Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Stopping Micro Trend Program Install


  • This topic is locked This topic is locked
45 replies to this topic

#1 angel305510

angel305510

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 22 February 2012 - 08:41 PM

I uninstalled my old version of my Micro trend software but I cannot install my new version. When I run the install it stops at about 80% and gives me an error code. I have contacted and spoke with thier support team for four days and I dont think they have any idea whats going on. I have sent them files for three days and they had me run hijackthis, housecall, uninstall and reinstall many times (the new version) and nothing has worked. A problem I have noticed and told them about was when they had me try and run the permissions tool my internet all of a sudden starts popping up multiple windows to the point where I have to restart the computer. Also I notice when I ran housecall my start toolbar would flash on and off. Please help, any advice would be appreciated.

Angel

http://www.bleepingcomputer.com/forums/topic443290.html/page__p__2603559__fromsearch__1#entry2603559

The second log I cannot copy and paste because when I try, the internet tries to open a window but it just open and closes multiple ones and I have to restart my computer. It was the attach.txt file.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Angel at 18:16:16 on 2012-02-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.810 [GMT -7:00]
.
AV: Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [DT HPW] c:\program files\common files\portrait displays\shared\DT_startup.exe -HPW
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Easy Dock]
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: pandora.com\help
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1D6F60BF-471D-40CE-8E36-CA1C70D18F2D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{321546DC-4642-45B9-9091-29294714DE1D} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-29 21504]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-5-12 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-5-12 185640]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-4-1 19456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-20 05:01:40 472808 ----a-w- c:\windows\system32\REN1160.tmp
2012-02-19 23:51:53 -------- d-----w- c:\users\angel\appdata\roaming\SUPERAntiSpyware.com
2012-02-19 23:50:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 23:50:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 21:27:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 03:25:36 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-02-17 03:01:16 -------- d-----w- c:\programdata\Trend Micro
2012-02-15 10:10:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 10:10:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-15 10:10:00 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-15 10:09:58 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 10:09:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 10:09:54 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-15 10:09:49 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 00:31:26 -------- d-----w- c:\program files\Trend Micro
2012-02-14 21:56:34 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:56:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:56:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-08 21:19:10 -------- d-----w- c:\programdata\Belkin
2012-02-08 12:45:28 0 ----a-w- C:\DFRB3C2.tmp
2012-02-08 00:25:35 -------- d-----w- c:\programdata\Affinegy
2012-02-08 00:25:35 -------- d-----w- c:\program files\Belkin
.
==================== Find3M ====================
.
2012-02-20 05:05:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 04:26:55 22032 ----a-w- c:\windows\DCEBoot.exe
2012-01-13 04:26:52 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-16 20:39:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 18:17:43.80 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:19 AM

Posted 23 February 2012 - 01:47 AM

Hi angel305510!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 23 February 2012 - 07:52 PM

1. Hello, Thanks for responding and I hope your able to help me. Any advice is greatly appreciated. I really dont have any questions, your explanation of things is understandable.



