\ralph\Desktop\ivounz7z.exe
[2011/12/29 15:15:53 | 000,000,331 | -H-- | C] () -- C:\Users\ralph\Desktop\ivounz7z - Shortcut.lnk
[2011/12/29 14:27:53 | 000,000,000 | -H-- | C] () -- C:\Users\ralph\defogger_reenable
[2011/12/29 11:47:20 | 002,427,430 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/29 11:45:41 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/29 11:45:41 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/29 11:45:05 | 000,000,408 | -H-- | C] () -- C:\ProgramData\wfZuAOhqd8nOFh
[2011/12/29 11:44:34 | 000,000,000 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/12/29 11:44:10 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/12/29 11:44:10 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/12/29 11:44:10 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNetV.inf
[2011/12/29 11:44:10 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/12/29 11:44:10 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/29 11:44:10 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/29 11:44:10 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Iron.inf
[2011/12/29 11:44:08 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/12/29 11:44:08 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/29 11:44:08 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/12/29 11:44:08 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/12/29 11:44:08 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/29 11:44:08 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/29 11:44:08 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/29 11:41:06 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~wfZuAOhqd8nOFh
[2011/12/29 11:41:06 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~wfZuAOhqd8nOFhr
[2011/12/29 11:32:09 | 000,000,852 | -H-- | C] () -- C:\Users\ralph\Desktop\Norton Installation Files.lnk
[2011/12/28 20:18:00 | 000,000,629 | -H-- | C] () -- C:\Users\ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/28 20:18:00 | 000,000,605 | -H-- | C] () -- C:\Users\ralph\Desktop\System Fix.lnk
[2011/12/28 20:17:02 | 2950,266,880 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/28 15:16:15 | 003,150,774 | -H-- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/28 12:55:57 | 000,000,301 | -H-- | C] () -- C:\Users\ralph\Desktop\iExplore - Shortcut.lnk
[2011/12/28 12:50:29 | 001,008,141 | -H-- | C] () -- C:\Users\ralph\Desktop\rkill.com
[2011/12/27 17:46:02 | 000,356,608 | -H-- | C] () -- C:\ProgramData\wfZuAOhqd8nOFh.exe
[2011/12/13 13:44:35 | 000,002,052 | -H-- | C] () -- C:\Users\ralph\Desktop\GoToMeeting Quick Connect.lnk
[2011/12/13 13:43:57 | 000,060,304 | -H-- | C] () -- C:\Users\ralph\g2mdlhlpx.exe
[2011/05/10 20:48:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/28 12:20:33 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/28 12:20:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/02 10:18:17 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/01/16 20:17:39 | 000,000,047 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/23 04:18:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 04:16:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/16 17:26:40 | 000,009,011 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/01/10 14:05:46 | 000,001,356 | -H-- | C] () -- C:\Users\ralph\AppData\Local\d3d9caps.dat
[2008/09/12 02:00:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/17 18:36:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/29 13:52:18 | 000,002,092 | ---- | C] () -- C:\Windows\checkip.dat
[2007/05/29 13:51:02 | 000,002,199 | ---- | C] () -- C:\Windows\ipconfig.dat
[2007/04/18 19:16:00 | 000,045,056 | -H-- | C] () -- C:\Users\ralph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/20 16:33:16 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/03/20 16:33:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/03/20 16:31:59 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2006/11/16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,414,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,620,130 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:33:01 | 000,004,396 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/01/06 23:51:39 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006/01/06 23:51:38 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/01/06 23:40:58 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/01/06 23:22:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/01/06 23:15:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/01/06 22:07:26 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
[2006/01/06 22:07:26 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
[2003/07/01 19:34:50 | 000,131,072 | ---- | C] () -- C:\Windows\System32\FinDerLibv21.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131072 bytes -> C:\Users\ralph\AppData\Local\Temp:winupd.exe
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 1/4/2012 11:34:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\ralph\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.98% Memory free
5.71 Gb Paging File | 4.27 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 62.89 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 145.36 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: RALPH-PC | User Name: ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 
"FirewallDisableNotify" = 
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Morningstar\Office\MStarAWD.exe" = C:\Program Files\Morningstar\Office\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Office\AWDImport.exe" = C:\Program Files\Morningstar\Office\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Office\MSUpdate.exe" = C:\Program Files\Morningstar\Office\MSUpdate.exe:*:Enabled:MSUpdate Application -- (Morningstar)
"C:\Program Files\Morningstar\Office\MSUpdateVista.exe" = C:\Program Files\Morningstar\Office\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application -- (Morningstar)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\Program Files\Morningstar\Office\MStarAWD.exe" = C:\Program Files\Morningstar\Office\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Office\AWDImport.exe" = C:\Program Files\Morningstar\Office\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Office\MSUpdate.exe" = C:\Program Files\Morningstar\Office\MSUpdate.exe:*:Enabled:MSUpdate Application -- (Morningstar)
"C:\Program Files\Morningstar\Office\MSUpdateVista.exe" = C:\Program Files\Morningstar\Office\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application -- (Morningstar)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{85F2EDE0-24B0-4647-9295-49A34951E6EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DE0338-B9D1-4DEA-986A-80946EA0CDE7}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{0C764EEA-4B92-4251-88CF-A63A3B6BAC2F}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{1557930C-8698-4F5B-8A8C-AED428DF70ED}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1D6DA0AD-A891-4302-8C0C-4AB246FCC12A}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{32274E45-1D90-40DC-A7F6-EACDD98D52E6}" = protocol=6 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteui.exe |
"{3F4B80FF-19E0-4196-B300-372BFEC5F89D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{41DA6BE9-7A65-42A2-B7DE-2E2C8BE26E83}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{53DBA74A-093C-4270-BF2C-A9A443CAA248}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{57DBEE01-AAC4-4C0F-BCEA-B52C133797D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CF518FF-8B15-481A-B9F5-360CA8600533}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5FAC5144-2CB5-4A07-98CB-E325A68B103C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{606F9767-608B-402B-961F-09F4FD26CF0D}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{6195EDFE-3B07-449B-9558-1B27B599E02E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6923DA9D-1896-4D62-83AB-A122F94AE6E5}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{695C2D43-FA38-448D-8106-E527066ED562}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E5CD57-D89E-46A5-BB98-A79C39D6EC2A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{6C7F9D5B-66AE-494A-B35C-D22BE27A2B61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6F9FD1B9-B1C3-40BB-B466-DA0AEBD8018E}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7531C6C6-03D5-4EF1-8985-E2235F78627B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A5CBA66-D006-4CD7-BA7B-7086872ADBC1}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{8864B169-1B51-41E5-8959-240679F5D1EA}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{8E1E465D-ED73-4CB0-9AE9-682994BD111A}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{8F1E4331-9F6D-49E4-AF21-66D057E26BAF}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{948B9E7B-5452-4C8A-BF5D-2FC03F330ACF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DE2CC96-75DC-47FF-BA30-9162BE1C38CF}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{A28CAC47-B290-45B7-A1AB-8F6C702DDA2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A3670DA5-86CE-4380-B2E8-C586D3133A45}" = protocol=17 | dir=in | app=c:\program files\carbonite\carbonite backup\carboniteui.exe |
"{B72072FB-56BB-43FD-9A80-9BCF8D7289E0}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{C0F4BD5E-8301-4B18-96B2-EEBCAE160173}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{CCC058AA-2F4C-4604-8F3C-93811B85C4A2}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{EB62842C-94E5-4C49-A567-31CE939CC4BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F0D70407-E579-4986-A082-A6019EDD50FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F4AA38A2-3C54-4652-8C4E-93EF66AC0483}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{F805D548-A289-46D1-BD6F-D4F60A7C6050}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{F95B7A72-2D87-49DC-8772-8A40C2FADEC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{479F8513-5ECB-44AD-9D35-916EBF30D378}C:\users\ralph\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{4DCC374E-85B4-4660-B3BC-2ABC9AD611A3}C:\program files\morningstar\office\mstarawd.exe" = protocol=6 | dir=in | app=c:\program files\morningstar\office\mstarawd.exe |
"TCP Query User{5D9F9F7C-1608-439E-8D49-CA218225ED77}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{14FDC3B9-0A37-4907-A3A3-C7592D499FDF}C:\program files\morningstar\office\mstarawd.exe" = protocol=17 | dir=in | app=c:\program files\morningstar\office\mstarawd.exe |
"UDP Query User{9EB68E56-BCCC-4456-B584-EDDDC98211F8}C:\users\ralph\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{B909EC20-C6E8-4E23-BF9A-A6179858F393}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92E335-E229-4BFB-B46F-0D9620F0C6A3}" = Morningstar Office Prerequisite 3.8
"{405E4AC6-CF80-4BF3-9751-A43A2753F80E}" = Before You Know It 3.6
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{625A04D4-47DB-40C1-A8C9-4556AAA24894}" = Principia
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7200E359-03B3-4787-954F-8CFE745B8F25}" = Principia
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A2F0810-3634-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Professional Services Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}" = Garmin City Navigator North America NT 2008
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B3EA8C67-C182-40E5-BCC7-6F132DA46AAD}" = Logitech Harmony Remote Software 7
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2B14AC7-C8A7-40BD-A018-845CB3E845A8}" = Morningstar Office Prerequisite 3.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bicycle Casino 2.0" = Bicycle Casino 2.0
"CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Carbonite Backup" = Carbonite
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Google Updater" = Google Updater
"HCS10DL" = Hoyle Casino 2006 (remove only)
"iMesh" = iMesh
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Morningstar Office" = Morningstar Office
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWebSearch bar Uninstall" = My Web Search (Popular Screensavers)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Slot City 2" = Encore Software's Slot City 2 Plus Video Poker
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"StarCalc" = StarCalc 5.73
"Stellarium_is1" = Stellarium 0.11.0
"TomTom HOME" = TomTom HOME
"VIP Access Toolbar for Internet Explorer" = VIP Access Toolbar for Internet Explorer
"Wincore MediaBar" = Wincore MediaBar
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3349613358-871281712-187235305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" PersonSecurity" = Personal Security
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.873
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 4:33:06 AM | Computer Name = ralph-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/4/2012 5:11:42 AM | Computer Name = ralph-PC | Source = ESENT | ID = 488
Description = WinMail (4664) WindowsMail0: An attempt to create the file "C:\Users\ralph\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" failed with system error 5 (0x00000005): "Access is denied.
". The create file operation will fail with error -1032 (0xfffffbf8).

