Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problems


  • This topic is locked This topic is locked
42 replies to this topic

#1 adamdkennedy

adamdkennedy

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2012 - 11:11 PM

Hi,

I've been referred to this forum from this issue here...

http://www.bleepingcomputer.com/forums/topic449083.html/page__gopid__2656101#entry2656101

Here are my results...

DDS.SCR crashes my computer, so I have no log files from this.

Below are the results from GMER.

Thanks for your help.

Adam

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 00:07:50
Windows 5.1.2600 Service Pack 3
Running: iylqe3ho.exe; Driver: C:\DOCUME~1\CASSIE~1\LOCALS~1\Temp\agtdqpoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF76A9254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF76A9268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 07 April 2012 - 01:36 AM

Hi Adam!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 April 2012 - 12:48 PM

Hi,

Thank you for the help! Here I think is the information you have requested.

Cheers.

Adam

09:34:40.0640 2792 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:34:42.0656 2792 ============================================================
09:34:42.0656 2792 Current date / time: 2012/04/07 09:34:42.0656
09:34:42.0656 2792 SystemInfo:
09:34:42.0656 2792
09:34:42.0656 2792 OS Version: 5.1.2600 ServicePack: 3.0
09:34:42.0656 2792 Product type: Workstation
09:34:42.0656 2792 ComputerName: CASSIE
09:34:42.0656 2792 UserName: Cassie Wood
09:34:42.0656 2792 Windows directory: C:\WINDOWS
09:34:42.0656 2792 System windows directory: C:\WINDOWS
09:34:42.0656 2792 Processor architecture: Intel x86
09:34:42.0656 2792 Number of processors: 2
09:34:42.0656 2792 Page size: 0x1000
09:34:42.0656 2792 Boot type: Normal boot
09:34:42.0656 2792 ============================================================
09:34:45.0359 2792 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:34:45.0359 2792 \Device\Harddisk0\DR0:
09:34:45.0359 2792 MBR used
09:34:45.0359 2792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x903AD07
09:34:45.0406 2792 Initialize success
09:34:45.0406 2792 ============================================================
09:34:54.0265 1172 ============================================================
09:34:54.0265 1172 Scan started
09:34:54.0265 1172 Mode: Manual;
09:34:54.0265 1172 ============================================================
09:34:54.0453 1172 Scan interrupted by user!
09:34:54.0453 1172 Scan interrupted by user!
09:34:54.0453 1172 Scan interrupted by user!
09:34:54.0453 1172 ============================================================
09:34:54.0453 1172 Scan finished
09:34:54.0453 1172 ============================================================
09:34:54.0468 2396 Detected object count: 0
09:34:54.0468 2396 Actual detected object count: 0
09:34:58.0328 3184 ============================================================
09:34:58.0328 3184 Scan started
09:34:58.0328 3184 Mode: Manual;
09:34:58.0328 3184 ============================================================
09:34:58.0453 3184 Scan interrupted by user!
09:34:58.0453 3184 Scan interrupted by user!
09:34:58.0453 3184 Scan interrupted by user!
09:34:58.0453 3184 ============================================================
09:34:58.0453 3184 Scan finished
09:34:58.0453 3184 ============================================================
09:34:58.0468 2588 Detected object count: 0
09:34:58.0468 2588 Actual detected object count: 0
09:35:00.0750 0232 ============================================================
09:35:00.0750 0232 Scan started
09:35:00.0750 0232 Mode: Manual;
09:35:00.0750 0232 ============================================================
09:35:01.0000 0232 Abiosdsk - ok
09:35:01.0078 0232 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
09:35:01.0078 0232 abp480n5 - ok
09:35:01.0140 0232 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
09:35:01.0156 0232 ac97intc - ok
09:35:01.0234 0232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:35:01.0234 0232 ACPI - ok
09:35:01.0343 0232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:35:01.0343 0232 ACPIEC - ok
09:35:01.0468 0232 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
09:35:01.0468 0232 adpu160m - ok
09:35:01.0593 0232 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
09:35:01.0593 0232 aeaudio - ok