2.17:45:44.0714 3488 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:45:45.0322 3488 ============================================================
17:45:45.0322 3488 Current date / time: 2012/02/23 17:45:45.0322
17:45:45.0322 3488 SystemInfo:
17:45:45.0322 3488
17:45:45.0322 3488 OS Version: 6.0.6002 ServicePack: 2.0
17:45:45.0322 3488 Product type: Workstation
17:45:45.0322 3488 ComputerName: ANGEL-PC
17:45:45.0322 3488 UserName: Angel
17:45:45.0322 3488 Windows directory: C:\Windows
17:45:45.0322 3488 System windows directory: C:\Windows
17:45:45.0322 3488 Processor architecture: Intel x86
17:45:45.0322 3488 Number of processors: 2
17:45:45.0322 3488 Page size: 0x1000
17:45:45.0322 3488 Boot type: Normal boot
17:45:45.0322 3488 ============================================================
17:45:46.0118 3488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:45:46.0164 3488 \Device\Harddisk0\DR0:
17:45:46.0164 3488 MBR used
17:45:46.0164 3488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39069FC1
17:45:46.0164 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3906A000, BlocksNum 0x131B000
17:45:46.0305 3488 Initialize success
17:45:46.0305 3488 ============================================================
17:46:05.0275 2324 ============================================================
17:46:05.0275 2324 Scan started
17:46:05.0275 2324 Mode: Manual;
17:46:05.0275 2324 ============================================================
17:46:05.0931 2324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:46:05.0946 2324 ACPI - ok
17:46:06.0009 2324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:46:06.0024 2324 adp94xx - ok
17:46:06.0071 2324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:46:06.0071 2324 adpahci - ok
17:46:06.0102 2324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:46:06.0102 2324 adpu160m - ok
17:46:06.0133 2324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:46:06.0133 2324 adpu320 - ok
17:46:06.0227 2324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:46:06.0243 2324 AFD - ok
17:46:06.0289 2324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:46:06.0289 2324 agp440 - ok
17:46:06.0305 2324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:46:06.0321 2324 aic78xx - ok
17:46:06.0352 2324 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys
17:46:06.0367 2324 aliide - ok
17:46:06.0383 2324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:46:06.0399 2324 amdagp - ok
17:46:06.0414 2324 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys
17:46:06.0414 2324 amdide - ok
17:46:06.0445 2324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:46:06.0445 2324 AmdK7 - ok
17:46:06.0477 2324 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:46:06.0477 2324 AmdK8 - ok
17:46:06.0539 2324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:46:06.0539 2324 arc - ok
17:46:06.0570 2324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:46:06.0570 2324 arcsas - ok
17:46:06.0633 2324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:06.0633 2324 AsyncMac - ok
17:46:06.0664 2324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:46:06.0664 2324 atapi - ok
17:46:06.0773 2324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:46:06.0773 2324 Beep - ok
17:46:06.0820 2324 blbdrive - ok
17:46:06.0898 2324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:46:06.0898 2324 bowser - ok
17:46:06.0929 2324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:46:06.0929 2324 BrFiltLo - ok
17:46:06.0960 2324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:46:06.0960 2324 BrFiltUp - ok
17:46:06.0991 2324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:46:07.0007 2324 Brserid - ok
17:46:07.0023 2324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:46:07.0023 2324 BrSerWdm - ok
17:46:07.0054 2324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:46:07.0054 2324 BrUsbMdm - ok
17:46:07.0069 2324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:46:07.0069 2324 BrUsbSer - ok
17:46:07.0101 2324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:46:07.0101 2324 BTHMODEM - ok
17:46:07.0179 2324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:07.0194 2324 cdfs - ok
17:46:07.0210 2324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:07.0225 2324 cdrom - ok
17:46:07.0257 2324 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:46:07.0272 2324 circlass - ok
17:46:07.0303 2324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:46:07.0303 2324 CLFS - ok
17:46:07.0350 2324 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys
17:46:07.0350 2324 cmdide - ok
17:46:07.0381 2324 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:46:07.0381 2324 Compbatt - ok
17:46:07.0413 2324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:46:07.0413 2324 crcdisk - ok
17:46:07.0444 2324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:46:07.0444 2324 Crusoe - ok
17:46:07.0537 2324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:46:07.0553 2324 DfsC - ok
17:46:07.0615 2324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:46:07.0615 2324 disk - ok
17:46:07.0709 2324 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:46:07.0709 2324 Dot4 - ok
17:46:07.0771 2324 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:46:07.0771 2324 Dot4Print - ok
17:46:07.0818 2324 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:46:07.0834 2324 dot4usb - ok
17:46:07.0896 2324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:46:07.0896 2324 drmkaud - ok
17:46:07.0974 2324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:07.0990 2324 DXGKrnl - ok
17:46:08.0037 2324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:46:08.0037 2324 E1G60 - ok
17:46:08.0130 2324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:46:08.0130 2324 Ecache - ok
17:46:08.0208 2324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:46:08.0208 2324 elxstor - ok
17:46:08.0286 2324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:46:08.0286 2324 exfat - ok
17:46:08.0333 2324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:46:08.0349 2324 fastfat - ok
17:46:08.0364 2324 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:46:08.0364 2324 fdc - ok
17:46:08.0442 2324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:46:08.0442 2324 FileInfo - ok
17:46:08.0489 2324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:46:08.0505 2324 Filetrace - ok
17:46:08.0520 2324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:08.0520 2324 flpydisk - ok
17:46:08.0567 2324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:46:08.0583 2324 FltMgr - ok
17:46:08.0629 2324 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
17:46:08.0629 2324 FlyUsb - ok
17:46:08.0661 2324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:08.0661 2324 Fs_Rec - ok
17:46:08.0707 2324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:46:08.0707 2324 gagp30kx - ok
17:46:08.0754 2324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:46:08.0754 2324 GEARAspiWDM - ok
17:46:08.0785 2324 gldtzakp - ok
17:46:08.0895 2324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:46:08.0895 2324 HdAudAddService - ok
17:46:08.0957 2324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:08.0973 2324 HDAudBus - ok
17:46:09.0004 2324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:46:09.0019 2324 HidBth - ok
17:46:09.0051 2324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:46:09.0051 2324 HidIr - ok
17:46:09.0097 2324 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
17:46:09.0097 2324 HidUsb - ok
17:46:09.0144 2324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:46:09.0144 2324 HpCISSs - ok
17:46:09.0253 2324 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:46:09.0285 2324 HSF_DP - ok
17:46:09.0316 2324 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:46:09.0331 2324 HSXHWBS2 - ok
17:46:09.0394 2324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:46:09.0409 2324 HTTP - ok
17:46:09.0425 2324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:46:09.0441 2324 i2omp - ok
17:46:09.0503 2324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:46:09.0503 2324 i8042prt - ok
17:46:09.0534 2324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:46:09.0550 2324 iaStorV - ok
17:46:09.0581 2324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:46:09.0581 2324 iirsp - ok
17:46:09.0815 2324 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
17:46:09.0893 2324 IntcAzAudAddService - ok
17:46:09.0940 2324 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys
17:46:09.0940 2324 intelide - ok
17:46:09.0971 2324 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:09.0971 2324 intelppm - ok
17:46:10.0049 2324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:46:10.0065 2324 IpFilterDriver - ok
17:46:10.0065 2324 IpInIp - ok
17:46:10.0111 2324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:46:10.0111 2324 IPMIDRV - ok
17:46:10.0174 2324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:46:10.0174 2324 IPNAT - ok
17:46:10.0236 2324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:46:10.0252 2324 IRENUM - ok
17:46:10.0345 2324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:46:10.0377 2324 isapnp - ok
17:46:10.0470 2324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:46:10.0486 2324 iScsiPrt - ok
17:46:10.0501 2324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:46:10.0501 2324 iteatapi - ok
17:46:10.0517 2324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:46:10.0533 2324 iteraid - ok
17:46:10.0595 2324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:46:10.0611 2324 kbdclass - ok
17:46:10.0626 2324 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
17:46:10.0642 2324 kbdhid - ok
17:46:10.0876 2324 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:46:10.0876 2324 KSecDD - ok
17:46:11.0016 2324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:46:11.0032 2324 lltdio - ok
17:46:11.0079 2324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:46:11.0079 2324 LSI_FC - ok
17:46:11.0110 2324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:46:11.0125 2324 LSI_SAS - ok
17:46:11.0141 2324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:46:11.0141 2324 LSI_SCSI - ok
17:46:11.0203 2324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:46:11.0203 2324 luafv - ok
17:46:11.0219 2324 MCSTRM - ok
17:46:11.0281 2324 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:46:11.0281 2324 mdmxsdk - ok
17:46:11.0328 2324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:46:11.0328 2324 megasas - ok
17:46:11.0406 2324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:46:11.0406 2324 Modem - ok
17:46:11.0453 2324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:46:11.0453 2324 monitor - ok
17:46:11.0484 2324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:46:11.0500 2324 mouclass - ok
17:46:11.0531 2324 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
17:46:11.0531 2324 mouhid - ok
17:46:11.0593 2324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:46:11.0593 2324 MountMgr - ok
17:46:11.0640 2324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:46:11.0640 2324 mpio - ok
17:46:11.0687 2324 MpKsl0f00f1aa - ok
17:46:11.0734 2324 MpKsl11ca4a95 - ok
17:46:11.0749 2324 MpKsl1e791b17 - ok
17:46:11.0765 2324 MpKsl2253a2da - ok
17:46:11.0781 2324 MpKsl334859fb - ok
17:46:11.0827 2324 MpKsl38ae34c1 - ok
17:46:11.0843 2324 MpKsl3e833d53 - ok
17:46:11.0859 2324 MpKsl41ebc85b - ok
17:46:11.0890 2324 MpKsl4ab71792 - ok
17:46:11.0905 2324 MpKsl54328762 - ok
17:46:11.0937 2324 MpKsl689e33b7 - ok
17:46:11.0952 2324 MpKsl70c3b325 - ok
17:46:11.0968 2324 MpKsl71464aeb - ok
17:46:11.0968 2324 MpKsl73504176 - ok
17:46:11.0999 2324 MpKsl7733d99a - ok
17:46:12.0015 2324 MpKsl8416cb12 - ok
17:46:12.0030 2324 MpKsl84f50a00 - ok
17:46:12.0046 2324 MpKsl98c8a527 - ok
17:46:12.0077 2324 MpKslaa5821a0 - ok
17:46:12.0077 2324 MpKsld5aea58d - ok
17:46:12.0108 2324 MpKsle5a16f43 - ok
17:46:12.0124 2324 MpKsleceafee4 - ok
17:46:12.0233 2324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:46:12.0233 2324 mpsdrv - ok
17:46:12.0264 2324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:46:12.0264 2324 Mraid35x - ok
17:46:12.0295 2324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:46:12.0295 2324 MRxDAV - ok
17:46:12.0358 2324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:46:12.0358 2324 mrxsmb - ok
17:46:12.0420 2324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:46:12.0436 2324 mrxsmb10 - ok
17:46:12.0467 2324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:46:12.0483 2324 mrxsmb20 - ok
17:46:12.0498 2324 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys
17:46:12.0498 2324 msahci - ok
17:46:12.0545 2324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:46:12.0561 2324 msdsm - ok
17:46:12.0639 2324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:46:12.0639 2324 Msfs - ok
17:46:12.0670 2324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:46:12.0685 2324 msisadrv - ok
17:46:12.0763 2324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:46:12.0763 2324 MSKSSRV - ok
17:46:12.0810 2324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:46:12.0810 2324 MSPCLOCK - ok
17:46:12.0841 2324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:46:12.0841 2324 MSPQM - ok
17:46:12.0904 2324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:46:12.0919 2324 MsRPC - ok
17:46:12.0951 2324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:46:12.0966 2324 mssmbios - ok
17:46:12.0997 2324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:46:12.0997 2324 MSTEE - ok
17:46:13.0029 2324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:46:13.0029 2324 Mup - ok
17:46:13.0122 2324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:46:13.0122 2324 NativeWifiP - ok
17:46:13.0185 2324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:46:13.0185 2324 NDIS - ok
17:46:13.0263 2324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:46:13.0278 2324 NdisTapi - ok
17:46:13.0309 2324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:46:13.0309 2324 Ndisuio - ok
17:46:13.0372 2324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:46:13.0372 2324 NdisWan - ok
17:46:13.0419 2324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:46:13.0450 2324 NDProxy - ok
17:46:13.0621 2324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:46:13.0637 2324 NetBIOS - ok
17:46:13.0668 2324 netbt (a664d874dc7933ae771ef6e633c5130b) C:\Windows\system32\DRIVERS\netbt.sys
17:46:13.0668 2324 netbt - ok
17:46:13.0777 2324 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
17:46:13.0793 2324 netr73 - ok
17:46:13.0840 2324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:46:13.0840 2324 nfrd960 - ok
17:46:13.0871 2324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:46:13.0871 2324 Npfs - ok
17:46:13.0918 2324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:46:13.0933 2324 nsiproxy - ok
17:46:14.0011 2324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:46:14.0043 2324 Ntfs - ok
17:46:14.0074 2324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:46:14.0089 2324 ntrigdigi - ok
17:46:14.0121 2324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:46:14.0121 2324 Null - ok
17:46:14.0199 2324 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:46:14.0230 2324 NVENETFD - ok
17:46:14.0682 2324 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:46:15.0057 2324 nvlddmkm - ok
17:46:15.0150 2324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:46:15.0150 2324 nvraid - ok
17:46:15.0244 2324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:46:15.0244 2324 nvstor - ok
17:46:15.0322 2324 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
17:46:15.0322 2324 nvstor32 - ok
17:46:15.0369 2324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:46:15.0369 2324 nv_agp - ok
17:46:15.0384 2324 NwlnkFlt - ok
17:46:15.0400 2324 NwlnkFwd - ok
17:46:15.0462 2324 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:46:15.0462 2324 ohci1394 - ok
17:46:15.0556 2324 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:46:15.0556 2324 Parport - ok
17:46:15.0634 2324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:46:15.0649 2324 partmgr - ok
17:46:15.0696 2324 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:46:15.0696 2324 Parvdm - ok
17:46:15.0727 2324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:46:15.0727 2324 pci - ok
17:46:15.0759 2324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:46:15.0759 2324 pciide - ok
17:46:15.0774 2324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:46:15.0790 2324 pcmcia - ok
17:46:15.0852 2324 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
17:46:15.0852 2324 PdiPorts - ok
17:46:15.0915 2324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:46:15.0930 2324 PEAUTH - ok
17:46:16.0102 2324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:46:16.0117 2324 PptpMiniport - ok
17:46:16.0133 2324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:46:16.0133 2324 Processor - ok
17:46:16.0180 2324 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:46:16.0180 2324 Ps2 - ok
17:46:16.0211 2324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:46:16.0227 2324 PSched - ok
17:46:16.0258 2324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:46:16.0289 2324 ql2300 - ok
17:46:16.0320 2324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:46:16.0320 2324 ql40xx - ok
17:46:16.0367 2324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:46:16.0383 2324 QWAVEdrv - ok
17:46:16.0414 2324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:46:16.0429 2324 RasAcd - ok
17:46:16.0507 2324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:46:16.0507 2324 Rasl2tp - ok
17:46:16.0554 2324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:46:16.0554 2324 RasPppoe - ok
17:46:16.0570 2324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:46:16.0570 2324 RasSstp - ok
17:46:16.0617 2324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:46:16.0617 2324 rdbss - ok
17:46:16.0710 2324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:46:16.0710 2324 RDPCDD - ok
17:46:16.0757 2324 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:46:16.0757 2324 rdpdr - ok
17:46:16.0773 2324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:46:16.0773 2324 RDPENCDD - ok
17:46:16.0835 2324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:46:16.0851 2324 RDPWD - ok
17:46:17.0100 2324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:46:17.0147 2324 rspndr - ok