Error - 1/4/2012 5:11:42 AM | Computer Name = ralph-PC | Source = ESENT | ID = 217
Description = WinMail (4664) WindowsMail0: Error (-1032) during backup of a database
(file C:\Users\ralph\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
The database will be unable to restore.

Error - 1/4/2012 5:11:42 AM | Computer Name = ralph-PC | Source = ESENT | ID = 215
Description = WinMail (4664) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 1/4/2012 5:17:39 AM | Computer Name = ralph-PC | Source = LoadPerf | ID = 3001
Description =

Error - 1/4/2012 5:51:14 AM | Computer Name = ralph-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module IEFRAME.dll, version 9.0.8112.16440, time stamp 0x4eb319a7,
exception code 0xc0000005, fault offset 0x0022425e, process id 0xeec, application
start time 0x01cccac664c9f378.

Error - 1/4/2012 5:52:44 AM | Computer Name = ralph-PC | Source = Application Error | ID = 1000
Description = Faulting application winupd.exe, version 0.0.0.0, time stamp 0x4ed8a0e4,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000409, fault offset 0x00065276, process id 0x1dc, application start time
0x01cccac0c8ce9b90.

Error - 1/4/2012 6:21:20 AM | Computer Name = ralph-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2012 6:21:20 AM | Computer Name = ralph-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1950

Error - 1/4/2012 6:21:20 AM | Computer Name = ralph-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1950

[ Media Center Events ]
Error - 5/27/2008 1:42:22 AM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 9:18:41 AM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 6:41:58 PM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/30/2008 2:29:47 PM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/12/2008 7:06:58 PM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/22/2008 4:08:24 AM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 6:13:14 AM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/12/2008 3:14:51 AM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:43:06 PM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/7/2010 4:29:57 PM | Computer Name = ralph-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/29/2011 4:14:44 PM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/29/2011 4:14:44 PM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2011 4:15:03 PM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/29/2011 4:15:54 PM | Computer Name = ralph-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2011 4:17:57 PM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/2/2012 12:36:35 PM | Computer Name = ralph-PC | Source = DCOM | ID = 10010
Description =

Error - 1/3/2012 12:39:45 PM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/4/2012 12:47:33 AM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/4/2012 5:11:47 AM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/4/2012 5:11:47 AM | Computer Name = ralph-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#5 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 11:47 AM

Hope I'm doing this properly. This has to be a struggle for you. I appreciate the effort!

#6 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 12:36 PM

Black screen,only icons present are those I have been using to cleanup my computer and give you access to requested info. "my Computer" shows the same. My files are all hidden. I can access resources online only. It took nearly 12 hours to run the gmer scan so maybe processors are being slowed[?] "Systemfix" is not showing a presence like before, my screen is not being cluttered with scary messages {GOOD}
That is progress,thanks ST
wiglet

#7 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 02:12 PM

I have a more recent run of TDSSKiller to show:

04:05:52.0241 5804 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
04:05:52.0678 5804 ============================================================
04:05:52.0678 5804 Current date / time: 2012/01/04 04:05:52.0678
04:05:52.0678 5804 SystemInfo:
04:05:52.0678 5804
04:05:52.0678 5804 OS Version: 6.0.6002 ServicePack: 2.0
04:05:52.0678 5804 Product type: Workstation
04:05:52.0678 5804 ComputerName: RALPH-PC
04:05:52.0678 5804 UserName: ralph
04:05:52.0678 5804 Windows directory: C:\Windows
04:05:52.0678 5804 System windows directory: C:\Windows
04:05:52.0678 5804 Processor architecture: Intel x86
04:05:52.0678 5804 Number of processors: 2
04:05:52.0678 5804 Page size: 0x1000
04:05:52.0678 5804 Boot type: Normal boot
04:05:52.0678 5804 ============================================================
04:05:53.0692 5804 Initialize success
04:06:16.0468 0156 ============================================================
04:06:16.0468 0156 Scan started
04:06:16.0468 0156 Mode: Manual; SigCheck; TDLFS;
04:06:16.0468 0156 ============================================================
04:06:16.0858 0156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:06:16.0967 0156 ACPI - ok
04:06:17.0014 0156 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:06:17.0029 0156 adp94xx - ok
04:06:17.0060 0156 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:06:17.0076 0156 adpahci - ok
04:06:17.0154 0156 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:06:17.0170 0156 adpu160m - ok
04:06:17.0216 0156 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:06:17.0232 0156 adpu320 - ok
04:06:17.0341 0156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:06:17.0388 0156 AFD - ok
04:06:17.0466 0156 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:06:17.0482 0156 agp440 - ok
04:06:17.0528 0156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:06:17.0544 0156 aic78xx - ok
04:06:17.0575 0156 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:06:17.0591 0156 aliide - ok
04:06:17.0669 0156 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:06:17.0684 0156 amdagp - ok
04:06:17.0700 0156 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:06:17.0731 0156 amdide - ok
04:06:17.0762 0156 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:06:17.0825 0156 AmdK7 - ok
04:06:17.0856 0156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:06:17.0903 0156 AmdK8 - ok
04:06:17.0996 0156 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:06:18.0012 0156 arc - ok
04:06:18.0059 0156 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:06:18.0074 0156 arcsas - ok
04:06:18.0121 0156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:06:18.0152 0156 AsyncMac - ok
04:06:18.0230 0156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:06:18.0246 0156 atapi - ok
04:06:18.0386 0156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:06:18.0433 0156 Beep - ok
04:06:18.0589 0156 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
04:06:18.0652 0156 BHDrvx86 - ok
04:06:18.0714 0156 blbdrive - ok
04:06:18.0776 0156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:06:18.0792 0156 bowser - ok
04:06:18.0870 0156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:06:18.0901 0156 BrFiltLo - ok
04:06:18.0932 0156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:06:18.0948 0156 BrFiltUp - ok
04:06:18.0995 0156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:06:19.0057 0156 Brserid - ok
04:06:19.0073 0156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:06:19.0120 0156 BrSerWdm - ok
04:06:19.0151 0156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:06:19.0198 0156 BrUsbMdm - ok
04:06:19.0276 0156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:06:19.0338 0156 BrUsbSer - ok
04:06:19.0369 0156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:06:19.0432 0156 BTHMODEM - ok
04:06:19.0525 0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:06:19.0556 0156 cdfs - ok
04:06:19.0588 0156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:06:19.0619 0156 cdrom - ok
04:06:19.0666 0156 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:06:19.0728 0156 circlass - ok
04:06:19.0790 0156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:06:19.0822 0156 CLFS - ok
04:06:19.0884 0156 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:06:19.0900 0156 cmdide - ok
04:06:19.0946 0156 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:06:19.0962 0156 Compbatt - ok
04:06:19.0993 0156 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:06:20.0009 0156 crcdisk - ok
04:06:20.0040 0156 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:06:20.0087 0156 Crusoe - ok
04:06:20.0165 0156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:06:20.0196 0156 DfsC - ok
04:06:20.0274 0156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:06:20.0290 0156 disk - ok
04:06:20.0352 0156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:06:20.0383 0156 drmkaud - ok
04:06:20.0430 0156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:06:20.0461 0156 DXGKrnl - ok
04:06:20.0555 0156 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:06:20.0617 0156 E1G60 - ok
04:06:20.0664 0156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:06:20.0695 0156 Ecache - ok
04:06:20.0773 0156 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:06:20.0820 0156 eeCtrl - ok
04:06:20.0929 0156 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:06:20.0960 0156 elxstor - ok
04:06:21.0054 0156 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:06:21.0070 0156 EraserUtilRebootDrv - ok
04:06:21.0194 0156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:06:21.0210 0156 exfat - ok
04:06:21.0241 0156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:06:21.0272 0156 fastfat - ok
04:06:21.0319 0156 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:06:21.0382 0156 fdc - ok
04:06:21.0475 0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:06:21.0491 0156 FileInfo - ok
04:06:21.0522 0156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:06:21.0584 0156 Filetrace - ok
04:06:21.0631 0156 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:06:21.0694 0156 flpydisk - ok
04:06:21.0772 0156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:06:21.0787 0156 FltMgr - ok
04:06:21.0850 0156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:06:21.0881 0156 Fs_Rec - ok
04:06:21.0959 0156 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:06:21.0974 0156 gagp30kx - ok
04:06:22.0021 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:06:22.0052 0156 GEARAspiWDM - ok
04:06:22.0130 0156 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
04:06:22.0162 0156 grmnusb - ok
04:06:22.0286 0156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:06:22.0364 0156 HdAudAddService - ok
04:06:22.0411 0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:06:22.0442 0156 HDAudBus - ok
04:06:22.0536 0156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:06:22.0598 0156 HidBth - ok
04:06:22.0614 0156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:06:22.0676 0156 HidIr - ok
04:06:22.0723 0156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:06:22.0754 0156 HidUsb - ok
04:06:22.0786 0156 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:06:22.0801 0156 HpCISSs - ok
04:06:22.0895 0156 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:06:22.0910 0156 HTTP - ok
04:06:22.0942 0156 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:06:22.0957 0156 i2omp - ok
04:06:23.0066 0156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:06:23.0113 0156 i8042prt - ok
04:06:23.0160 0156 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:06:23.0176 0156 iaStorV - ok
04:06:23.0269 0156 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys
04:06:23.0300 0156 IDSVix86 - ok
04:06:23.0378 0156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:06:23.0394 0156 iirsp - ok
04:06:23.0488 0156 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
04:06:23.0503 0156 int15 - ok
04:06:23.0644 0156 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
04:06:23.0722 0156 IntcAzAudAddService - ok
04:06:23.0815 0156 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:06:23.0831 0156 intelide - ok
04:06:23.0862 0156 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
04:06:23.0940 0156 intelppm - ok
04:06:24.0034 0156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:06:24.0080 0156 IpFilterDriver - ok
04:06:24.0096 0156 IpInIp - ok
04:06:24.0143 0156 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:06:24.0205 0156 IPMIDRV - ok
04:06:24.0252 0156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:06:24.0283 0156 IPNAT - ok
04:06:24.0392 0156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:06:24.0424 0156 IRENUM - ok
04:06:24.0455 0156 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:06:24.0470 0156 isapnp - ok
04:06:24.0517 0156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:06:24.0533 0156 iScsiPrt - ok
04:06:24.0611 0156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:06:24.0626 0156 iteatapi - ok
04:06:24.0673 0156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:06:24.0704 0156 iteraid - ok
04:06:24.0736 0156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:06:24.0767 0156 kbdclass - ok
04:06:24.0845 0156 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:06:24.0876 0156 kbdhid - ok
04:06:24.0907 0156 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:06:24.0938 0156 KSecDD - ok
04:06:25.0032 0156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:06:25.0063 0156 lltdio - ok
04:06:25.0172 0156 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:06:25.0188 0156 LSI_FC - ok
04:06:25.0219 0156 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:06:25.0235 0156 LSI_SAS - ok
04:06:25.0250 0156 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:06:25.0266 0156 LSI_SCSI - ok
04:06:25.0313 0156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:06:25.0344 0156 luafv - ok
04:06:25.0438 0156 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
04:06:25.0438 0156 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
04:06:25.0438 0156 MCSTRM - detected UnsignedFile.Multi.Generic (1)
04:06:25.0484 0156 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:06:25.0484 0156 megasas - ok
04:06:25.0531 0156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:06:25.0578 0156 Modem - ok
04:06:25.0656 0156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:06:25.0703 0156 monitor - ok
04:06:25.0734 0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:06:25.0750 0156 mouclass - ok
04:06:25.0828 0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:06:25.0859 0156 mouhid - ok
04:06:25.0890 0156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:06:25.0906 0156 MountMgr - ok
04:06:25.0968 0156 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:06:25.0984 0156 mpio - ok