09:35:01.0671 0232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:35:01.0671 0232 aec - ok
09:35:01.0781 0232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:35:01.0781 0232 AFD - ok
09:35:01.0875 0232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:35:01.0875 0232 agp440 - ok
09:35:01.0984 0232 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
09:35:01.0984 0232 agpCPQ - ok
09:35:02.0093 0232 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
09:35:02.0093 0232 Aha154x - ok
09:35:02.0218 0232 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
09:35:02.0218 0232 aic78u2 - ok
09:35:02.0296 0232 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
09:35:02.0296 0232 aic78xx - ok
09:35:02.0375 0232 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:35:02.0390 0232 Alerter - ok
09:35:02.0468 0232 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:35:02.0468 0232 ALG - ok
09:35:02.0609 0232 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
09:35:02.0609 0232 AliIde - ok
09:35:02.0703 0232 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
09:35:02.0703 0232 alim1541 - ok
09:35:02.0828 0232 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
09:35:02.0828 0232 amdagp - ok
09:35:02.0906 0232 ami0nt - ok
09:35:03.0000 0232 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
09:35:03.0000 0232 amsint - ok
09:35:03.0062 0232 AppMgmt - ok
09:35:03.0171 0232 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
09:35:03.0171 0232 asc - ok
09:35:03.0250 0232 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
09:35:03.0250 0232 asc3350p - ok
09:35:03.0328 0232 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
09:35:03.0328 0232 asc3550 - ok
09:35:03.0453 0232 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:35:03.0562 0232 aspnet_state - ok
09:35:03.0687 0232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:35:03.0687 0232 AsyncMac - ok
09:35:03.0796 0232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:35:03.0796 0232 atapi - ok
09:35:03.0906 0232 Atdisk - ok
09:35:03.0968 0232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:35:03.0968 0232 Atmarpc - ok
09:35:04.0046 0232 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:35:04.0046 0232 AudioSrv - ok
09:35:04.0140 0232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:35:04.0140 0232 audstub - ok
09:35:04.0281 0232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:35:04.0281 0232 Beep - ok
09:35:04.0359 0232 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:35:04.0406 0232 BITS - ok
09:35:04.0515 0232 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:35:04.0515 0232 Browser - ok
09:35:04.0640 0232 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
09:35:04.0640 0232 cbidf - ok
09:35:04.0687 0232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:35:04.0687 0232 cbidf2k - ok
09:35:04.0765 0232 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
09:35:04.0765 0232 cd20xrnt - ok
09:35:04.0906 0232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:35:04.0906 0232 Cdaudio - ok
09:35:05.0000 0232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:35:05.0000 0232 Cdfs - ok
09:35:05.0125 0232 Cdrom (0f1542324b1586971e5a436acdc10180) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:35:05.0125 0232 Cdrom - ok
09:35:05.0203 0232 Changer - ok
09:35:05.0281 0232 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:35:05.0281 0232 CiSvc - ok
09:35:05.0343 0232 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:35:05.0359 0232 ClipSrv - ok
09:35:05.0453 0232 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:05.0562 0232 clr_optimization_v2.0.50727_32 - ok
09:35:05.0656 0232 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
09:35:05.0656 0232 CmdIde - ok
09:35:05.0687 0232 CoachAud - ok
09:35:05.0750 0232 COMSysApp - ok
09:35:05.0859 0232 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
09:35:05.0859 0232 Cpqarray - ok
09:35:05.0921 0232 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:35:05.0921 0232 CryptSvc - ok
09:35:06.0015 0232 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
09:35:06.0015 0232 dac2w2k - ok
09:35:06.0093 0232 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
09:35:06.0093 0232 dac960nt - ok
09:35:06.0171 0232 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:35:06.0187 0232 DcomLaunch - ok
09:35:06.0281 0232 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:35:06.0281 0232 Dhcp - ok
09:35:06.0375 0232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:35:06.0375 0232 Disk - ok