17:46:17.0568 2324 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:46:17.0568 2324 SASDIFSV - ok
17:46:17.0584 2324 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:46:17.0584 2324 SASKUTIL - ok
17:46:17.0646 2324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:46:17.0724 2324 sbp2port - ok
17:46:17.0771 2324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:46:17.0771 2324 secdrv - ok
17:46:17.0865 2324 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:46:17.0865 2324 Serenum - ok
17:46:17.0943 2324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:46:18.0005 2324 Serial - ok
17:46:18.0052 2324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:46:18.0052 2324 sermouse - ok
17:46:18.0130 2324 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
17:46:18.0130 2324 sffdisk - ok
17:46:18.0145 2324 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
17:46:18.0145 2324 sffp_mmc - ok
17:46:18.0177 2324 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
17:46:18.0177 2324 sffp_sd - ok
17:46:18.0192 2324 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:46:18.0192 2324 sfloppy - ok
17:46:18.0255 2324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:46:18.0255 2324 sisagp - ok
17:46:18.0286 2324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:46:18.0286 2324 SiSRaid2 - ok
17:46:18.0317 2324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:46:18.0317 2324 SiSRaid4 - ok
17:46:18.0379 2324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:46:18.0395 2324 Smb - ok
17:46:18.0489 2324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:46:18.0489 2324 spldr - ok
17:46:18.0567 2324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:46:18.0582 2324 srv - ok
17:46:18.0660 2324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:46:18.0676 2324 srv2 - ok
17:46:18.0723 2324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:46:18.0738 2324 srvnet - ok
17:46:18.0785 2324 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\Windows\system32\Drivers\sskbfd.sys
17:46:18.0785 2324 SSKBFD - ok
17:46:18.0863 2324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:46:18.0863 2324 swenum - ok
17:46:18.0879 2324 Scan interrupted by user!
17:46:18.0879 2324 Scan interrupted by user!
17:46:18.0879 2324 Scan interrupted by user!
17:46:18.0879 2324 ============================================================
17:46:18.0879 2324 Scan finished
17:46:18.0879 2324 ============================================================
17:46:18.0910 2032 Detected object count: 0
17:46:18.0910 2032 Actual detected object count: 0
17:46:29.0877 2484 ============================================================
17:46:29.0877 2484 Scan started
17:46:29.0877 2484 Mode: Manual; SigCheck; TDLFS;
17:46:29.0877 2484 ============================================================
17:46:30.0173 2484 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:46:30.0407 2484 ACPI - ok
17:46:30.0469 2484 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:46:30.0501 2484 adp94xx - ok
17:46:30.0547 2484 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:46:30.0579 2484 adpahci - ok
17:46:30.0625 2484 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:46:30.0641 2484 adpu160m - ok
17:46:30.0719 2484 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:46:30.0735 2484 adpu320 - ok
17:46:30.0859 2484 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:46:30.0969 2484 AFD - ok
17:46:31.0015 2484 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:46:31.0031 2484 agp440 - ok
17:46:31.0062 2484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:46:31.0078 2484 aic78xx - ok
17:46:31.0140 2484 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys
17:46:31.0156 2484 aliide - ok
17:46:31.0203 2484 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:46:31.0218 2484 amdagp - ok
17:46:31.0249 2484 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys
17:46:31.0265 2484 amdide - ok
17:46:31.0312 2484 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:46:31.0577 2484 AmdK7 - ok
17:46:31.0639 2484 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:46:31.0795 2484 AmdK8 - ok
17:46:31.0858 2484 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:46:31.0873 2484 arc - ok
17:46:31.0889 2484 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:46:31.0920 2484 arcsas - ok
17:46:31.0983 2484 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:32.0076 2484 AsyncMac - ok
17:46:32.0123 2484 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:46:32.0139 2484 atapi - ok
17:46:32.0217 2484 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:46:32.0295 2484 Beep - ok
17:46:32.0326 2484 blbdrive - ok
17:46:32.0373 2484 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:46:32.0451 2484 bowser - ok
17:46:32.0529 2484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:46:32.0638 2484 BrFiltLo - ok
17:46:32.0685 2484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:46:32.0747 2484 BrFiltUp - ok
17:46:32.0778 2484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:46:32.0903 2484 Brserid - ok
17:46:32.0934 2484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:46:33.0028 2484 BrSerWdm - ok
17:46:33.0090 2484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:46:33.0231 2484 BrUsbMdm - ok
17:46:33.0262 2484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:46:33.0371 2484 BrUsbSer - ok
17:46:33.0402 2484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:46:33.0527 2484 BTHMODEM - ok
17:46:33.0574 2484 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:33.0667 2484 cdfs - ok
17:46:33.0699 2484 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:33.0761 2484 cdrom - ok
17:46:33.0823 2484 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:46:33.0948 2484 circlass - ok
17:46:34.0011 2484 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:46:34.0042 2484 CLFS - ok
17:46:34.0104 2484 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys
17:46:34.0135 2484 cmdide - ok
17:46:34.0167 2484 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:46:34.0182 2484 Compbatt - ok
17:46:34.0198 2484 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:46:34.0229 2484 crcdisk - ok
17:46:34.0276 2484 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:46:34.0401 2484 Crusoe - ok
17:46:34.0572 2484 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:46:34.0666 2484 DfsC - ok
17:46:34.0744 2484 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:46:34.0775 2484 disk - ok
17:46:34.0869 2484 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:46:34.0947 2484 Dot4 - ok
17:46:35.0009 2484 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:46:35.0071 2484 Dot4Print - ok
17:46:35.0118 2484 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:46:35.0181 2484 dot4usb - ok
17:46:35.0274 2484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:46:35.0305 2484 drmkaud - ok
17:46:35.0383 2484 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:35.0430 2484 DXGKrnl - ok
17:46:35.0493 2484 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:46:35.0617 2484 E1G60 - ok
17:46:35.0664 2484 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:46:35.0695 2484 Ecache - ok
17:46:35.0758 2484 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:46:35.0773 2484 elxstor - ok
17:46:35.0867 2484 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:46:35.0929 2484 exfat - ok
17:46:36.0023 2484 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:46:36.0070 2484 fastfat - ok
17:46:36.0117 2484 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:46:36.0241 2484 fdc - ok
17:46:36.0319 2484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:46:36.0335 2484 FileInfo - ok
17:46:36.0413 2484 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:46:36.0491 2484 Filetrace - ok
17:46:36.0538 2484 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:36.0663 2484 flpydisk - ok
17:46:36.0725 2484 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:46:36.0741 2484 FltMgr - ok
17:46:36.0803 2484 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
17:46:36.0834 2484 FlyUsb ( UnsignedFile.Multi.Generic ) - warning
17:46:36.0834 2484 FlyUsb - detected UnsignedFile.Multi.Generic (1)
17:46:36.0850 2484 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:36.0928 2484 Fs_Rec - ok
17:46:36.0959 2484 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:46:36.0990 2484 gagp30kx - ok
17:46:37.0021 2484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:46:37.0037 2484 GEARAspiWDM - ok
17:46:37.0037 2484 gldtzakp - ok
17:46:37.0115 2484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:46:37.0240 2484 HdAudAddService - ok
17:46:37.0318 2484 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:37.0443 2484 HDAudBus - ok
17:46:37.0489 2484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:46:37.0583 2484 HidBth - ok
17:46:37.0630 2484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:46:37.0755 2484 HidIr - ok
17:46:37.0801 2484 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
17:46:37.0926 2484 HidUsb - ok
17:46:37.0957 2484 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:46:37.0973 2484 HpCISSs - ok
17:46:38.0082 2484 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:46:38.0176 2484 HSF_DP - ok
17:46:38.0207 2484 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:46:38.0238 2484 HSXHWBS2 - ok
17:46:38.0316 2484 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:46:38.0441 2484 HTTP - ok
17:46:38.0457 2484 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:46:38.0488 2484 i2omp - ok
17:46:38.0550 2484 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:46:38.0613 2484 i8042prt - ok
17:46:38.0675 2484 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:46:38.0691 2484 iaStorV - ok
17:46:38.0769 2484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:46:38.0784 2484 iirsp - ok
17:46:38.0940 2484 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
17:46:39.0112 2484 IntcAzAudAddService - ok
17:46:39.0159 2484 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys
17:46:39.0174 2484 intelide - ok
17:46:39.0237 2484 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:39.0408 2484 intelppm - ok
17:46:39.0471 2484 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:46:39.0517 2484 IpFilterDriver - ok
17:46:39.0533 2484 IpInIp - ok
17:46:39.0580 2484 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:46:39.0705 2484 IPMIDRV - ok
17:46:39.0767 2484 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:46:39.0845 2484 IPNAT - ok
17:46:39.0939 2484 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:46:40.0017 2484 IRENUM - ok
17:46:40.0079 2484 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:46:40.0095 2484 isapnp - ok
17:46:40.0157 2484 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:46:40.0173 2484 iScsiPrt - ok
17:46:40.0251 2484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:46:40.0266 2484 iteatapi - ok
17:46:40.0297 2484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:46:40.0313 2484 iteraid - ok
17:46:40.0375 2484 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:46:40.0391 2484 kbdclass - ok
17:46:40.0422 2484 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
17:46:40.0547 2484 kbdhid - ok
17:46:40.0609 2484 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:46:40.0656 2484 KSecDD - ok
17:46:40.0734 2484 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:46:40.0797 2484 lltdio - ok
17:46:40.0843 2484 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:46:40.0859 2484 LSI_FC - ok
17:46:40.0921 2484 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:46:40.0937 2484 LSI_SAS - ok
17:46:41.0077 2484 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:46:41.0093 2484 LSI_SCSI - ok
17:46:41.0280 2484 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:46:41.0374 2484 luafv - ok
17:46:41.0421 2484 MCSTRM - ok
17:46:41.0483 2484 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:46:41.0499 2484 mdmxsdk - ok
17:46:41.0530 2484 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:46:41.0545 2484 megasas - ok
17:46:41.0623 2484 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:46:41.0686 2484 Modem - ok
17:46:41.0748 2484 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:46:41.0826 2484 monitor - ok
17:46:41.0873 2484 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:46:41.0889 2484 mouclass - ok
17:46:41.0920 2484 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
17:46:42.0013 2484 mouhid - ok
17:46:42.0091 2484 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:46:42.0107 2484 MountMgr - ok
17:46:42.0123 2484 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:46:42.0138 2484 mpio - ok
17:46:42.0185 2484 MpKsl0f00f1aa - ok
17:46:42.0201 2484 MpKsl11ca4a95 - ok
17:46:42.0216 2484 MpKsl1e791b17 - ok
17:46:42.0232 2484 MpKsl2253a2da - ok
17:46:42.0279 2484 MpKsl334859fb - ok
17:46:42.0294 2484 MpKsl38ae34c1 - ok
17:46:42.0294 2484 MpKsl3e833d53 - ok
17:46:42.0310 2484 MpKsl41ebc85b - ok
17:46:42.0325 2484 MpKsl4ab71792 - ok
17:46:42.0341 2484 MpKsl54328762 - ok
17:46:42.0357 2484 MpKsl689e33b7 - ok
17:46:42.0372 2484 MpKsl70c3b325 - ok
17:46:42.0388 2484 MpKsl71464aeb - ok
17:46:42.0403 2484 MpKsl73504176 - ok
17:46:42.0419 2484 MpKsl7733d99a - ok
17:46:42.0435 2484 MpKsl8416cb12 - ok
17:46:42.0450 2484 MpKsl84f50a00 - ok
17:46:42.0466 2484 MpKsl98c8a527 - ok
17:46:42.0481 2484 MpKslaa5821a0 - ok
17:46:42.0497 2484 MpKsld5aea58d - ok
17:46:42.0497 2484 MpKsle5a16f43 - ok
17:46:42.0513 2484 MpKsleceafee4 - ok
17:46:42.0591 2484 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:46:42.0653 2484 mpsdrv - ok
17:46:42.0700 2484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:46:42.0715 2484 Mraid35x - ok
17:46:42.0793 2484 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:46:42.0840 2484 MRxDAV - ok
17:46:42.0903 2484 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:46:42.0965 2484 mrxsmb - ok
17:46:43.0043 2484 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:46:43.0059 2484 mrxsmb10 - ok
17:46:43.0090 2484 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:46:43.0121 2484 mrxsmb20 - ok
17:46:43.0152 2484 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys
17:46:43.0168 2484 msahci - ok
17:46:43.0199 2484 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:46:43.0215 2484 msdsm - ok
17:46:43.0308 2484 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:46:43.0355 2484 Msfs - ok
17:46:43.0417 2484 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:46:43.0433 2484 msisadrv - ok
17:46:43.0511 2484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:46:43.0573 2484 MSKSSRV - ok
17:46:43.0620 2484 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:46:43.0698 2484 MSPCLOCK - ok
17:46:43.0776 2484 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:46:43.0854 2484 MSPQM - ok
17:46:43.0901 2484 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:46:43.0932 2484 MsRPC - ok
17:46:43.0995 2484 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:46:44.0010 2484 mssmbios - ok
17:46:44.0057 2484 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:46:44.0135 2484 MSTEE - ok
17:46:44.0197 2484 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:46:44.0213 2484 Mup - ok
17:46:44.0275 2484 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:46:44.0291 2484 NativeWifiP - ok
17:46:44.0322 2484 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:46:44.0369 2484 NDIS - ok
17:46:44.0431 2484 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:46:44.0463 2484 NdisTapi - ok
17:46:44.0525 2484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:46:44.0634 2484 Ndisuio - ok
17:46:44.0665 2484 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:46:44.0712 2484 NdisWan - ok
17:46:44.0775 2484 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:46:44.0821 2484 NDProxy - ok
17:46:44.0899 2484 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:46:44.0962 2484 NetBIOS - ok
17:46:45.0009 2484 netbt (a664d874dc7933ae771ef6e633c5130b) C:\Windows\system32\DRIVERS\netbt.sys
17:46:45.0040 2484 netbt ( UnsignedFile.Multi.Generic ) - warning
17:46:45.0040 2484 netbt - detected UnsignedFile.Multi.Generic (1)
17:46:45.0133 2484 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
17:46:45.0227 2484 netr73 - ok
17:46:45.0305 2484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:46:45.0336 2484 nfrd960 - ok
17:46:45.0399 2484 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:46:45.0492 2484 Npfs - ok
17:46:45.0523 2484 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:46:45.0570 2484 nsiproxy - ok
17:46:45.0664 2484 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:46:45.0773 2484 Ntfs - ok
17:46:45.0835 2484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:46:45.0945 2484 ntrigdigi - ok
17:46:45.0960 2484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:46:46.0069 2484 Null - ok
17:46:46.0132 2484 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:46:46.0288 2484 NVENETFD - ok
17:46:46.0615 2484 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:46:47.0083 2484 nvlddmkm - ok
17:46:47.0177 2484 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:46:47.0193 2484 nvraid - ok
17:46:47.0239 2484 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:46:47.0255 2484 nvstor - ok
17:46:47.0349 2484 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
17:46:47.0364 2484 nvstor32 - ok
17:46:47.0411 2484 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:46:47.0442 2484 nv_agp - ok
17:46:47.0458 2484 NwlnkFlt - ok
17:46:47.0473 2484 NwlnkFwd - ok
17:46:47.0551 2484 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:46:47.0614 2484 ohci1394 - ok
17:46:47.0692 2484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:46:47.0801 2484 Parport - ok
17:46:47.0848 2484 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:46:47.0879 2484 partmgr - ok
17:46:47.0926 2484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:46:48.0019 2484 Parvdm - ok
17:46:48.0066 2484 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:46:48.0097 2484 pci - ok
17:46:48.0160 2484 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:46:48.0175 2484 pciide - ok
17:46:48.0207 2484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:46:48.0222 2484 pcmcia - ok
17:46:48.0269 2484 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
17:46:48.0285 2484 PdiPorts - ok
17:46:48.0363 2484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:46:48.0487 2484 PEAUTH - ok