04:06:26.0046 0156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:06:26.0077 0156 mpsdrv - ok
04:06:26.0108 0156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:06:26.0124 0156 Mraid35x - ok
04:06:26.0186 0156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:06:26.0218 0156 MRxDAV - ok
04:06:26.0280 0156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:06:26.0311 0156 mrxsmb - ok
04:06:26.0374 0156 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:06:26.0389 0156 mrxsmb10 - ok
04:06:26.0452 0156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:06:26.0483 0156 mrxsmb20 - ok
04:06:26.0530 0156 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:06:26.0545 0156 msahci - ok
04:06:26.0576 0156 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:06:26.0592 0156 msdsm - ok
04:06:26.0654 0156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:06:26.0686 0156 Msfs - ok
04:06:26.0748 0156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:06:26.0764 0156 msisadrv - ok
04:06:26.0842 0156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:06:26.0888 0156 MSKSSRV - ok
04:06:26.0935 0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:06:26.0982 0156 MSPCLOCK - ok
04:06:27.0029 0156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:06:27.0060 0156 MSPQM - ok
04:06:27.0138 0156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:06:27.0154 0156 MsRPC - ok
04:06:27.0185 0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:06:27.0200 0156 mssmbios - ok
04:06:27.0232 0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:06:27.0263 0156 MSTEE - ok
04:06:27.0310 0156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:06:27.0325 0156 Mup - ok
04:06:27.0419 0156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:06:27.0450 0156 NativeWifiP - ok
04:06:27.0559 0156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVENG.SYS
04:06:27.0575 0156 NAVENG - ok
04:06:27.0637 0156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVEX15.SYS
04:06:27.0684 0156 NAVEX15 - ok
04:06:27.0793 0156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:06:27.0824 0156 NDIS - ok
04:06:27.0871 0156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:06:27.0902 0156 NdisTapi - ok
04:06:27.0980 0156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:06:28.0012 0156 Ndisuio - ok
04:06:28.0058 0156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:06:28.0090 0156 NdisWan - ok
04:06:28.0121 0156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:06:28.0152 0156 NDProxy - ok
04:06:28.0246 0156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:06:28.0277 0156 NetBIOS - ok
04:06:28.0324 0156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:06:28.0370 0156 netbt - ok
04:06:28.0417 0156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:06:28.0433 0156 nfrd960 - ok
04:06:28.0526 0156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:06:28.0558 0156 Npfs - ok
04:06:28.0604 0156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:06:28.0636 0156 nsiproxy - ok
04:06:28.0698 0156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:06:28.0745 0156 Ntfs - ok
04:06:28.0823 0156 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:06:28.0838 0156 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
04:06:28.0838 0156 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
04:06:28.0870 0156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:06:28.0916 0156 ntrigdigi - ok
04:06:28.0948 0156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:06:28.0994 0156 Null - ok
04:06:29.0306 0156 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:06:29.0556 0156 nvlddmkm - ok
04:06:29.0650 0156 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:06:29.0665 0156 nvraid - ok
04:06:29.0712 0156 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
04:06:29.0728 0156 nvstor - ok
04:06:29.0759 0156 nvstor32 (86b1b96806829066982ed67b7aba74ef) C:\Windows\system32\drivers\nvstor32.sys
04:06:29.0774 0156 nvstor32 - ok
04:06:29.0868 0156 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:06:29.0884 0156 nv_agp - ok
04:06:29.0899 0156 NwlnkFlt - ok
04:06:29.0915 0156 NwlnkFwd - ok
04:06:29.0962 0156 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:06:29.0993 0156 ohci1394 - ok
04:06:30.0149 0156 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
04:06:30.0180 0156 Parport - ok
04:06:30.0196 0156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:06:30.0227 0156 partmgr - ok
04:06:30.0242 0156 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
04:06:30.0274 0156 Parvdm - ok
04:06:30.0320 0156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:06:30.0336 0156 pci - ok
04:06:30.0414 0156 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:06:30.0430 0156 pciide - ok
04:06:30.0476 0156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:06:30.0492 0156 pcmcia - ok
04:06:30.0601 0156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:06:30.0679 0156 PEAUTH - ok
04:06:30.0773 0156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:06:30.0804 0156 PptpMiniport - ok
04:06:30.0835 0156 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:06:30.0898 0156 Processor - ok
04:06:30.0991 0156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:06:31.0022 0156 PSched - ok
04:06:31.0054 0156 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
04:06:31.0054 0156 PSDFilter ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0054 0156 PSDFilter - detected UnsignedFile.Multi.Generic (1)
04:06:31.0069 0156 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
04:06:31.0085 0156 PSDNServ ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0085 0156 PSDNServ - detected UnsignedFile.Multi.Generic (1)
04:06:31.0116 0156 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
04:06:31.0116 0156 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
04:06:31.0116 0156 psdvdisk - detected UnsignedFile.Multi.Generic (1)
04:06:31.0256 0156 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:06:31.0288 0156 ql2300 - ok
04:06:31.0319 0156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:06:31.0350 0156 ql40xx - ok
04:06:31.0412 0156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:06:31.0428 0156 QWAVEdrv - ok
04:06:31.0490 0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:06:31.0522 0156 RasAcd - ok
04:06:31.0568 0156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:06:31.0615 0156 Rasl2tp - ok
04:06:31.0662 0156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:06:31.0693 0156 RasPppoe - ok
04:06:31.0740 0156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:06:31.0756 0156 RasSstp - ok
04:06:31.0787 0156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:06:31.0818 0156 rdbss - ok
04:06:31.0849 0156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:06:31.0880 0156 RDPCDD - ok
04:06:31.0943 0156 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:06:32.0005 0156 rdpdr - ok
04:06:32.0052 0156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:06:32.0083 0156 RDPENCDD - ok
04:06:32.0114 0156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:06:32.0146 0156 RDPWD - ok
04:06:32.0239 0156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:06:32.0270 0156 rspndr - ok
04:06:32.0348 0156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:06:32.0364 0156 sbp2port - ok
04:06:32.0411 0156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:06:32.0473 0156 secdrv - ok
04:06:32.0536 0156 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
04:06:32.0582 0156 Serenum - ok
04:06:32.0645 0156 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
04:06:32.0676 0156 Serial - ok
04:06:32.0707 0156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:06:32.0738 0156 sermouse - ok
04:06:32.0832 0156 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:06:32.0879 0156 sffdisk - ok
04:06:32.0926 0156 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:06:32.0988 0156 sffp_mmc - ok
04:06:33.0004 0156 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:06:33.0066 0156 sffp_sd - ok
04:06:33.0113 0156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:06:33.0160 0156 sfloppy - ok
04:06:33.0206 0156 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:06:33.0222 0156 sisagp - ok
04:06:33.0284 0156 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:06:33.0284 0156 SiSRaid2 - ok
04:06:33.0347 0156 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:06:33.0362 0156 SiSRaid4 - ok
04:06:33.0440 0156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:06:33.0472 0156 Smb - ok
04:06:33.0565 0156 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
04:06:33.0643 0156 smserial - ok
04:06:33.0721 0156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:06:33.0737 0156 spldr - ok
04:06:33.0846 0156 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
04:06:33.0893 0156 SRTSP - ok
04:06:33.0971 0156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
04:06:33.0986 0156 SRTSPX - ok
04:06:34.0049 0156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:06:34.0080 0156 srv - ok
04:06:34.0111 0156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:06:34.0127 0156 srv2 - ok
04:06:34.0174 0156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:06:34.0189 0156 srvnet - ok
04:06:34.0283 0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:06:34.0298 0156 swenum - ok
04:06:34.0330 0156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:06:34.0345 0156 Symc8xx - ok
04:06:34.0423 0156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
04:06:34.0454 0156 SymDS - ok
04:06:34.0532 0156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
04:06:34.0564 0156 SymEFA - ok
04:06:34.0610 0156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:06:34.0626 0156 SymEvent - ok
04:06:34.0688 0156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
04:06:34.0704 0156 SymIRON - ok
04:06:34.0766 0156 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
04:06:34.0813 0156 SYMTDIv - ok
04:06:34.0876 0156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:06:34.0891 0156 Sym_hi - ok
04:06:34.0922 0156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:06:34.0938 0156 Sym_u3 - ok
04:06:35.0047 0156 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:06:35.0094 0156 Tcpip - ok
04:06:35.0141 0156 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:06:35.0203 0156 Tcpip6 - ok
04:06:35.0281 0156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:06:35.0312 0156 tcpipreg - ok
04:06:35.0344 0156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:06:35.0406 0156 TDPIPE - ok
04:06:35.0437 0156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:06:35.0500 0156 TDTCP - ok
04:06:35.0562 0156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:06:35.0593 0156 tdx - ok
04:06:35.0640 0156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:06:35.0656 0156 TermDD - ok