09:35:06.0406 0232 dmadmin - ok
09:35:06.0500 0232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:35:06.0531 0232 dmboot - ok
09:35:06.0656 0232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:35:06.0671 0232 dmio - ok
09:35:06.0781 0232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:35:06.0781 0232 dmload - ok
09:35:06.0843 0232 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:35:06.0843 0232 dmserver - ok
09:35:06.0968 0232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:35:06.0968 0232 DMusic - ok
09:35:07.0031 0232 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:35:07.0031 0232 Dnscache - ok
09:35:07.0140 0232 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:35:07.0140 0232 Dot3svc - ok
09:35:07.0250 0232 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
09:35:07.0250 0232 dpti2o - ok
09:35:07.0375 0232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:35:07.0375 0232 drmkaud - ok
09:35:07.0437 0232 drvmcdb (0196321f41476fc1fe6b0b7c37a6051e) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:35:07.0437 0232 drvmcdb - ok
09:35:07.0546 0232 drvnddm (273061d90d4af7c1539e8102c7f458b5) C:\WINDOWS\system32\drivers\drvnddm.sys
09:35:07.0546 0232 drvnddm - ok
09:35:07.0687 0232 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:35:07.0687 0232 E100B - ok
09:35:07.0781 0232 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:35:07.0781 0232 EapHost - ok
09:35:07.0843 0232 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
09:35:07.0843 0232 EGATHDRV - ok
09:35:07.0953 0232 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
09:35:07.0953 0232 ENETHUSB - ok
09:35:08.0031 0232 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:35:08.0031 0232 ERSvc - ok
09:35:08.0093 0232 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:35:08.0109 0232 Eventlog - ok
09:35:08.0218 0232 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:35:08.0234 0232 EventSystem - ok
09:35:08.0359 0232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:35:08.0359 0232 Fastfat - ok
09:35:08.0468 0232 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:35:08.0468 0232 FastUserSwitchingCompatibility - ok
09:35:08.0578 0232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:35:08.0593 0232 Fdc - ok
09:35:08.0671 0232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:35:08.0671 0232 Fips - ok
09:35:08.0750 0232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:35:08.0750 0232 Flpydisk - ok
09:35:08.0875 0232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:35:08.0875 0232 FltMgr - ok
09:35:09.0000 0232 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:35:09.0015 0232 FontCache3.0.0.0 - ok
09:35:09.0125 0232 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
09:35:09.0125 0232 fssfltr - ok
09:35:09.0281 0232 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:35:09.0343 0232 fsssvc - ok
09:35:09.0453 0232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:35:09.0468 0232 Fs_Rec - ok
09:35:09.0546 0232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:35:09.0546 0232 Ftdisk - ok
09:35:09.0656 0232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:35:09.0671 0232 Gpc - ok
09:35:09.0750 0232 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:35:09.0750 0232 helpsvc - ok
09:35:09.0812 0232 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:35:09.0812 0232 HidServ - ok
09:35:09.0890 0232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:35:09.0890 0232 HidUsb - ok
09:35:09.0984 0232 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:35:09.0984 0232 hkmsvc - ok
09:35:10.0109 0232 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
09:35:10.0109 0232 hpn - ok
09:35:10.0234 0232 HSFHWBS2 (1fdb1af2bb9a57ed3ab29e6a204b2519) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:35:10.0234 0232 HSFHWBS2 - ok
09:35:10.0390 0232 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:35:10.0421 0232 HSF_DP - ok
09:35:10.0562 0232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:35:10.0562 0232 HTTP - ok
09:35:10.0656 0232 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:35:10.0671 0232 HTTPFilter - ok
09:35:10.0781 0232 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:35:10.0796 0232 i2omgmt - ok
09:35:10.0859 0232 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
09:35:10.0859 0232 i2omp - ok
09:35:10.0937 0232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:35:10.0937 0232 i8042prt - ok