17:46:48.0628 2484 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:46:48.0690 2484 PptpMiniport - ok
17:46:48.0753 2484 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:46:48.0846 2484 Processor - ok
17:46:48.0893 2484 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:46:48.0940 2484 Ps2 - ok
17:46:48.0987 2484 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:46:49.0049 2484 PSched - ok
17:46:49.0127 2484 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:46:49.0189 2484 ql2300 - ok
17:46:49.0221 2484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:46:49.0236 2484 ql40xx - ok
17:46:49.0330 2484 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:46:49.0377 2484 QWAVEdrv - ok
17:46:49.0423 2484 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:46:49.0501 2484 RasAcd - ok
17:46:49.0579 2484 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:46:49.0626 2484 Rasl2tp - ok
17:46:49.0673 2484 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:46:49.0767 2484 RasPppoe - ok
17:46:49.0813 2484 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:46:49.0860 2484 RasSstp - ok
17:46:49.0907 2484 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:46:49.0954 2484 rdbss - ok
17:46:50.0016 2484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:46:50.0063 2484 RDPCDD - ok
17:46:50.0125 2484 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:46:50.0266 2484 rdpdr - ok
17:46:50.0281 2484 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:46:50.0359 2484 RDPENCDD - ok
17:46:50.0406 2484 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:46:50.0453 2484 RDPWD - ok
17:46:50.0531 2484 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:46:50.0593 2484 rspndr - ok
17:46:50.0734 2484 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:46:50.0765 2484 SASDIFSV - ok
17:46:50.0781 2484 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:46:50.0796 2484 SASKUTIL - ok
17:46:50.0859 2484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:46:50.0874 2484 sbp2port - ok
17:46:50.0937 2484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:46:51.0030 2484 secdrv - ok
17:46:51.0093 2484 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:46:51.0202 2484 Serenum - ok
17:46:51.0233 2484 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:46:51.0358 2484 Serial - ok
17:46:51.0405 2484 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:46:51.0483 2484 sermouse - ok
17:46:51.0545 2484 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
17:46:51.0607 2484 sffdisk - ok
17:46:51.0623 2484 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
17:46:51.0701 2484 sffp_mmc - ok
17:46:51.0717 2484 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
17:46:51.0748 2484 sffp_sd - ok
17:46:51.0810 2484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:46:51.0919 2484 sfloppy - ok
17:46:51.0966 2484 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:46:51.0982 2484 sisagp - ok
17:46:52.0029 2484 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:46:52.0044 2484 SiSRaid2 - ok
17:46:52.0075 2484 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:46:52.0107 2484 SiSRaid4 - ok
17:46:52.0153 2484 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:46:52.0216 2484 Smb - ok
17:46:52.0294 2484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:46:52.0309 2484 spldr - ok
17:46:52.0372 2484 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:46:52.0450 2484 srv - ok
17:46:52.0512 2484 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:46:52.0590 2484 srv2 - ok
17:46:52.0653 2484 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:46:52.0684 2484 srvnet - ok
17:46:52.0746 2484 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\Windows\system32\Drivers\sskbfd.sys
17:46:52.0762 2484 SSKBFD - ok
17:46:52.0824 2484 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:46:52.0840 2484 swenum - ok
17:46:52.0918 2484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:46:52.0933 2484 Symc8xx - ok
17:46:52.0980 2484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:46:53.0011 2484 Sym_hi - ok
17:46:53.0074 2484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:46:53.0089 2484 Sym_u3 - ok
17:46:53.0214 2484 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
17:46:53.0323 2484 Tcpip - ok
17:46:53.0386 2484 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
17:46:53.0448 2484 Tcpip6 - ok
17:46:53.0495 2484 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
17:46:53.0557 2484 tcpipreg - ok
17:46:53.0620 2484 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:46:53.0682 2484 TDPIPE - ok
17:46:53.0745 2484 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:46:53.0807 2484 TDTCP - ok
17:46:53.0854 2484 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:46:53.0916 2484 tdx - ok
17:46:53.0963 2484 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:46:53.0994 2484 TermDD - ok
17:46:54.0103 2484 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:46:54.0197 2484 tssecsrv - ok
17:46:54.0244 2484 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:46:54.0322 2484 tunmp - ok
17:46:54.0337 2484 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:46:54.0369 2484 tunnel - ok
17:46:54.0415 2484 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:46:54.0431 2484 uagp35 - ok
17:46:54.0509 2484 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:46:54.0556 2484 udfs - ok
17:46:54.0603 2484 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:46:54.0618 2484 uliagpkx - ok
17:46:54.0696 2484 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:46:54.0727 2484 uliahci - ok
17:46:54.0774 2484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:46:54.0805 2484 UlSata - ok
17:46:54.0852 2484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:46:54.0868 2484 ulsata2 - ok
17:46:54.0930 2484 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:46:55.0008 2484 umbus - ok
17:46:55.0039 2484 USBAAPL - ok
17:46:55.0102 2484 usbbus (af9388e736af0c325067f05edc350010) C:\Windows\system32\DRIVERS\lgusbbus.sys
17:46:55.0149 2484 usbbus - ok
17:46:55.0195 2484 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:46:55.0242 2484 usbccgp - ok
17:46:55.0289 2484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:46:55.0414 2484 usbcir - ok
17:46:55.0461 2484 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:46:55.0476 2484 UsbDiag - ok
17:46:55.0554 2484 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:46:55.0632 2484 usbehci - ok
17:46:55.0695 2484 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:46:55.0757 2484 usbhub - ok
17:46:55.0835 2484 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:46:55.0866 2484 USBModem - ok
17:46:55.0913 2484 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:46:55.0944 2484 usbohci - ok
17:46:55.0991 2484 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:46:56.0069 2484 usbprint - ok
17:46:56.0116 2484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:46:56.0163 2484 usbscan - ok
17:46:56.0209 2484 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:46:56.0241 2484 USBSTOR - ok
17:46:56.0303 2484 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:46:56.0428 2484 usbuhci - ok
17:46:56.0475 2484 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:46:56.0584 2484 vga - ok
17:46:56.0631 2484 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:46:56.0709 2484 VgaSave - ok
17:46:56.0755 2484 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:46:56.0787 2484 viaagp - ok
17:46:56.0833 2484 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:46:56.0958 2484 ViaC7 - ok
17:46:56.0989 2484 viaide (61acdd65bc5d6e4936297610506281d7) C:\Windows\system32\drivers\viaide.sys
17:46:57.0005 2484 viaide - ok
17:46:57.0099 2484 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:46:57.0114 2484 volmgr - ok
17:46:57.0192 2484 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:46:57.0239 2484 volmgrx - ok
17:46:57.0301 2484 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:46:57.0333 2484 volsnap - ok
17:46:57.0411 2484 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:46:57.0426 2484 vsmraid - ok
17:46:57.0504 2484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:46:57.0582 2484 WacomPen - ok
17:46:57.0645 2484 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:46:57.0707 2484 Wanarp - ok
17:46:57.0707 2484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:46:57.0754 2484 Wanarpv6 - ok
17:46:57.0785 2484 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:46:57.0801 2484 Wd - ok
17:46:57.0863 2484 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:46:57.0894 2484 Wdf01000 - ok
17:46:58.0035 2484 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:46:58.0300 2484 winachsf - ok
17:46:58.0378 2484 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:46:58.0612 2484 WmiAcpi - ok
17:46:58.0721 2484 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:46:58.0768 2484 WpdUsb - ok
17:46:58.0815 2484 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:46:58.0924 2484 ws2ifsl - ok
17:46:59.0080 2484 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:46:59.0251 2484 WUDFRd - ok
17:46:59.0345 2484 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:46:59.0361 2484 XAudio - ok
17:46:59.0423 2484 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
17:46:59.0688 2484 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:46:59.0688 2484 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:46:59.0704 2484 Boot (0x1200) (aae8233e914376f253a7f119a14fb017) \Device\Harddisk0\DR0\Partition0
17:46:59.0704 2484 \Device\Harddisk0\DR0\Partition0 - ok
17:46:59.0719 2484 Boot (0x1200) (33af6294cd6161533bf76e0254769f54) \Device\Harddisk0\DR0\Partition1
17:46:59.0719 2484 \Device\Harddisk0\DR0\Partition1 - ok
17:46:59.0719 2484 ============================================================
17:46:59.0719 2484 Scan finished
17:46:59.0719 2484 ============================================================
17:46:59.0766 3300 Detected object count: 3
17:46:59.0766 3300 Actual detected object count: 3
17:47:14.0867 3300 FlyUsb ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:14.0867 3300 FlyUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:14.0867 3300 netbt ( UnsignedFile.Multi.Generic ) - skipped by user
17:47:14.0867 3300 netbt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:14.0883 3300 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:47:14.0883 3300 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:48:23.0991 4024 ============================================================
17:48:23.0991 4024 Scan started
17:48:23.0991 4024 Mode: Manual; SigCheck; TDLFS;
17:48:23.0991 4024 ============================================================
17:48:24.0334 4024 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:48:24.0381 4024 ACPI - ok
17:48:24.0443 4024 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:48:24.0490 4024 adp94xx - ok
17:48:24.0537 4024 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:48:24.0568 4024 adpahci - ok
17:48:24.0630 4024 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:48:24.0661 4024 adpu160m - ok
17:48:24.0677 4024 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:48:24.0708 4024 adpu320 - ok
17:48:24.0802 4024 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:48:24.0833 4024 AFD - ok
17:48:24.0880 4024 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:48:24.0911 4024 agp440 - ok
17:48:24.0973 4024 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:48:24.0989 4024 aic78xx - ok
17:48:25.0051 4024 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys
17:48:25.0067 4024 aliide - ok
17:48:25.0098 4024 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:48:25.0114 4024 amdagp - ok
17:48:25.0176 4024 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys
17:48:25.0192 4024 amdide - ok
17:48:25.0207 4024 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:48:25.0301 4024 AmdK7 - ok
17:48:25.0348 4024 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:48:25.0395 4024 AmdK8 - ok
17:48:25.0457 4024 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:48:25.0488 4024 arc - ok
17:48:25.0504 4024 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:48:25.0535 4024 arcsas - ok
17:48:25.0582 4024 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:48:25.0629 4024 AsyncMac - ok
17:48:25.0722 4024 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:48:25.0738 4024 atapi - ok
17:48:25.0816 4024 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:48:25.0863 4024 Beep - ok
17:48:25.0878 4024 blbdrive - ok
17:48:25.0956 4024 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:48:26.0003 4024 bowser - ok
17:48:26.0019 4024 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:48:26.0065 4024 BrFiltLo - ok
17:48:26.0128 4024 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:48:26.0175 4024 BrFiltUp - ok
17:48:26.0237 4024 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:48:26.0331 4024 Brserid - ok
17:48:26.0362 4024 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:48:26.0471 4024 BrSerWdm - ok
17:48:26.0533 4024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:48:26.0627 4024 BrUsbMdm - ok17:48:26.0643 4024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:48:26.0736 4024 BrUsbSer - ok
17:48:26.0799 4024 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:48:26.0892 4024 BTHMODEM - ok
17:48:26.0955 4024 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:48:27.0001 4024 cdfs - ok
17:48:27.0048 4024 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:48:27.0095 4024 cdrom - ok
17:48:27.0157 4024 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:48:27.0251 4024 circlass - ok
17:48:27.0313 4024 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:48:27.0345 4024 CLFS - ok
17:48:27.0407 4024 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys
17:48:27.0423 4024 cmdide - ok
17:48:27.0501 4024 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:48:27.0516 4024 Compbatt - ok
17:48:27.0532 4024 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:48:27.0547 4024 crcdisk - ok
17:48:27.0579 4024 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:48:27.0672 4024 Crusoe - ok
17:48:27.0766 4024 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:48:27.0797 4024 DfsC - ok
17:48:27.0875 4024 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:48:27.0891 4024 disk - ok
17:48:27.0969 4024 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:48:28.0031 4024 Dot4 - ok
17:48:28.0078 4024 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:48:28.0140 4024 Dot4Print - ok
17:48:28.0171 4024 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:48:28.0234 4024 dot4usb - ok
17:48:28.0296 4024 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:48:28.0343 4024 drmkaud - ok
17:48:28.0405 4024 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:48:28.0452 4024 DXGKrnl - ok
17:48:28.0530 4024 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:48:28.0624 4024 E1G60 - ok
17:48:28.0702 4024 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:48:28.0717 4024 Ecache - ok
17:48:28.0811 4024 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:48:28.0827 4024 elxstor - ok
17:48:28.0920 4024 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:48:28.0951 4024 exfat - ok
17:48:29.0029 4024 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:48:29.0061 4024 fastfat - ok
17:48:29.0107 4024 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:48:29.0201 4024 fdc - ok
17:48:29.0279 4024 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:48:29.0295 4024 FileInfo - ok
17:48:29.0357 4024 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:48:29.0404 4024 Filetrace - ok
17:48:29.0435 4024 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:48:29.0529 4024 flpydisk - ok
17:48:29.0560 4024 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:48:29.0591 4024 FltMgr - ok
17:48:29.0653 4024 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
17:48:29.0669 4024 FlyUsb ( UnsignedFile.Multi.Generic ) - warning
17:48:29.0669 4024 FlyUsb - detected UnsignedFile.Multi.Generic (1)
17:48:29.0700 4024 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:48:29.0731 4024 Fs_Rec - ok
17:48:29.0763 4024 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:48:29.0778 4024 gagp30kx - ok
17:48:29.0825 4024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:48:29.0841 4024 GEARAspiWDM - ok
17:48:29.0856 4024 gldtzakp - ok
17:48:29.0919 4024 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:48:30.0028 4024 HdAudAddService - ok
17:48:30.0137 4024 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:48:30.0215 4024 HDAudBus - ok
17:48:30.0231 4024 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:48:30.0324 4024 HidBth - ok
17:48:30.0355 4024 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:48:30.0449 4024 HidIr - ok
17:48:30.0511 4024 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
17:48:30.0605 4024 HidUsb - ok
17:48:30.0667 4024 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:48:30.0683 4024 HpCISSs - ok
17:48:30.0792 4024 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:48:30.0870 4024 HSF_DP - ok
17:48:30.0917 4024 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:48:30.0948 4024 HSXHWBS2 - ok
17:48:31.0042 4024 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:48:31.0089 4024 HTTP - ok
17:48:31.0120 4024 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:48:31.0135 4024 i2omp - ok
17:48:31.0198 4024 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:48:31.0245 4024 i8042prt - ok
17:48:31.0291 4024 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:48:31.0323 4024 iaStorV - ok
17:48:31.0338 4024 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:48:31.0354 4024 iirsp - ok
17:48:31.0525 4024 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
17:48:31.0744 4024 IntcAzAudAddService - ok
17:48:31.0775 4024 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys
17:48:31.0791 4024 intelide - ok
17:48:31.0837 4024 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:48:31.0947 4024 intelppm - ok
17:48:32.0009 4024 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:48:32.0056 4024 IpFilterDriver - ok
17:48:32.0071 4024 IpInIp - ok
17:48:32.0118 4024 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:48:32.0212 4024 IPMIDRV - ok
17:48:32.0305 4024 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:48:32.0352 4024 IPNAT - ok