04:06:35.0687 0156 TfFsMon - ok
04:06:35.0702 0156 TfNetMon - ok
04:06:35.0718 0156 TFSysMon - ok
04:06:35.0796 0156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:06:35.0843 0156 tssecsrv - ok
04:06:35.0905 0156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:06:35.0921 0156 tunmp - ok
04:06:35.0983 0156 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:06:35.0999 0156 tunnel - ok
04:06:36.0030 0156 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:06:36.0046 0156 uagp35 - ok
04:06:36.0077 0156 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
04:06:36.0092 0156 UBHelper ( UnsignedFile.Multi.Generic ) - warning
04:06:36.0092 0156 UBHelper - detected UnsignedFile.Multi.Generic (1)
04:06:36.0139 0156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:06:36.0170 0156 udfs - ok
04:06:36.0264 0156 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:06:36.0280 0156 uliagpkx - ok
04:06:36.0311 0156 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:06:36.0326 0156 uliahci - ok
04:06:36.0373 0156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:06:36.0389 0156 UlSata - ok
04:06:36.0436 0156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:06:36.0451 0156 ulsata2 - ok
04:06:36.0498 0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:06:36.0529 0156 umbus - ok
04:06:36.0592 0156 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
04:06:36.0623 0156 USBAAPL - ok
04:06:36.0670 0156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:06:36.0701 0156 usbccgp - ok
04:06:36.0779 0156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:06:36.0841 0156 usbcir - ok
04:06:36.0904 0156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:06:36.0935 0156 usbehci - ok
04:06:36.0997 0156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:06:37.0028 0156 usbhub - ok
04:06:37.0044 0156 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:06:37.0075 0156 usbohci - ok
04:06:37.0106 0156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:06:37.0153 0156 usbprint - ok
04:06:37.0200 0156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:06:37.0231 0156 USBSTOR - ok
04:06:37.0278 0156 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:06:37.0325 0156 usbuhci - ok
04:06:37.0387 0156 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:06:37.0450 0156 vga - ok
04:06:37.0512 0156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:06:37.0543 0156 VgaSave - ok
04:06:37.0606 0156 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:06:37.0621 0156 viaagp - ok
04:06:37.0652 0156 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:06:37.0762 0156 ViaC7 - ok
04:06:37.0793 0156 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:06:37.0808 0156 viaide - ok
04:06:37.0855 0156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:06:37.0871 0156 volmgr - ok
04:06:37.0933 0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:06:37.0949 0156 volmgrx - ok
04:06:37.0996 0156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:06:38.0027 0156 volsnap - ok
04:06:38.0074 0156 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:06:38.0074 0156 vsmraid - ok
04:06:38.0152 0156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:06:38.0214 0156 WacomPen - ok
04:06:38.0261 0156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:38.0276 0156 Wanarp - ok
04:06:38.0292 0156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:38.0323 0156 Wanarpv6 - ok
04:06:38.0386 0156 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:06:38.0401 0156 Wd - ok
04:06:38.0464 0156 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:06:38.0510 0156 Wdf01000 - ok
04:06:38.0635 0156 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
04:06:38.0651 0156 winusb - ok
04:06:38.0713 0156 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:06:38.0791 0156 WmiAcpi - ok
04:06:38.0885 0156 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:06:38.0900 0156 WpdUsb - ok
04:06:38.0978 0156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:06:39.0025 0156 ws2ifsl - ok
04:06:39.0103 0156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:06:39.0134 0156 WUDFRd - ok
04:06:39.0197 0156 yukonwlh (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
04:06:39.0212 0156 yukonwlh - ok
04:06:39.0244 0156 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
04:06:40.0024 0156 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:06:40.0024 0156 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:06:40.0039 0156 Boot (0x1200) (00a9e8c88f9f5fdaf0e8cf9a0bc77c3a) \Device\Harddisk0\DR0\Partition0
04:06:40.0055 0156 \Device\Harddisk0\DR0\Partition0 - ok
04:06:40.0070 0156 Boot (0x1200) (605606dbbe9c474e340602688b9993ae) \Device\Harddisk0\DR0\Partition1
04:06:40.0070 0156 \Device\Harddisk0\DR0\Partition1 - ok
04:06:40.0070 0156 ============================================================
04:06:40.0070 0156 Scan finished
04:06:40.0070 0156 ============================================================
04:06:40.0102 1888 Detected object count: 7
04:06:40.0102 1888 Actual detected object count: 7
04:06:45.0452 1888 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0452 1888 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0452 1888 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0452 1888 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0468 1888 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0468 1888 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0484 1888 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
04:06:45.0484 1888 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:06:45.0484 1888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:06:45.0484 1888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:07:18.0618 5584 ============================================================
04:07:18.0618 5584 Scan started
04:07:18.0618 5584 Mode: Manual; SigCheck; TDLFS;
04:07:18.0618 5584 ============================================================
04:07:18.0930 5584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:07:18.0961 5584 ACPI - ok
04:07:19.0008 5584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:07:19.0024 5584 adp94xx - ok
04:07:19.0055 5584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:07:19.0086 5584 adpahci - ok
04:07:19.0164 5584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:07:19.0180 5584 adpu160m - ok
04:07:19.0211 5584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:07:19.0226 5584 adpu320 - ok
04:07:19.0289 5584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:07:19.0304 5584 AFD - ok
04:07:19.0351 5584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:07:19.0367 5584 agp440 - ok
04:07:19.0429 5584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:07:19.0445 5584 aic78xx - ok
04:07:19.0476 5584 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:07:19.0492 5584 aliide - ok
04:07:19.0523 5584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:07:19.0538 5584 amdagp - ok
04:07:19.0585 5584 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:07:19.0601 5584 amdide - ok
04:07:19.0632 5584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:07:19.0694 5584 AmdK7 - ok
04:07:19.0757 5584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:07:19.0804 5584 AmdK8 - ok
04:07:19.0835 5584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:07:19.0850 5584 arc - ok
04:07:19.0882 5584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:07:19.0897 5584 arcsas - ok
04:07:19.0960 5584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:07:19.0991 5584 AsyncMac - ok
04:07:20.0053 5584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:07:20.0069 5584 atapi - ok
04:07:20.0131 5584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:07:20.0162 5584 Beep - ok
04:07:20.0287 5584 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
04:07:20.0318 5584 BHDrvx86 - ok
04:07:20.0396 5584 blbdrive - ok
04:07:20.0428 5584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:07:20.0459 5584 bowser - ok
04:07:20.0474 5584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:07:20.0506 5584 BrFiltLo - ok
04:07:20.0521 5584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:07:20.0552 5584 BrFiltUp - ok
04:07:20.0615 5584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:07:20.0662 5584 Brserid - ok
04:07:20.0724 5584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:07:20.0786 5584 BrSerWdm - ok
04:07:20.0802 5584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:07:20.0864 5584 BrUsbMdm - ok
04:07:20.0911 5584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:07:20.0958 5584 BrUsbSer - ok
04:07:21.0020 5584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:07:21.0083 5584 BTHMODEM - ok
04:07:21.0161 5584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:07:21.0192 5584 cdfs - ok
04:07:21.0223 5584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:07:21.0254 5584 cdrom - ok
04:07:21.0317 5584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:07:21.0364 5584 circlass - ok
04:07:21.0410 5584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:07:21.0426 5584 CLFS - ok
04:07:21.0504 5584 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:07:21.0520 5584 cmdide - ok
04:07:21.0566 5584 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:07:21.0582 5584 Compbatt - ok
04:07:21.0613 5584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:07:21.0629 5584 crcdisk - ok
04:07:21.0644 5584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:07:21.0707 5584 Crusoe - ok
04:07:21.0785 5584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:07:21.0800 5584 DfsC - ok
04:07:21.0878 5584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:07:21.0894 5584 disk - ok
04:07:21.0956 5584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:07:21.0973 5584 drmkaud - ok
04:07:22.0035 5584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:07:22.0067 5584 DXGKrnl - ok
04:07:22.0129 5584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:07:22.0191 5584 E1G60 - ok
04:07:22.0269 5584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:07:22.0285 5584 Ecache - ok
04:07:22.0425 5584 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:07:22.0457 5584 eeCtrl - ok
04:07:22.0597 5584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:07:22.0613 5584 elxstor - ok
04:07:22.0753 5584 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:07:22.0769 5584 EraserUtilRebootDrv - ok
04:07:22.0878 5584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:07:22.0893 5584 exfat - ok
04:07:22.0925 5584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:07:22.0956 5584 fastfat - ok
04:07:22.0987 5584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:07:23.0050 5584 fdc - ok
04:07:23.0144 5584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:07:23.0175 5584 FileInfo - ok