09:35:11.0093 0232 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:35:11.0093 0232 IDriverT - ok
09:35:11.0234 0232 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:35:11.0281 0232 idsvc - ok
09:35:11.0390 0232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:35:11.0390 0232 Imapi - ok
09:35:11.0453 0232 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
09:35:11.0468 0232 ImapiService - ok
09:35:11.0531 0232 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
09:35:11.0531 0232 ini910u - ok
09:35:11.0656 0232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
09:35:11.0656 0232 IntelIde - ok
09:35:11.0765 0232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:35:11.0765 0232 intelppm - ok
09:35:11.0890 0232 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:35:11.0890 0232 ip6fw - ok
09:35:12.0031 0232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:35:12.0046 0232 IpFilterDriver - ok
09:35:12.0125 0232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:35:12.0125 0232 IpInIp - ok
09:35:12.0250 0232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:35:12.0250 0232 IpNat - ok
09:35:12.0328 0232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:35:12.0328 0232 IPSec - ok
09:35:12.0437 0232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:35:12.0437 0232 IRENUM - ok
09:35:12.0531 0232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:35:12.0531 0232 isapnp - ok
09:35:12.0640 0232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:35:12.0640 0232 Kbdclass - ok
09:35:12.0718 0232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:35:12.0734 0232 kbdhid - ok
09:35:12.0859 0232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:35:12.0859 0232 kmixer - ok
09:35:12.0984 0232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:35:12.0984 0232 KSecDD - ok
09:35:13.0062 0232 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:35:13.0062 0232 lanmanserver - ok
09:35:13.0140 0232 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:35:13.0140 0232 lanmanworkstation - ok
09:35:13.0187 0232 lbrtfdc - ok
09:35:13.0281 0232 LexBceS (095aafc4129ed6cc8ea6bb1bc712af72) C:\WINDOWS\system32\LEXBCES.EXE
09:35:13.0296 0232 LexBceS - ok
09:35:13.0390 0232 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:35:13.0390 0232 LmHosts - ok
09:35:13.0484 0232 m4cxwxp (034dab73c9e6c6f861375814fb34390b) C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys
09:35:13.0484 0232 m4cxwxp - ok
09:35:13.0562 0232 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:35:13.0562 0232 MBAMProtector - ok
09:35:13.0687 0232 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:35:13.0718 0232 MBAMService - ok
09:35:13.0875 0232 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:35:13.0875 0232 mdmxsdk - ok
09:35:13.0968 0232 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:35:13.0968 0232 Messenger - ok
09:35:14.0078 0232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:35:14.0078 0232 mnmdd - ok
09:35:14.0156 0232 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:35:14.0171 0232 mnmsrvc - ok
09:35:14.0250 0232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:35:14.0250 0232 Modem - ok
09:35:14.0328 0232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:35:14.0328 0232 Mouclass - ok
09:35:14.0453 0232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:35:14.0453 0232 mouhid - ok
09:35:14.0515 0232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:35:14.0515 0232 MountMgr - ok
09:35:14.0640 0232 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
09:35:14.0640 0232 mraid35x - ok
09:35:14.0718 0232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:35:14.0734 0232 MRxDAV - ok
09:35:14.0875 0232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:35:14.0921 0232 MRxSmb - ok
09:35:15.0015 0232 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:35:15.0015 0232 MSDTC - ok
09:35:15.0140 0232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:35:15.0140 0232 Msfs - ok
09:35:15.0218 0232 MSIServer - ok
09:35:15.0328 0232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:35:15.0328 0232 MSKSSRV - ok
09:35:15.0421 0232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:35:15.0421 0232 MSPCLOCK - ok
09:35:15.0531 0232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:35:15.0531 0232 MSPQM - ok
09:35:15.0609 0232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:35:15.0609 0232 mssmbios - ok