17:48:32.0430 4024 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:48:32.0477 4024 IRENUM - ok
17:48:32.0524 4024 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:48:32.0539 4024 isapnp - ok
17:48:32.0617 4024 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:48:32.0649 4024 iScsiPrt - ok
17:48:32.0695 4024 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:48:32.0727 4024 iteatapi - ok
17:48:32.0742 4024 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:48:32.0758 4024 iteraid - ok
17:48:32.0805 4024 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:48:32.0820 4024 kbdclass - ok
17:48:32.0851 4024 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
17:48:32.0945 4024 kbdhid - ok
17:48:33.0039 4024 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:48:33.0085 4024 KSecDD - ok
17:48:33.0179 4024 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:48:33.0226 4024 lltdio - ok
17:48:33.0288 4024 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:48:33.0319 4024 LSI_FC - ok
17:48:33.0366 4024 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:48:33.0397 4024 LSI_SAS - ok
17:48:33.0429 4024 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:48:33.0444 4024 LSI_SCSI - ok
17:48:33.0538 4024 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:48:33.0585 4024 luafv - ok
17:48:33.0600 4024 MCSTRM - ok
17:48:33.0647 4024 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:48:33.0694 4024 mdmxsdk - ok
17:48:33.0709 4024 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:48:33.0725 4024 megasas - ok
17:48:33.0819 4024 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:48:33.0865 4024 Modem - ok
17:48:33.0897 4024 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:48:33.0943 4024 monitor - ok
17:48:34.0037 4024 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:48:34.0053 4024 mouclass - ok
17:48:34.0084 4024 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
17:48:34.0193 4024 mouhid - ok
17:48:34.0255 4024 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:48:34.0271 4024 MountMgr - ok
17:48:34.0318 4024 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:48:34.0333 4024 mpio - ok
17:48:34.0380 4024 MpKsl0f00f1aa - ok
17:48:34.0396 4024 MpKsl11ca4a95 - ok
17:48:34.0411 4024 MpKsl1e791b17 - ok
17:48:34.0427 4024 MpKsl2253a2da - ok
17:48:34.0443 4024 MpKsl334859fb - ok
17:48:34.0458 4024 MpKsl38ae34c1 - ok
17:48:34.0474 4024 MpKsl3e833d53 - ok
17:48:34.0489 4024 MpKsl41ebc85b - ok
17:48:34.0505 4024 MpKsl4ab71792 - ok
17:48:34.0521 4024 MpKsl54328762 - ok
17:48:34.0536 4024 MpKsl689e33b7 - ok
17:48:34.0552 4024 MpKsl70c3b325 - ok
17:48:34.0567 4024 MpKsl71464aeb - ok
17:48:34.0583 4024 MpKsl73504176 - ok
17:48:34.0599 4024 MpKsl7733d99a - ok
17:48:34.0614 4024 MpKsl8416cb12 - ok
17:48:34.0630 4024 MpKsl84f50a00 - ok
17:48:34.0645 4024 MpKsl98c8a527 - ok
17:48:34.0661 4024 MpKslaa5821a0 - ok
17:48:34.0692 4024 MpKsld5aea58d - ok
17:48:34.0708 4024 MpKsle5a16f43 - ok
17:48:34.0723 4024 MpKsleceafee4 - ok
17:48:34.0770 4024 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:48:34.0817 4024 mpsdrv - ok
17:48:34.0864 4024 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:48:34.0879 4024 Mraid35x - ok
17:48:34.0895 4024 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:48:34.0926 4024 MRxDAV - ok
17:48:35.0020 4024 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:48:35.0051 4024 mrxsmb - ok
17:48:35.0113 4024 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:48:35.0145 4024 mrxsmb10 - ok
17:48:35.0207 4024 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:48:35.0223 4024 mrxsmb20 - ok
17:48:35.0285 4024 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys
17:48:35.0316 4024 msahci - ok
17:48:35.0332 4024 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:48:35.0363 4024 msdsm - ok
17:48:35.0457 4024 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:48:35.0503 4024 Msfs - ok
17:48:35.0566 4024 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:48:35.0581 4024 msisadrv - ok
17:48:35.0659 4024 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:48:35.0706 4024 MSKSSRV - ok
17:48:35.0769 4024 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:48:35.0815 4024 MSPCLOCK - ok
17:48:35.0847 4024 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:48:35.0893 4024 MSPQM - ok
17:48:35.0956 4024 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:48:35.0971 4024 MsRPC - ok
17:48:36.0049 4024 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:48:36.0081 4024 mssmbios - ok
17:48:36.0127 4024 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:48:36.0190 4024 MSTEE - ok
17:48:36.0237 4024 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:48:36.0252 4024 Mup - ok
17:48:36.0299 4024 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:48:36.0330 4024 NativeWifiP - ok
17:48:36.0393 4024 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:48:36.0439 4024 NDIS - ok
17:48:36.0502 4024 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:48:36.0533 4024 NdisTapi - ok
17:48:36.0564 4024 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:48:36.0611 4024 Ndisuio - ok
17:48:36.0658 4024 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:48:36.0705 4024 NdisWan - ok
17:48:36.0783 4024 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:48:36.0814 4024 NDProxy - ok
17:48:36.0876 4024 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:48:36.0939 4024 NetBIOS - ok
17:48:37.0032 4024 netbt (a664d874dc7933ae771ef6e633c5130b) C:\Windows\system32\DRIVERS\netbt.sys
17:48:37.0063 4024 netbt ( UnsignedFile.Multi.Generic ) - warning
17:48:37.0063 4024 netbt - detected UnsignedFile.Multi.Generic (1)
17:48:37.0141 4024 netr73 (c9afe484b3645da74fd459f45e4f756f) C:\Windows\system32\DRIVERS\netr73.sys
17:48:37.0235 4024 netr73 - ok
17:48:37.0266 4024 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:48:37.0282 4024 nfrd960 - ok
17:48:37.0313 4024 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:48:37.0360 4024 Npfs - ok
17:48:37.0391 4024 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:48:37.0438 4024 nsiproxy - ok
17:48:37.0547 4024 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:48:37.0672 4024 Ntfs - ok
17:48:37.0703 4024 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:48:37.0788 4024 ntrigdigi - ok
17:48:37.0819 4024 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:48:37.0882 4024 Null - ok
17:48:37.0975 4024 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:48:38.0053 4024 NVENETFD - ok
17:48:38.0537 4024 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:48:38.0943 4024 nvlddmkm - ok
17:48:39.0036 4024 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:48:39.0052 4024 nvraid - ok
17:48:39.0114 4024 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:48:39.0130 4024 nvstor - ok
17:48:39.0161 4024 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
17:48:39.0177 4024 nvstor32 - ok
17:48:39.0239 4024 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:48:39.0255 4024 nv_agp - ok
17:48:39.0270 4024 NwlnkFlt - ok
17:48:39.0286 4024 NwlnkFwd - ok
17:48:39.0379 4024 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:48:39.0411 4024 ohci1394 - ok
17:48:39.0489 4024 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:48:39.0582 4024 Parport - ok
17:48:39.0645 4024 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:48:39.0660 4024 partmgr - ok
17:48:39.0691 4024 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:48:39.0785 4024 Parvdm - ok
17:48:39.0847 4024 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:48:39.0863 4024 pci - ok
17:48:39.0894 4024 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:48:39.0910 4024 pciide - ok
17:48:39.0957 4024 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:48:39.0988 4024 pcmcia - ok
17:48:40.0159 4024 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
17:48:40.0175 4024 PdiPorts - ok
17:48:40.0393 4024 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:48:40.0518 4024 PEAUTH - ok
17:48:40.0705 4024 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:48:40.0752 4024 PptpMiniport - ok
17:48:40.0799 4024 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:48:40.0893 4024 Processor - ok
17:48:40.0955 4024 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:48:40.0986 4024 Ps2 - ok
17:48:41.0017 4024 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:48:41.0064 4024 PSched - ok
17:48:41.0111 4024 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:48:41.0173 4024 ql2300 - ok
17:48:41.0220 4024 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:48:41.0236 4024 ql40xx - ok
17:48:41.0298 4024 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:48:41.0314 4024 QWAVEdrv - ok
17:48:41.0392 4024 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:48:41.0439 4024 RasAcd - ok
17:48:41.0532 4024 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:48:41.0579 4024 Rasl2tp - ok
17:48:41.0641 4024 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:48:41.0688 4024 RasPppoe - ok
17:48:41.0719 4024 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:48:41.0782 4024 RasSstp - ok
17:48:41.0829 4024 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:48:41.0875 4024 rdbss - ok
17:48:41.0953 4024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:48:42.0000 4024 RDPCDD - ok
17:48:42.0063 4024 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:48:42.0156 4024 rdpdr - ok
17:48:42.0203 4024 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:48:42.0250 4024 RDPENCDD - ok
17:48:42.0297 4024 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:48:42.0343 4024 RDPWD - ok
17:48:42.0453 4024 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:48:42.0515 4024 rspndr - ok
17:48:42.0687 4024 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:48:42.0702 4024 SASDIFSV - ok
17:48:42.0718 4024 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:48:42.0733 4024 SASKUTIL - ok
17:48:42.0796 4024 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:48:42.0811 4024 sbp2port - ok
17:48:42.0874 4024 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:48:42.0967 4024 secdrv - ok
17:48:43.0030 4024 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:48:43.0123 4024 Serenum - ok
17:48:43.0170 4024 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:48:43.0264 4024 Serial - ok
17:48:43.0326 4024 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:48:43.0373 4024 sermouse - ok
17:48:43.0435 4024 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
17:48:43.0467 4024 sffdisk - ok
17:48:43.0482 4024 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
17:48:43.0498 4024 sffp_mmc - ok
17:48:43.0576 4024 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
17:48:43.0591 4024 sffp_sd - ok
17:48:43.0638 4024 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:48:43.0732 4024 sfloppy - ok
17:48:43.0794 4024 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:48:43.0810 4024 sisagp - ok
17:48:43.0857 4024 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:48:43.0872 4024 SiSRaid2 - ok
17:48:43.0935 4024 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:48:43.0950 4024 SiSRaid4 - ok
17:48:44.0044 4024 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:48:44.0091 4024 Smb - ok
17:48:44.0184 4024 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:48:44.0215 4024 spldr - ok
17:48:44.0309 4024 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:48:44.0356 4024 srv - ok
17:48:44.0418 4024 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:48:44.0481 4024 srv2 - ok
17:48:44.0543 4024 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:48:44.0559 4024 srvnet - ok
17:48:44.0668 4024 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\Windows\system32\Drivers\sskbfd.sys
17:48:44.0668 4024 SSKBFD - ok
17:48:44.0777 4024 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:48:44.0793 4024 swenum - ok
17:48:44.0871 4024 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:48:44.0902 4024 Symc8xx - ok
17:48:44.0949 4024 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:48:44.0980 4024 Sym_hi - ok
17:48:45.0011 4024 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:48:45.0027 4024 Sym_u3 - ok
17:48:45.0214 4024 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
17:48:45.0276 4024 Tcpip - ok
17:48:45.0401 4024 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
17:48:45.0479 4024 Tcpip6 - ok
17:48:45.0541 4024 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
17:48:45.0588 4024 tcpipreg - ok
17:48:45.0651 4024 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:48:45.0697 4024 TDPIPE - ok
17:48:45.0744 4024 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:48:45.0791 4024 TDTCP - ok
17:48:45.0853 4024 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:48:45.0900 4024 tdx - ok
17:48:45.0978 4024 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:48:45.0994 4024 TermDD - ok
17:48:46.0087 4024 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:48:46.0150 4024 tssecsrv - ok
17:48:46.0259 4024 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:48:46.0306 4024 tunmp - ok
17:48:46.0321 4024 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:48:46.0353 4024 tunnel - ok
17:48:46.0446 4024 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:48:46.0477 4024 uagp35 - ok
17:48:46.0555 4024 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:48:46.0602 4024 udfs - ok
17:48:46.0696 4024 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:48:46.0727 4024 uliagpkx - ok
17:48:46.0789 4024 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:48:46.0805 4024 uliahci - ok
17:48:46.0867 4024 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:48:46.0945 4024 UlSata - ok
17:48:46.0992 4024 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:48:47.0023 4024 ulsata2 - ok
17:48:47.0070 4024 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:48:47.0117 4024 umbus - ok
17:48:47.0148 4024 USBAAPL - ok
17:48:47.0273 4024 usbbus (af9388e736af0c325067f05edc350010) C:\Windows\system32\DRIVERS\lgusbbus.sys
17:48:47.0382 4024 usbbus - ok
17:48:47.0429 4024 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:48:47.0460 4024 usbccgp - ok
17:48:47.0507 4024 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:48:47.0616 4024 usbcir - ok
17:48:47.0679 4024 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:48:47.0694 4024 UsbDiag - ok
17:48:47.0803 4024 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:48:47.0835 4024 usbehci - ok
17:48:47.0944 4024 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:48:47.0991 4024 usbhub - ok
17:48:48.0100 4024 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:48:48.0131 4024 USBModem - ok
17:48:48.0193 4024 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:48:48.0240 4024 usbohci - ok
17:48:48.0318 4024 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:48:48.0365 4024 usbprint - ok
17:48:48.0443 4024 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:48:48.0474 4024 usbscan - ok
17:48:48.0521 4024 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:48:48.0568 4024 USBSTOR - ok
17:48:48.0615 4024 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:48:48.0724 4024 usbuhci - ok
17:48:48.0802 4024 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:48:48.0895 4024 vga - ok
17:48:48.0942 4024 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:48:49.0005 4024 VgaSave - ok
17:48:49.0051 4024 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:48:49.0083 4024 viaagp - ok
17:48:49.0129 4024 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:48:49.0223 4024 ViaC7 - ok
17:48:49.0270 4024 viaide (61acdd65bc5d6e4936297610506281d7) C:\Windows\system32\drivers\viaide.sys
17:48:49.0285 4024 viaide - ok
17:48:49.0363 4024 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:48:49.0379 4024 volmgr - ok
17:48:49.0473 4024 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:48:49.0504 4024 volmgrx - ok
17:48:49.0566 4024 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:48:49.0597 4024 volsnap - ok
17:48:49.0675 4024 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:48:49.0691 4024 vsmraid - ok
17:48:49.0785 4024 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:48:49.0878 4024 WacomPen - ok
17:48:49.0941 4024 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:48:49.0987 4024 Wanarp - ok
17:48:50.0050 4024 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:48:50.0097 4024 Wanarpv6 - ok
17:48:50.0159 4024 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:48:50.0175 4024 Wd - ok
17:48:50.0206 4024 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:48:50.0268 4024 Wdf01000 - ok
17:48:50.0424 4024 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:48:50.0502 4024 winachsf - ok
17:48:50.0611 4024 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:48:50.0705 4024 WmiAcpi - ok
17:48:50.0814 4024 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:48:50.0845 4024 WpdUsb - ok
17:48:50.0908 4024 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:48:50.0970 4024 ws2ifsl - ok
17:48:51.0033 4024 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:48:51.0095 4024 WUDFRd - ok
17:48:51.0142 4024 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:48:51.0173 4024 XAudio - ok
17:48:51.0235 4024 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
17:48:51.0735 4024 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:48:51.0735 4024 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:48:51.0750 4024 Boot (0x1200) (aae8233e914376f253a7f119a14fb017) \Device\Harddisk0\DR0\Partition0
17:48:51.0750 4024 \Device\Harddisk0\DR0\Partition0 - ok
17:48:51.0766 4024 Boot (0x1200) (33af6294cd6161533bf76e0254769f54) \Device\Harddisk0\DR0\Partition1
17:48:51.0766 4024 \Device\Harddisk0\DR0\Partition1 - ok
17:48:51.0766 4024 ============================================================
17:48:51.0766 4024 Scan finished
17:48:51.0766 4024 ============================================================
17:48:51.0797 3216 Detected object count: 3
17:48:51.0797 3216 Actual detected object count: 3
17:49:20.0829 3216 FlyUsb ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:20.0829 3216 FlyUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:20.0829 3216 netbt ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:20.0829 3216 netbt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:20.0829 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:49:20.0829 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:49:38.0488 2548 Deinitialize success