04:07:23.0206 5584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:07:23.0253 5584 Filetrace - ok
04:07:23.0316 5584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:07:23.0378 5584 flpydisk - ok
04:07:23.0440 5584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:07:23.0456 5584 FltMgr - ok
04:07:23.0503 5584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:07:23.0534 5584 Fs_Rec - ok
04:07:23.0581 5584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:07:23.0596 5584 gagp30kx - ok
04:07:23.0659 5584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:07:23.0674 5584 GEARAspiWDM - ok
04:07:23.0706 5584 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
04:07:23.0721 5584 grmnusb - ok
04:07:23.0799 5584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:07:23.0862 5584 HdAudAddService - ok
04:07:23.0940 5584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:07:23.0971 5584 HDAudBus - ok
04:07:24.0033 5584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:07:24.0080 5584 HidBth - ok
04:07:24.0111 5584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:07:24.0174 5584 HidIr - ok
04:07:24.0236 5584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:07:24.0252 5584 HidUsb - ok
04:07:24.0283 5584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:07:24.0298 5584 HpCISSs - ok
04:07:24.0376 5584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:07:24.0392 5584 HTTP - ok
04:07:24.0454 5584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:07:24.0470 5584 i2omp - ok
04:07:24.0532 5584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:07:24.0548 5584 i8042prt - ok
04:07:24.0579 5584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:07:24.0610 5584 iaStorV - ok
04:07:24.0704 5584 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys
04:07:24.0720 5584 IDSVix86 - ok
04:07:24.0813 5584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:07:24.0829 5584 iirsp - ok
04:07:24.0922 5584 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
04:07:24.0938 5584 int15 - ok
04:07:25.0063 5584 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
04:07:25.0125 5584 IntcAzAudAddService - ok
04:07:25.0219 5584 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:07:25.0234 5584 intelide - ok
04:07:25.0266 5584 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
04:07:25.0312 5584 intelppm - ok
04:07:25.0375 5584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:07:25.0406 5584 IpFilterDriver - ok
04:07:25.0484 5584 IpInIp - ok
04:07:25.0531 5584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:07:25.0593 5584 IPMIDRV - ok
04:07:25.0624 5584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:07:25.0671 5584 IPNAT - ok
04:07:25.0765 5584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:07:25.0796 5584 IRENUM - ok
04:07:25.0827 5584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:07:25.0843 5584 isapnp - ok
04:07:25.0890 5584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:07:25.0905 5584 iScsiPrt - ok
04:07:25.0983 5584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:07:26.0014 5584 iteatapi - ok
04:07:26.0046 5584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:07:26.0061 5584 iteraid - ok
04:07:26.0108 5584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:07:26.0124 5584 kbdclass - ok
04:07:26.0186 5584 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:07:26.0233 5584 kbdhid - ok
04:07:26.0295 5584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:07:26.0326 5584 KSecDD - ok
04:07:26.0420 5584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:07:26.0451 5584 lltdio - ok
04:07:26.0560 5584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:07:26.0576 5584 LSI_FC - ok
04:07:26.0592 5584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:07:26.0607 5584 LSI_SAS - ok
04:07:26.0638 5584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:07:26.0654 5584 LSI_SCSI - ok
04:07:26.0685 5584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:07:26.0716 5584 luafv - ok
04:07:26.0810 5584 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
04:07:26.0810 5584 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
04:07:26.0810 5584 MCSTRM - detected UnsignedFile.Multi.Generic (1)
04:07:26.0857 5584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:07:26.0872 5584 megasas - ok
04:07:26.0904 5584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:07:26.0950 5584 Modem - ok
04:07:26.0982 5584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:07:27.0013 5584 monitor - ok
04:07:27.0091 5584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:07:27.0106 5584 mouclass - ok
04:07:27.0138 5584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:07:27.0169 5584 mouhid - ok
04:07:27.0216 5584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:07:27.0231 5584 MountMgr - ok
04:07:27.0309 5584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:07:27.0340 5584 mpio - ok
04:07:27.0372 5584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:07:27.0403 5584 mpsdrv - ok
04:07:27.0450 5584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:07:27.0465 5584 Mraid35x - ok
04:07:27.0543 5584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:07:27.0574 5584 MRxDAV - ok
04:07:27.0606 5584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:07:27.0637 5584 mrxsmb - ok
04:07:27.0668 5584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:07:27.0684 5584 mrxsmb10 - ok
04:07:27.0762 5584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:07:27.0777 5584 mrxsmb20 - ok
04:07:27.0808 5584 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:07:27.0824 5584 msahci - ok
04:07:27.0855 5584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:07:27.0871 5584 msdsm - ok
04:07:27.0918 5584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:07:27.0949 5584 Msfs - ok
04:07:28.0027 5584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:07:28.0042 5584 msisadrv - ok
04:07:28.0074 5584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:07:28.0105 5584 MSKSSRV - ok
04:07:28.0152 5584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:07:28.0183 5584 MSPCLOCK - ok
04:07:28.0198 5584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:07:28.0245 5584 MSPQM - ok
04:07:28.0323 5584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:07:28.0354 5584 MsRPC - ok
04:07:28.0386 5584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:07:28.0401 5584 mssmbios - ok
04:07:28.0432 5584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:07:28.0464 5584 MSTEE - ok
04:07:28.0542 5584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:07:28.0573 5584 Mup - ok
04:07:28.0635 5584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:07:28.0666 5584 NativeWifiP - ok
04:07:28.0760 5584 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVENG.SYS
04:07:28.0776 5584 NAVENG - ok
04:07:28.0854 5584 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120103.023\NAVEX15.SYS
04:07:28.0916 5584 NAVEX15 - ok
04:07:29.0025 5584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:07:29.0056 5584 NDIS - ok
04:07:29.0088 5584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:07:29.0119 5584 NdisTapi - ok
04:07:29.0212 5584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:07:29.0244 5584 Ndisuio - ok
04:07:29.0290 5584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:07:29.0322 5584 NdisWan - ok
04:07:29.0368 5584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:07:29.0400 5584 NDProxy - ok
04:07:29.0493 5584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:07:29.0524 5584 NetBIOS - ok
04:07:29.0556 5584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:07:29.0587 5584 netbt - ok
04:07:29.0649 5584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:07:29.0665 5584 nfrd960 - ok
04:07:29.0758 5584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:07:29.0805 5584 Npfs - ok
04:07:29.0852 5584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:07:29.0883 5584 nsiproxy - ok
04:07:29.0930 5584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:07:29.0977 5584 Ntfs - ok
04:07:30.0070 5584 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:07:30.0086 5584 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
04:07:30.0086 5584 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
04:07:30.0102 5584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:07:30.0148 5584 ntrigdigi - ok
04:07:30.0180 5584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:07:30.0226 5584 Null - ok
04:07:30.0429 5584 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:07:30.0632 5584 nvlddmkm - ok
04:07:30.0726 5584 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:07:30.0741 5584 nvraid - ok
04:07:30.0772 5584 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
04:07:30.0804 5584 nvstor - ok
04:07:30.0819 5584 nvstor32 (86b1b96806829066982ed67b7aba74ef) C:\Windows\system32\drivers\nvstor32.sys
04:07:30.0835 5584 nvstor32 - ok
04:07:30.0928 5584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:07:30.0944 5584 nv_agp - ok
04:07:30.0960 5584 NwlnkFlt - ok
04:07:30.0975 5584 NwlnkFwd - ok
04:07:31.0022 5584 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:07:31.0053 5584 ohci1394 - ok
04:07:31.0116 5584 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
04:07:31.0147 5584 Parport - ok
04:07:31.0240 5584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:07:31.0256 5584 partmgr - ok
04:07:31.0272 5584 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
04:07:31.0303 5584 Parvdm - ok
04:07:31.0350 5584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:07:31.0365 5584 pci - ok
04:07:31.0396 5584 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:07:31.0412 5584 pciide - ok
04:07:31.0490 5584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:07:31.0506 5584 pcmcia - ok
04:07:31.0568 5584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:07:31.0646 5584 PEAUTH - ok
04:07:31.0786 5584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:07:31.0818 5584 PptpMiniport - ok
04:07:31.0864 5584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:07:31.0927 5584 Processor - ok
04:07:31.0958 5584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:07:31.0989 5584 PSched - ok
04:07:32.0067 5584 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
04:07:32.0083 5584 PSDFilter ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0083 5584 PSDFilter - detected UnsignedFile.Multi.Generic (1)
04:07:32.0098 5584 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
04:07:32.0114 5584 PSDNServ ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0114 5584 PSDNServ - detected UnsignedFile.Multi.Generic (1)
04:07:32.0130 5584 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
04:07:32.0145 5584 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
04:07:32.0145 5584 psdvdisk - detected UnsignedFile.Multi.Generic (1)