09:35:15.0734 0232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:35:15.0734 0232 Mup - ok
09:35:15.0843 0232 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:35:15.0859 0232 napagent - ok
09:35:15.0984 0232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:35:15.0984 0232 NDIS - ok
09:35:16.0062 0232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:35:16.0062 0232 NdisTapi - ok
09:35:16.0140 0232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:35:16.0140 0232 Ndisuio - ok
09:35:16.0250 0232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:35:16.0250 0232 NdisWan - ok
09:35:16.0328 0232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:35:16.0328 0232 NDProxy - ok
09:35:16.0375 0232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:35:16.0375 0232 NetBIOS - ok
09:35:16.0453 0232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:35:16.0468 0232 NetBT - ok
09:35:16.0578 0232 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:35:16.0578 0232 NetDDE - ok
09:35:16.0593 0232 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:35:16.0593 0232 NetDDEdsdm - ok
09:35:16.0671 0232 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:35:16.0671 0232 Netlogon - ok
09:35:16.0734 0232 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:35:16.0781 0232 Netman - ok
09:35:16.0906 0232 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:35:16.0906 0232 NetTcpPortSharing - ok
09:35:17.0000 0232 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:35:17.0031 0232 Nla - ok
09:35:17.0156 0232 NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:35:17.0203 0232 NMIndexingService - ok
09:35:17.0328 0232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:35:17.0328 0232 Npfs - ok
09:35:17.0468 0232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:35:17.0500 0232 Ntfs - ok
09:35:17.0625 0232 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:35:17.0625 0232 NtLmSsp - ok
09:35:17.0718 0232 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:35:17.0765 0232 NtmsSvc - ok
09:35:17.0906 0232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:35:17.0906 0232 Null - ok
09:35:18.0062 0232 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:35:18.0156 0232 nv - ok
09:35:18.0234 0232 nvnforce - ok
09:35:18.0312 0232 NVSvc (87445455aef55e3ed41d25a803c545fe) C:\WINDOWS\system32\nvsvc32.exe
09:35:18.0312 0232 NVSvc - ok
09:35:18.0406 0232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:35:18.0406 0232 NwlnkFlt - ok
09:35:18.0484 0232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:35:18.0484 0232 NwlnkFwd - ok
09:35:18.0562 0232 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:18.0562 0232 ose - ok
09:35:18.0656 0232 PalmUSBD - ok
09:35:18.0734 0232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:35:18.0734 0232 Parport - ok
09:35:18.0812 0232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:35:18.0812 0232 PartMgr - ok
09:35:18.0890 0232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:35:18.0890 0232 ParVdm - ok
09:35:18.0968 0232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:35:18.0984 0232 PCI - ok
09:35:19.0046 0232 PCIDump - ok
09:35:19.0125 0232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:35:19.0125 0232 PCIIde - ok
09:35:19.0203 0232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:35:19.0203 0232 Pcmcia - ok
09:35:19.0296 0232 PDCOMP - ok
09:35:19.0343 0232 PDFRAME - ok
09:35:19.0390 0232 PDRELI - ok
09:35:19.0437 0232 PDRFRAME - ok
09:35:19.0515 0232 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
09:35:19.0515 0232 pelmouse - ok
09:35:19.0593 0232 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
09:35:19.0609 0232 pelusblf - ok
09:35:19.0765 0232 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
09:35:19.0765 0232 perc2 - ok
09:35:19.0859 0232 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
09:35:19.0859 0232 perc2hib - ok
09:35:19.0968 0232 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:35:19.0968 0232 PlugPlay - ok
09:35:20.0031 0232 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:35:20.0031 0232 PolicyAgent - ok
09:35:20.0125 0232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:35:20.0125 0232 PptpMiniport - ok
09:35:20.0203 0232 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:35:20.0203 0232 Processor - ok
09:35:20.0265 0232 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:35:20.0265 0232 ProtectedStorage - ok