Edited by angel305510, 23 February 2012 - 08:02 PM.


#4 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 23 February 2012 - 07:53 PM

3.Farbar Service Scanner Version: 22-02-2012
Ran by Angel (administrator) on 23-02-2012 at 17:53:28
Running from "C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9OKZ4FO"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 01:40] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by angel305510, 23 February 2012 - 08:05 PM.


#5 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 23 February 2012 - 08:31 PM

4.OTL logfile created on: 2/23/2012 5:56:08 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Angel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.21% Memory free
3.99 Gb Paging File | 2.67 Gb Available in Paging File | 66.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.21 Gb Total Space | 287.47 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 0.97 Gb Free Space | 10.13% Space Free | Partition Type: NTFS

Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 17:55:12 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
PRC - [2012/02/23 17:53:14 | 000,337,133 | ---- | M] () -- C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9OKZ4FO\FSS.exe
PRC - [2012/01/20 11:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/01/16 12:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 12:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/24 14:11:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/23 17:53:14 | 000,337,133 | ---- | M] () -- C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9OKZ4FO\FSS.exe
MOD - [2012/02/22 18:36:28 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/22 18:36:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/19 16:52:19 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/02/19 16:52:19 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/01/16 12:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 12:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 12:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2008/06/24 14:11:22 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 21:26:52 | 000,185,856 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\netbt.sys -- (netbt)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/10/26 04:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 15:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension

[2011/01/02 16:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" File not found
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..Trusted Domains: pandora.com ([help] http in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6F60BF-471D-40CE-8E36-CA1C70D18F2D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321546DC-4642-45B9-9091-29294714DE1D}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 01:23:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\Shell - "" = AutoRun
O33 - MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\Shell - "" = AutoRun
O33 - MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\Shell - "" = AutoRun
O33 - MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - ()
MsConfig - StartUpReg: Easy Dock - hkey= - key= - C:\Users\Angel\Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
MsConfig - StartUpReg: QuickCare - hkey= - key= - C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 17:55:09 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/02/23 17:45:38 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\tdsskiller.exe
[2012/02/19 22:01:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/19 22:01:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/19 22:01:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/19 16:51:53 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/19 16:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/19 16:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/19 16:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/19 16:50:00 | 014,848,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Angel\Desktop\SUPERAntiSpyware.exe
[2012/02/19 14:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/19 14:27:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/19 14:26:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Angel\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\32bit
[2012/02/17 20:25:36 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/02/16 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Trend_Micro
[2012/02/16 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\backups
[2012/02/16 20:38:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Angel\Desktop\HijackThis.exe
[2012/02/16 20:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/02/15 03:10:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:09:58 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:09:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:09:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:09:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:09:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/14 14:56:29 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/08 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2012/02/07 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2012/02/07 17:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/02/07 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 17:59:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{71F78C2D-1E59-46F2-9ECB-74C92C030166}.job
[2012/02/23 17:55:12 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/02/23 17:45:43 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\tdsskiller.exe
[2012/02/23 17:38:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At96.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At58.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At56.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At54.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At52.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At50.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/23 17:38:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At95.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At57.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At55.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At53.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At51.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At49.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/23 17:38:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/23 17:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 22:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At94.job
[2012/02/22 22:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/22 22:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At93.job
[2012/02/22 22:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/22 22:34:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 22:34:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 21:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At92.job
[2012/02/22 21:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/22 21:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At91.job
[2012/02/22 21:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/22 20:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At90.job
[2012/02/22 20:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/22 20:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At89.job
[2012/02/22 20:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/22 19:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At88.job
[2012/02/22 19:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/22 19:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At87.job
[2012/02/22 19:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/22 18:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At86.job
[2012/02/22 18:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/22 18:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At85.job
[2012/02/22 18:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/22 18:34:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 18:34:23 | 2011,643,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 18:28:54 | 000,004,293 | ---- | M] () -- C:\Users\Angel\Desktop\Attach.zip
[2012/02/22 18:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Angel\defogger_reenable
[2012/02/22 17:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At84.job
[2012/02/22 17:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/22 17:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At83.job
[2012/02/22 17:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At82.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At80.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At78.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At76.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At74.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/21 18:19:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At81.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At79.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At77.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At75.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At73.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/21 18:19:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/21 11:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At72.job
[2012/02/21 11:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/21 11:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At71.job
[2012/02/21 11:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At66.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At64.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At62.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At60.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/20 15:51:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At65.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At63.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At61.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At59.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/20 15:51:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/19 22:05:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/19 22:01:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/19 22:01:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/19 22:01:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/19 22:01:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/19 20:04:04 | 000,302,592 | ---- | M] () -- C:\Users\Angel\Desktop\7nvz11b0.exe
[2012/02/19 16:51:03 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/19 16:50:36 | 014,848,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Angel\Desktop\SUPERAntiSpyware.exe
[2012/02/19 14:27:31 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 14:27:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Angel\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/19 14:20:36 | 000,879,700 | ---- | M] () -- C:\Users\Angel\Desktop\SecurityCheck.exe
[2012/02/19 13:12:27 | 000,343,794 | ---- | M] () -- C:\Users\Angel\AppData\Local\census.cache
[2012/02/19 13:12:26 | 000,205,937 | ---- | M] () -- C:\Users\Angel\AppData\Local\ars.cache
[2012/02/17 20:40:51 | 000,630,338 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 20:40:51 | 000,112,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 20:12:49 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/02/17 10:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At70.job
[2012/02/17 10:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/17 10:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At69.job
[2012/02/17 10:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/17 09:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At68.job
[2012/02/17 09:35:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/17 09:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At67.job
[2012/02/17 09:35:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/16 20:38:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Angel\Desktop\HijackThis.exe
[2012/02/16 20:31:53 | 000,002,427 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/02/16 20:11:14 | 376,830,984 | ---- | M] () -- C:\Users\Angel\Documents\bleeped up.reg
[2012/02/16 19:46:03 | 000,001,356 | ---- | M] () -- C:\Users\Angel\AppData\Local\d3d9caps.dat
[2012/02/15 03:33:20 | 000,383,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/08 15:19:50 | 000,003,405 | ---- | M] () -- C:\Users\Angel\Documents\CO Tax payment 2007.pdf
[2012/02/07 18:02:13 | 005,760,054 | ---- | M] () -- C:\Users\Angel\Documents\Internet Explorer Wallpaper.bmp
[2012/02/07 17:25:59 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/22 18:28:54 | 000,004,293 | ---- | C] () -- C:\Users\Angel\Desktop\Attach.zip
[2012/02/22 18:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Angel\defogger_reenable
[2012/02/19 20:04:02 | 000,302,592 | ---- | C] () -- C:\Users\Angel\Desktop\7nvz11b0.exe
[2012/02/19 16:51:03 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/19 14:27:31 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 14:20:24 | 000,879,700 | ---- | C] () -- C:\Users\Angel\Desktop\SecurityCheck.exe
[2012/02/16 20:10:37 | 376,830,984 | ---- | C] () -- C:\Users\Angel\Documents\bleeped up.reg
[2012/02/16 19:53:54 | 2011,643,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/08 15:19:50 | 000,003,405 | ---- | C] () -- C:\Users\Angel\Documents\CO Tax payment 2007.pdf
[2012/02/07 18:09:31 | 005,760,054 | ---- | C] () -- C:\Users\Angel\Documents\Internet Explorer Wallpaper.bmp
[2012/01/12 21:26:55 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2012/01/08 21:50:45 | 000,343,794 | ---- | C] () -- C:\Users\Angel\AppData\Local\census.cache
[2012/01/08 21:50:13 | 000,205,937 | ---- | C] () -- C:\Users\Angel\AppData\Local\ars.cache
[2012/01/08 21:32:49 | 000,000,036 | ---- | C] () -- C:\Users\Angel\AppData\Local\housecall.guid.cache
[2012/01/04 19:34:06 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/12/19 02:14:55 | 000,011,810 | -HS- | C] () -- C:\Users\Angel\AppData\Local\012813v4r486t150c487b2mmd7k4
[2011/12/19 02:14:55 | 000,011,810 | -HS- | C] () -- C:\ProgramData\012813v4r486t150c487b2mmd7k4
[2011/12/17 06:57:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\hA63yP3S.exe.b
[2011/12/16 10:29:19 | 000,009,930 | -HS- | C] () -- C:\ProgramData\1596229279
[2011/12/16 10:27:27 | 000,009,882 | -HS- | C] () -- C:\ProgramData\3y64cy2l00s862
[2011/12/16 09:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pVGk6Ys8.exe.b
[2011/12/16 08:57:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\w6ma80xP.dat
[2011/12/15 01:19:45 | 000,010,736 | -HS- | C] () -- C:\Users\Angel\AppData\Local\066817r7t804x820a243r2toj2d3
[2011/12/15 01:19:45 | 000,010,736 | -HS- | C] () -- C:\ProgramData\066817r7t804x820a243r2toj2d3
[2011/01/10 21:55:32 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/12/08 23:36:07 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/09/25 19:30:07 | 000,176,540 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/23 07:42:41 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2010/08/12 02:07:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/16 13:39:31 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/01/12 21:26:52 | 000,185,856 | ---- | M] () -- C:\Windows\system32\drivers\netbt.sys
[2012/02/17 20:12:49 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmtdi.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/09/26 02:24:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/09/26 02:24:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007/12/08 00:27:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2007/12/08 00:27:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2009/09/26 02:24:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2009/09/26 02:24:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/09/25 07:20:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/09/25 07:20:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/09/25 07:20:51 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/12/08 01:05:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/12/08 01:05:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/09/25 07:20:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\System32\drivers\tdx.sys
[2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2006/11/02 01:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2008/01/18 22:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/09/26 02:24:24 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2009/09/26 02:24:25 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2009/09/26 02:24:25 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/19 00:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008/01/19 00:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 02:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB54552$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:560DC731
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4A74A9A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201