04:07:32.0223 5584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:07:32.0254 5584 ql2300 - ok
04:07:32.0332 5584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:07:32.0364 5584 ql40xx - ok
04:07:32.0410 5584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:07:32.0426 5584 QWAVEdrv - ok
04:07:32.0457 5584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:07:32.0504 5584 RasAcd - ok
04:07:32.0582 5584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:07:32.0629 5584 Rasl2tp - ok
04:07:32.0660 5584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:07:32.0691 5584 RasPppoe - ok
04:07:32.0722 5584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:07:32.0738 5584 RasSstp - ok
04:07:32.0832 5584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:07:32.0863 5584 rdbss - ok
04:07:32.0894 5584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:07:32.0925 5584 RDPCDD - ok
04:07:32.0972 5584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:07:33.0034 5584 rdpdr - ok
04:07:33.0112 5584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:07:33.0144 5584 RDPENCDD - ok
04:07:33.0190 5584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:07:33.0222 5584 RDPWD - ok
04:07:33.0300 5584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:07:33.0331 5584 rspndr - ok
04:07:33.0378 5584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:07:33.0393 5584 sbp2port - ok
04:07:33.0487 5584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:07:33.0549 5584 secdrv - ok
04:07:33.0580 5584 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
04:07:33.0627 5584 Serenum - ok
04:07:33.0658 5584 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
04:07:33.0690 5584 Serial - ok
04:07:33.0736 5584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:07:33.0768 5584 sermouse - ok
04:07:33.0877 5584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:07:33.0924 5584 sffdisk - ok
04:07:33.0939 5584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:07:34.0002 5584 sffp_mmc - ok
04:07:34.0033 5584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:07:34.0080 5584 sffp_sd - ok
04:07:34.0126 5584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:07:34.0189 5584 sfloppy - ok
04:07:34.0251 5584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:07:34.0267 5584 sisagp - ok
04:07:34.0314 5584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:07:34.0329 5584 SiSRaid2 - ok
04:07:34.0345 5584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:07:34.0360 5584 SiSRaid4 - ok
04:07:34.0470 5584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:07:34.0516 5584 Smb - ok
04:07:34.0563 5584 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
04:07:34.0641 5584 smserial - ok
04:07:34.0750 5584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:07:34.0766 5584 spldr - ok
04:07:34.0828 5584 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
04:07:34.0860 5584 SRTSP - ok
04:07:34.0938 5584 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
04:07:34.0953 5584 SRTSPX - ok
04:07:34.0984 5584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:07:35.0016 5584 srv - ok
04:07:35.0062 5584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:07:35.0078 5584 srv2 - ok
04:07:35.0140 5584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:07:35.0172 5584 srvnet - ok
04:07:35.0218 5584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:07:35.0234 5584 swenum - ok
04:07:35.0281 5584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:07:35.0296 5584 Symc8xx - ok
04:07:35.0421 5584 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
04:07:35.0452 5584 SymDS - ok
04:07:35.0499 5584 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
04:07:35.0530 5584 SymEFA - ok
04:07:35.0608 5584 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:07:35.0624 5584 SymEvent - ok
04:07:35.0686 5584 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
04:07:35.0718 5584 SymIRON - ok
04:07:35.0796 5584 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
04:07:35.0827 5584 SYMTDIv - ok
04:07:35.0858 5584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:07:35.0874 5584 Sym_hi - ok
04:07:35.0905 5584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:07:35.0920 5584 Sym_u3 - ok
04:07:36.0061 5584 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:07:36.0108 5584 Tcpip - ok
04:07:36.0139 5584 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:07:36.0186 5584 Tcpip6 - ok
04:07:36.0217 5584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:07:36.0232 5584 tcpipreg - ok
04:07:36.0310 5584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:07:36.0357 5584 TDPIPE - ok
04:07:36.0404 5584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:07:36.0435 5584 TDTCP - ok
04:07:36.0482 5584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:07:36.0513 5584 tdx - ok
04:07:36.0576 5584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:07:36.0591 5584 TermDD - ok
04:07:36.0607 5584 TfFsMon - ok
04:07:36.0638 5584 TfNetMon - ok
04:07:36.0654 5584 TFSysMon - ok
04:07:36.0732 5584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:07:36.0763 5584 tssecsrv - ok
04:07:36.0810 5584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:07:36.0825 5584 tunmp - ok
04:07:36.0888 5584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:07:36.0903 5584 tunnel - ok
04:07:36.0934 5584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:07:36.0950 5584 uagp35 - ok
04:07:36.0997 5584 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
04:07:37.0012 5584 UBHelper ( UnsignedFile.Multi.Generic ) - warning
04:07:37.0012 5584 UBHelper - detected UnsignedFile.Multi.Generic (1)
04:07:37.0075 5584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:07:37.0106 5584 udfs - ok
04:07:37.0184 5584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:07:37.0200 5584 uliagpkx - ok
04:07:37.0231 5584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:07:37.0246 5584 uliahci - ok
04:07:37.0309 5584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:07:37.0324 5584 UlSata - ok
04:07:37.0356 5584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:07:37.0371 5584 ulsata2 - ok
04:07:37.0434 5584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:07:37.0480 5584 umbus - ok
04:07:37.0527 5584 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
04:07:37.0543 5584 USBAAPL - ok
04:07:37.0605 5584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:07:37.0636 5584 usbccgp - ok
04:07:37.0683 5584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:07:37.0746 5584 usbcir - ok
04:07:37.0792 5584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:07:37.0808 5584 usbehci - ok
04:07:37.0870 5584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:07:37.0902 5584 usbhub - ok
04:07:37.0948 5584 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:07:37.0980 5584 usbohci - ok
04:07:38.0011 5584 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:07:38.0042 5584 usbprint - ok
04:07:38.0089 5584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:07:38.0120 5584 USBSTOR - ok
04:07:38.0182 5584 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:07:38.0276 5584 usbuhci - ok
04:07:38.0338 5584 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:07:38.0401 5584 vga - ok
04:07:38.0416 5584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:07:38.0448 5584 VgaSave - ok
04:07:38.0526 5584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:07:38.0541 5584 viaagp - ok
04:07:38.0557 5584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:07:38.0619 5584 ViaC7 - ok
04:07:38.0666 5584 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:07:38.0682 5584 viaide - ok
04:07:38.0713 5584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:07:38.0728 5584 volmgr - ok
04:07:38.0791 5584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:07:38.0822 5584 volmgrx - ok
04:07:38.0869 5584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:07:38.0900 5584 volsnap - ok
04:07:38.0962 5584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:07:38.0978 5584 vsmraid - ok
04:07:39.0040 5584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:07:39.0103 5584 WacomPen - ok
04:07:39.0150 5584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:07:39.0181 5584 Wanarp - ok
04:07:39.0196 5584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:07:39.0228 5584 Wanarpv6 - ok
04:07:39.0274 5584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:07:39.0290 5584 Wd - ok
04:07:39.0368 5584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:07:39.0384 5584 Wdf01000 - ok
04:07:39.0524 5584 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
04:07:39.0555 5584 winusb - ok
04:07:39.0633 5584 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:07:39.0680 5584 WmiAcpi - ok
04:07:39.0758 5584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:07:39.0774 5584 WpdUsb - ok
04:07:39.0867 5584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:07:39.0898 5584 ws2ifsl - ok
04:07:39.0961 5584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:07:40.0008 5584 WUDFRd - ok
04:07:40.0054 5584 yukonwlh (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
04:07:40.0086 5584 yukonwlh - ok
04:07:40.0117 5584 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
04:07:40.0866 5584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:07:40.0866 5584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:07:40.0897 5584 Boot (0x1200) (00a9e8c88f9f5fdaf0e8cf9a0bc77c3a) \Device\Harddisk0\DR0\Partition0
04:07:40.0897 5584 \Device\Harddisk0\DR0\Partition0 - ok
04:07:40.0912 5584 Boot (0x1200) (605606dbbe9c474e340602688b9993ae) \Device\Harddisk0\DR0\Partition1
04:07:40.0912 5584 \Device\Harddisk0\DR0\Partition1 - ok
04:07:40.0928 5584 ============================================================
04:07:40.0928 5584 Scan finished
04:07:40.0928 5584 ============================================================
04:07:40.0944 5764 Detected object count: 7
04:07:40.0944 5764 Actual detected object count: 7
04:07:57.0573 5764 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0573 5764 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0573 5764 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0573 5764 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0589 5764 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0589 5764 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0604 5764 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0604 5764 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0604 5764 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
04:07:57.0604 5764 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:07:57.0620 5764 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:07:57.0620 5764 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 04 January 2012 - 02:14 PM