09:35:20.0375 0232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:35:20.0390 0232 PSched - ok
09:35:20.0500 0232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:35:20.0500 0232 Ptilink - ok
09:35:20.0578 0232 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
09:35:20.0578 0232 ql1080 - ok
09:35:20.0703 0232 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
09:35:20.0703 0232 Ql10wnt - ok
09:35:20.0812 0232 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
09:35:20.0812 0232 ql12160 - ok
09:35:20.0890 0232 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
09:35:20.0890 0232 ql1240 - ok
09:35:21.0000 0232 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
09:35:21.0000 0232 ql1280 - ok
09:35:21.0125 0232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:35:21.0125 0232 RasAcd - ok
09:35:21.0203 0232 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:35:21.0203 0232 RasAuto - ok
09:35:21.0312 0232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:35:21.0312 0232 Rasl2tp - ok
09:35:21.0390 0232 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:35:21.0390 0232 RasMan - ok
09:35:21.0500 0232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:35:21.0500 0232 RasPppoe - ok
09:35:21.0640 0232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:35:21.0640 0232 Raspti - ok
09:35:21.0734 0232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:35:21.0734 0232 Rdbss - ok
09:35:21.0859 0232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:35:21.0859 0232 RDPCDD - ok
09:35:21.0953 0232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:35:21.0953 0232 rdpdr - ok
09:35:22.0093 0232 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:35:22.0093 0232 RDPWD - ok
09:35:22.0156 0232 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:35:22.0171 0232 RDSessMgr - ok
09:35:22.0281 0232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:35:22.0281 0232 redbook - ok
09:35:22.0359 0232 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:35:22.0359 0232 RemoteAccess - ok
09:35:22.0406 0232 RimUsb - ok
09:35:22.0484 0232 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:35:22.0484 0232 RimVSerPort - ok
09:35:22.0609 0232 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:35:22.0609 0232 ROOTMODEM - ok
09:35:22.0718 0232 RoxLiveShare9 - ok
09:35:22.0843 0232 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:35:22.0859 0232 RpcLocator - ok
09:35:22.0953 0232 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:35:22.0953 0232 RpcSs - ok
09:35:23.0062 0232 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:35:23.0062 0232 RSVP - ok
09:35:23.0156 0232 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:35:23.0156 0232 SamSs - ok
09:35:23.0218 0232 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:35:23.0234 0232 SCardSvr - ok
09:35:23.0328 0232 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:35:23.0343 0232 Schedule - ok
09:35:23.0468 0232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:35:23.0484 0232 Secdrv - ok
09:35:23.0562 0232 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:35:23.0562 0232 seclogon - ok
09:35:23.0671 0232 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:35:23.0687 0232 SENS - ok
09:35:23.0796 0232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:35:23.0796 0232 serenum - ok
09:35:23.0859 0232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:35:23.0875 0232 Serial - ok
09:35:23.0968 0232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:35:23.0968 0232 Sfloppy - ok
09:35:24.0046 0232 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:35:24.0062 0232 SharedAccess - ok
09:35:24.0156 0232 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:35:24.0156 0232 ShellHWDetection - ok
09:35:24.0250 0232 Simbad - ok
09:35:24.0328 0232 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
09:35:24.0328 0232 sisagp - ok
09:35:24.0468 0232 smwdm (a817845e68342d7d1c97937ea707412b) C:\WINDOWS\system32\drivers\smwdm.sys
09:35:24.0484 0232 smwdm - ok
09:35:24.0609 0232 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:35:24.0609 0232 SONYPVU1 - ok
09:35:24.0718 0232 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
09:35:24.0718 0232 SoundMAX Agent Service (default) - ok
09:35:24.0828 0232 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
09:35:24.0843 0232 Sparrow - ok
09:35:24.0953 0232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:35:24.0953 0232 splitter - ok