< End of report >


TL Extras logfile created on: 2/23/2012 5:56:16 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Angel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.21% Memory free
3.99 Gb Paging File | 2.67 Gb Available in Paging File | 66.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.21 Gb Total Space | 287.47 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 0.97 Gb Free Space | 10.13% Space Free | Partition Type: NTFS

Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AAF64A-70B3-48F7-9815-8FA3A2C9B1B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{137A0620-34DE-4C5B-98B8-F5E04A4C3FE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EC6374F6-5153-49E9-BBFC-91DE887A15AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002DE2A6-6C12-4473-B3B9-C1D728AED472}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{046C6E4E-E2BD-4F69-8E1F-49F11FA87C67}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{09E7C291-E873-4E57-A29C-C51C7CE63F2D}" = protocol=17 | dir=in | app=c:\users\angel\appdata\local\temp\7zsf4aa.tmp\symnrt.exe |
"{0A5EBDFC-29CB-411B-B72B-F7D65ED71374}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{113157BF-D55B-4460-9D79-F7F5D8CF89FE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{136B9F57-7FF7-4185-ABAB-CD33E6A726B0}" = protocol=6 | dir=in | app=c:\users\angel\appdata\local\temp\7zsf4aa.tmp\symnrt.exe |
"{2E5D4823-E659-42DC-ADD5-E484A6AC24FA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{32096FE2-8E65-4525-88C0-86407ACD76F4}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{335AF392-29D2-474E-8415-964FD6098196}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{374D89B0-3462-41CD-AA45-FFDF8A1852D7}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{402A3CD8-E922-48E6-845A-557B044190C7}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{58DC5D87-519F-4709-8B1C-9ECD615D023F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8DB691A0-F295-49E8-842B-A83600445513}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{96F16C3D-B7A6-4679-8421-1CA3F6BE106F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B3B72E9-090F-4AB4-9674-A56886207CE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A0355DA9-DA47-4B0D-9380-2EAA80F2FA29}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AD4BFDB6-1C99-4A34-B36A-49B988966BA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B72EFDA5-1CB3-4B8D-8DB8-896704839F30}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{BFC26CD8-06FA-4A52-8EFE-0A1A7CABAAFB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D31192F1-533A-44D4-98F7-2D34386C9DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DFE0F12F-FC8D-4659-BAB4-60340D46B34B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FCA9C0BA-1424-4ACD-B546-B947A978DA3A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{1328783D-7866-4B50-A8E0-423DF3EF66CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BBEC859-0805-4F09-AACE-40E86FF54BF6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{927BA3B6-047D-4F6F-AA56-E2FF86FF7D4B}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{98BFFEA5-AC5E-4488-B7FE-9C4435D483D5}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{A24A364A-EA35-44E4-B2D9-261D2F7F78D7}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{B9121200-8655-402C-97DB-B4A83FD5FD32}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FBC6D63B-06A5-4DFB-BDF7-0812EC1DEE7F}C:\users\angel\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\angel\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{52FCFE87-F317-4260-BF3D-62DA11B33F58}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5EA9DF7F-B82B-4ECA-A064-5D8E498C288A}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{726A6625-E925-4D14-BFF0-1A44F5008E06}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{C38D9BA3-9E96-432E-9784-227308E3F10F}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C5069917-895D-4B5B-B3BD-77892BC3099F}C:\users\angel\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\angel\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{D117FF98-02B3-4488-A55C-0898A1B84CA6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DC928345-2D8F-4246-8DF0-1D02977A9E82}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E26327C-5168-43B3-BEC1-4E3AA945C711}" = QuickConnect
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"QwestQuickCare_is1" = Qwest Quickcare 2.7
"RCA Detective™_is1" = RCA Detective™ 3.0.0.101
"RCA easyRip_is1" = RCA easyRip 2.4.6.0
"RCA Updater_is1" = RCA Updater 2.0.0.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2423213812-2140178120-837387849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2012 5:48:40 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/17/2012 5:48:41 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/17/2012 11:27:55 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/17/2012 11:27:55 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/17/2012 11:27:56 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/17/2012 11:27:56 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/18/2012 2:11:25 AM | Computer Name = Angel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/18/2012 2:11:26 AM | Computer Name = Angel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15663

Error - 2/18/2012 2:11:26 AM | Computer Name = Angel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15663

Error - 2/19/2012 3:49:23 PM | Computer Name = Angel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 1/1/2010 6:31:53 PM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/27/2011 1:01:23 PM | Computer Name = Angel-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 2/22/2012 9:32:12 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/22/2012 9:34:27 PM | Computer Name = Angel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:32:25 PM on 2/22/2012 was unexpected.

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/22/2012 9:35:58 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 2/22/2012 9:36:02 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/22/2012 9:36:03 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



5. My computer is running like normal. The only thing I noticed since I could not install my program was the internet will flash real quick or the start menu bar. But other than that it runs fine.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:19 AM

Posted 24 February 2012 - 02:06 AM

Hi angel305510!

Not a problem! I'm glad to be of assistance. :)

It looks like your netbt.sys file is patched by malware.

We have some work to do. Lets get started.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2423213812-2140178120-837387849-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [Easy Dock] File not found
    O4 - HKLM..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" File not found
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
    O33 - MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
    O33 - MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\Shell - "" = AutoRun
    O33 - MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    [2011/12/19 02:14:55 | 000,011,810 | -HS- | C] () -- C:\Users\Angel\AppData\Local\012813v4r486t150c487b2mmd7k4
    [2011/12/19 02:14:55 | 000,011,810 | -HS- | C] () -- C:\ProgramData\012813v4r486t150c487b2mmd7k4
    [2011/12/17 06:57:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\hA63yP3S.exe.b
    [2011/12/16 10:29:19 | 000,009,930 | -HS- | C] () -- C:\ProgramData\1596229279
    [2011/12/16 10:27:27 | 000,009,882 | -HS- | C] () -- C:\ProgramData\3y64cy2l00s862
    [2011/12/16 09:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pVGk6Ys8.exe.b
    [2011/12/16 08:57:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\w6ma80xP.dat
    [2011/12/15 01:19:45 | 000,010,736 | -HS- | C] () -- C:\Users\Angel\AppData\Local\066817r7t804x820a243r2toj2d3
    [2011/12/15 01:19:45 | 000,010,736 | -HS- | C] () -- C:\ProgramData\066817r7t804x820a243r2toj2d3
    
    :Reg
    
    :Files
    sc start mpsdrv /c
    C:\Windows\tasks\At*.job
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 24 February 2012 - 08:06 PM