I will get better at this, I apologize for my lack of skills.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:37 PM

Posted 05 January 2012 - 01:31 AM

Good Evening!

Hope I'm doing this properly. This has to be a struggle for you. I appreciate the effort!

I will get better at this, I apologize for my lack of skills.


No need to be sorry! You're doing fine, don't worry about it!!

It does look like the infection is still recking havoc.

Lets run a tool to unhide your system files/folders.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Edited by SweetTech, 05 January 2012 - 01:32 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 January 2012 - 07:34 AM

runnuning unhide: a window appears " Windows Script Host Can't find script engine"VBScript" "C:\Users\Ralph\AppData\Temp\info.vbs". Looks like similar windows from Systemfix. I closed it one time and it removed Unhide from screen also, ran Unhide again, it gets thru C:\and D:\ and same window reappears doing nothing till I here from you

#11 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 January 2012 - 07:44 AM

Idragged it away from Unhide, clicked on Unhide, seems to be running again, ignoring "scare message"

#12 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 January 2012 - 07:49 AM

a blinking dash or underline means Unhide is still running?

#13 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 January 2012 - 08:13 AM

screen is populating, including a shortcut to "System Fix"!

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:37 PM

Posted 05 January 2012 - 08:38 AM

Hi!

Can you just confirm whether or not UnHide was able to unhide your files and folders successfully?? Were you able to run the ComboFix scan yet?

Not trying to rush you, just want to see where you're currently at with my previous instructions.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 wiglet

wiglet
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 05 January 2012 - 09:20 AM

I still have a "blinker" beneath the D:\, which makes me think that Unhide is still running. My screen shows most of what used to be there, black background, wrong time and no date in sidebar, "computer" looks as complete as far as I can determine at a glance. Was waiting for some indication that unhide was done or the blinker stopped before proceeding with next step.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users