1. I have no questions, everything is very well explained. Thanks.


2.All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2423213812-2140178120-837387849-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2423213812-2140178120-837387849-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2423213812-2140178120-837387849-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Trend Micro Client Framework deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}\ deleted successfully.
File {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a1f7aa3-4e43-11e0-9791-001e8c9769ab}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9e7d963-3e26-11e0-b629-001e8c9769ab}\ not found.
File G:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f9a157-a230-11e0-980e-001e8c9769ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f9a157-a230-11e0-980e-001e8c9769ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f9a157-a230-11e0-980e-001e8c9769ab}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\TL_Bootstrap.exe not found.
C:\Users\Angel\AppData\Local\012813v4r486t150c487b2mmd7k4 moved successfully.
C:\ProgramData\012813v4r486t150c487b2mmd7k4 moved successfully.
C:\ProgramData\hA63yP3S.exe.b moved successfully.
C:\ProgramData\1596229279 moved successfully.
C:\ProgramData\3y64cy2l00s862 moved successfully.
C:\WINDOWS\System32\pVGk6Ys8.exe.b moved successfully.
C:\ProgramData\w6ma80xP.dat moved successfully.
C:\Users\Angel\AppData\Local\066817r7t804x820a243r2toj2d3 moved successfully.
C:\ProgramData\066817r7t804x820a243r2toj2d3 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< sc start mpsdrv /c >
SERVICE_NAME: mpsdrv
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At49.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At50.job moved successfully.
C:\Windows\tasks\At51.job moved successfully.
C:\Windows\tasks\At52.job moved successfully.
C:\Windows\tasks\At53.job moved successfully.
C:\Windows\tasks\At54.job moved successfully.
C:\Windows\tasks\At55.job moved successfully.
C:\Windows\tasks\At56.job moved successfully.
C:\Windows\tasks\At57.job moved successfully.
C:\Windows\tasks\At58.job moved successfully.
C:\Windows\tasks\At59.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At60.job moved successfully.
C:\Windows\tasks\At61.job moved successfully.
C:\Windows\tasks\At62.job moved successfully.
C:\Windows\tasks\At63.job moved successfully.
C:\Windows\tasks\At64.job moved successfully.
C:\Windows\tasks\At65.job moved successfully.
C:\Windows\tasks\At66.job moved successfully.
C:\Windows\tasks\At67.job moved successfully.
C:\Windows\tasks\At68.job moved successfully.
C:\Windows\tasks\At69.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At70.job moved successfully.
C:\Windows\tasks\At71.job moved successfully.
C:\Windows\tasks\At72.job moved successfully.
C:\Windows\tasks\At73.job moved successfully.
C:\Windows\tasks\At74.job moved successfully.
C:\Windows\tasks\At75.job moved successfully.
C:\Windows\tasks\At76.job moved successfully.
C:\Windows\tasks\At77.job moved successfully.
C:\Windows\tasks\At78.job moved successfully.
C:\Windows\tasks\At79.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At80.job moved successfully.
C:\Windows\tasks\At81.job moved successfully.
C:\Windows\tasks\At82.job moved successfully.
C:\Windows\tasks\At83.job moved successfully.
C:\Windows\tasks\At84.job moved successfully.
C:\Windows\tasks\At85.job moved successfully.
C:\Windows\tasks\At86.job moved successfully.
C:\Windows\tasks\At87.job moved successfully.
C:\Windows\tasks\At88.job moved successfully.
C:\Windows\tasks\At89.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\At90.job moved successfully.
C:\Windows\tasks\At91.job moved successfully.
C:\Windows\tasks\At92.job moved successfully.
C:\Windows\tasks\At93.job moved successfully.
C:\Windows\tasks\At94.job moved successfully.
C:\Windows\tasks\At95.job moved successfully.
C:\Windows\tasks\At96.job moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Angel
->Temp folder emptied: 113162629 bytes
->Temporary Internet Files folder emptied: 1829470550 bytes
->Java cache emptied: 44142815 bytes
->Apple Safari cache emptied: 8710144 bytes
->Flash cache emptied: 2877399 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 15589659 bytes
->Temporary Internet Files folder emptied: 289454542 bytes
->Java cache emptied: 101388 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 141101 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56641553 bytes
RecycleBin emptied: 1731034634 bytes

Total Files Cleaned = 3,902.00 mb


[EMPTYFLASH]

User: All Users

User: Angel
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Angel
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Kids
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02242012_174035

Files\Folders moved on Reboot...
C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

Registry entries deleted on Reboot...

Edited by angel305510, 24 February 2012 - 08:12 PM.


#8 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 24 February 2012 - 08:43 PM

3.ComboFix popped up a window that said "ComboFix has detected the following real time scanner(s) to be active:... antivirus:Titanium antivirus:Microsoft Security Essentials antispyware:Titanium anitspyware:Microsoft Security Essentials...Antivirus and intrusion prevention programs are known to interfere woth ComboFix's running.This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking "ok".

I have no idea that these programs were still installed on my computer. I looked in the programs and features and don't see either of these. Can you please help me as to where else I should look to disable or remove them?

4. My computer is still running the same as before

Thanks angel305510

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:19 AM

Posted 25 February 2012 - 09:32 AM

Hi angel305510!

For the time being, please see if you can OK your way through that message, and see if ComboFix can proceed through its scan on your computer. We'll look into removing the other components of those 2 Anti-Virus programs a little later.

Edited by SweetTech, 25 February 2012 - 09:33 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 25 February 2012 - 02:11 PM

3.ComboFix 12-02-24.02 - Angel 02/25/2012 11:26:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.938 [GMT -7:00]
Running from: c:\users\Angel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GuffinsEI
c:\windows\$NtUninstallKB54552$
c:\windows\$NtUninstallKB54552$\3194158094
c:\windows\$NtUninstallKB54552$\336969997\@
c:\windows\$NtUninstallKB54552$\336969997\bckfg.tmp
c:\windows\$NtUninstallKB54552$\336969997\cfg.ini
c:\windows\$NtUninstallKB54552$\336969997\Desktop.ini
c:\windows\$NtUninstallKB54552$\336969997\keywords
c:\windows\$NtUninstallKB54552$\336969997\kwrd.dll
c:\windows\$NtUninstallKB54552$\336969997\L\qnbwvoto
c:\windows\$NtUninstallKB54552$\336969997\lsflt7.ver
c:\windows\$NtUninstallKB54552$\336969997\U\00000001.@
c:\windows\$NtUninstallKB54552$\336969997\U\00000002.@
c:\windows\$NtUninstallKB54552$\336969997\U\00000004.@
c:\windows\$NtUninstallKB54552$\336969997\U\80000000.@
c:\windows\$NtUninstallKB54552$\336969997\U\80000004.@
c:\windows\$NtUninstallKB54552$\336969997\U\80000032.@
c:\windows\system32\service
c:\windows\system32\service\07102010_TIS17_SfFniAU.log
c:\windows\system32\service\16102010_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 01:25 . 2012-02-25 01:25 2064 ----a-w- C:\FixitRegBackup.reg
2012-02-25 00:40 . 2012-02-25 00:40 -------- d-----w- C:\_OTL
2012-02-19 23:51 . 2012-02-19 23:51 -------- d-----w- c:\users\Angel\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 23:50 . 2012-02-19 23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 23:50 . 2012-02-19 23:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 21:27 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 03:01 . 2012-02-17 03:01 -------- d-----w- c:\programdata\Trend Micro
2012-02-15 10:10 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 10:10 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 10:10 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 10:09 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 10:09 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 10:09 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 10:09 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 00:31 . 2012-02-25 01:18 -------- d-----w- c:\program files\Trend Micro
2012-02-14 21:56 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:56 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:56 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-08 21:19 . 2012-02-08 21:19 -------- d-----w- c:\programdata\Belkin
2012-02-08 00:25 . 2012-02-08 00:25 -------- d-----w- c:\programdata\Affinegy
2012-02-08 00:25 . 2012-02-08 00:25 -------- d-----w- c:\program files\Belkin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 05:05 . 2011-10-29 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 05:01 . 2010-10-19 01:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-13 04:26 . 2012-01-13 04:26 22032 ----a-w- c:\windows\DCEBoot.exe
2012-01-13 04:26 . 2009-11-23 18:40 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-06 04:09 . 2012-01-06 04:09 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-05 02:27 . 2012-01-05 02:27 90112 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-01-05 02:27 . 2012-01-05 02:27 24576 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-01-05 02:27 . 2012-01-05 02:27 1339392 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-12-16 20:39 . 2011-06-15 16:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-24 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2010-06-07 17:00 581632 ----a-w- c:\users\Angel\Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 18:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare]
2010-01-16 19:30 206120 ----a-w- c:\program files\Qwest\Quickcare\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:47]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:47]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{71F78C2D-1E59-46F2-9ECB-74C92C030166}.job
- c:\windows\system32\msfeedssync.exe [2011-10-02 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: pandora.com\help
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:39,02,e0,9f,15,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c2,02,68,a2,2a,3d,47,9d,fc,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c2,02,68,a2,2a,3d,47,9d,fc,42,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\supportsoft\bin\sprtlisten.exe
c:\program files\Qwest\Quickcare\bin\sprtsvc.exe
c:\program files\Qwest\Quickcare\bin\tgsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sdclt.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-25 11:57:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-25 18:57
.
Pre-Run: 316,454,428,672 bytes free
Post-Run: 317,426,450,432 bytes free
.
- - End Of File - - 597CA6C228063A73197D68E5848D8C7E

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:19 AM

Posted 26 February 2012 - 02:32 AM

Hi angel305510!

Please download and run the Microsoft Security Essentials removal tool from this link here to yor Desktop and run it.




ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
SecCenter::
{108DAC43-C256-20B7-BB05-914135DA5160}
{68F968AC-2AA0-091D-848C-803E83E35902}
{ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
{D3988948-0C9A-0693-BE3C-BB4CF86413BF}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 26 February 2012 - 08:15 PM

ComboFix 12-02-24.02 - Angel 02/26/2012 17:37:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1056 [GMT -7:00]
Running from: c:\users\Angel\Desktop\ComboFix.exe
Command switches used :: c:\users\Angel\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 00:51 . 2012-02-27 01:08 -------- d-----w- c:\users\Angel\AppData\Local\temp
2012-02-27 00:51 . 2012-02-27 00:51 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-02-27 00:51 . 2012-02-27 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 20:57 . 2012-02-20 08:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCE04C01-D686-4872-B105-1D9862B59A8F}\mpengine.dll
2012-02-25 01:25 . 2012-02-27 00:29 2064 ----a-w- C:\FixitRegBackup.reg
2012-02-25 00:40 . 2012-02-25 00:40 -------- d-----w- C:\_OTL
2012-02-19 23:51 . 2012-02-19 23:51 -------- d-----w- c:\users\Angel\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 23:50 . 2012-02-19 23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 23:50 . 2012-02-19 23:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 21:27 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 03:01 . 2012-02-17 03:01 -------- d-----w- c:\programdata\Trend Micro
2012-02-15 10:10 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 10:10 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 10:10 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 10:09 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 10:09 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 10:09 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 10:09 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 00:31 . 2012-02-25 01:18 -------- d-----w- c:\program files\Trend Micro
2012-02-14 21:56 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:56 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:56 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-08 21:19 . 2012-02-08 21:19 -------- d-----w- c:\programdata\Belkin
2012-02-08 00:25 . 2012-02-08 00:25 -------- d-----w- c:\programdata\Affinegy
2012-02-08 00:25 . 2012-02-08 00:25 -------- d-----w- c:\program files\Belkin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 05:05 . 2011-10-29 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 05:01 . 2010-10-19 01:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 12:10 . 2010-10-16 08:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-13 04:26 . 2012-01-13 04:26 22032 ----a-w- c:\windows\DCEBoot.exe
2012-01-13 04:26 . 2009-11-23 18:40 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-06 04:09 . 2012-01-06 04:09 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-05 02:27 . 2012-01-05 02:27 90112 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-01-05 02:27 . 2012-01-05 02:27 24576 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-01-05 02:27 . 2012-01-05 02:27 1339392 ----a-w- c:\users\Angel\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-12-16 20:39 . 2011-06-15 16:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-24 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2010-06-07 17:00 581632 ----a-w- c:\users\Angel\Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 18:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare]
2010-01-16 19:30 206120 ----a-w- c:\program files\Qwest\Quickcare\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:47]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:47]
.
2012-02-27 c:\windows\Tasks\User_Feed_Synchronization-{71F78C2D-1E59-46F2-9ECB-74C92C030166}.job
- c:\windows\system32\msfeedssync.exe [2011-10-02 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: pandora.com\help
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 18:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:39,02,e0,9f,15,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c2,02,68,a2,2a,3d,47,9d,fc,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c2,02,68,a2,2a,3d,47,9d,fc,42,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\supportsoft\bin\sprtlisten.exe
c:\program files\Qwest\Quickcare\bin\sprtsvc.exe
c:\program files\Qwest\Quickcare\bin\tgsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2012-02-26 18:13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 01:13
ComboFix2.txt 2012-02-25 18:57
.
Pre-Run: 312,965,935,104 bytes free
Post-Run: 315,356,098,560 bytes free
.
- - End Of File - - CDE83ED570E76F892D52710148DEA79E

#13 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 26 February 2012 - 08:30 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Angel :: ANGEL-PC [administrator]

2/26/2012 6:17:01 PM
mbam-log-2012-02-26 (18-17-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209264
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 February 2012 - 01:28 AM

C:\System Recovery Files\C\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B5FMYMQ5\brakeless[1].htm HTML/ScrInject.B.Gen virus

#15 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 February 2012 - 01:31 AM

Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 31
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users