09:35:25.0062 0232 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:35:25.0062 0232 Spooler - ok
09:35:25.0171 0232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:35:25.0171 0232 sr - ok
09:35:25.0281 0232 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
09:35:25.0296 0232 srservice - ok
09:35:25.0421 0232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:35:25.0437 0232 Srv - ok
09:35:25.0562 0232 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:35:25.0562 0232 sscdbhk5 - ok
09:35:25.0625 0232 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:35:25.0625 0232 SSDPSRV - ok
09:35:25.0765 0232 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
09:35:25.0765 0232 ssrtln - ok
09:35:25.0859 0232 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:35:25.0890 0232 stisvc - ok
09:35:26.0000 0232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:35:26.0000 0232 swenum - ok
09:35:26.0078 0232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:35:26.0078 0232 swmidi - ok
09:35:26.0140 0232 SwPrv - ok
09:35:26.0250 0232 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
09:35:26.0250 0232 symc810 - ok
09:35:26.0328 0232 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
09:35:26.0328 0232 symc8xx - ok
09:35:26.0453 0232 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
09:35:26.0453 0232 sym_hi - ok
09:35:26.0515 0232 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
09:35:26.0515 0232 sym_u3 - ok
09:35:26.0593 0232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:35:26.0593 0232 sysaudio - ok
09:35:26.0703 0232 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:35:26.0703 0232 SysmonLog - ok
09:35:26.0796 0232 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:35:26.0812 0232 TapiSrv - ok
09:35:26.0953 0232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:35:26.0968 0232 Tcpip - ok
09:35:27.0093 0232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:35:27.0093 0232 TDPIPE - ok
09:35:27.0218 0232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:35:27.0218 0232 TDTCP - ok
09:35:27.0343 0232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:35:27.0343 0232 TermDD - ok
09:35:27.0421 0232 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:35:27.0453 0232 TermService - ok
09:35:27.0578 0232 tfsnboio (9acc8b321ac40d09f8ede8c86e125da3) C:\WINDOWS\system32\dla\tfsnboio.sys
09:35:27.0593 0232 tfsnboio - ok
09:35:27.0671 0232 tfsncofs (de9189d99ebcbbab2b31b6b09c9c3009) C:\WINDOWS\system32\dla\tfsncofs.sys
09:35:27.0671 0232 tfsncofs - ok
09:35:27.0718 0232 tfsndrct (61ad01c2e8365608831f46a7bf85a4c8) C:\WINDOWS\system32\dla\tfsndrct.sys
09:35:27.0718 0232 tfsndrct - ok
09:35:27.0796 0232 tfsndres (0d3463ada11b5cd081e49f74a79d7458) C:\WINDOWS\system32\dla\tfsndres.sys
09:35:27.0796 0232 tfsndres - ok
09:35:27.0890 0232 tfsnifs (760d69f3bd16de68b235ba9cafab5dd1) C:\WINDOWS\system32\dla\tfsnifs.sys
09:35:27.0890 0232 tfsnifs - ok
09:35:28.0000 0232 tfsnopio (1e2ad02f3557e18d4b77ccc20d370318) C:\WINDOWS\system32\dla\tfsnopio.sys
09:35:28.0000 0232 tfsnopio - ok
09:35:28.0046 0232 tfsnpool (3e43969d4d7f9140483d150fa35d4c72) C:\WINDOWS\system32\dla\tfsnpool.sys
09:35:28.0046 0232 tfsnpool - ok
09:35:28.0187 0232 tfsnudf (07b9263a4f470c75bd4c54871e6072e7) C:\WINDOWS\system32\dla\tfsnudf.sys
09:35:28.0187 0232 tfsnudf - ok
09:35:28.0265 0232 tfsnudfa (f2c9d20d32d782b3f311a5b256d83803) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:35:28.0265 0232 tfsnudfa - ok
09:35:28.0328 0232 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:35:28.0343 0232 Themes - ok
09:35:28.0453 0232 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
09:35:28.0453 0232 TosIde - ok
09:35:28.0546 0232 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:35:28.0546 0232 TrkWks - ok
09:35:28.0671 0232 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:35:28.0687 0232 tunmp - ok
09:35:28.0796 0232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:35:28.0796 0232 Udfs - ok
09:35:28.0859 0232 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
09:35:28.0859 0232 ultra - ok
09:35:29.0000 0232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:35:29.0031 0232 Update - ok
09:35:29.0140 0232 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:35:29.0156 0232 upnphost - ok
09:35:29.0250 0232 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:35:29.0250 0232 UPS - ok
09:35:29.0359 0232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:35:29.0359 0232 usbccgp - ok
09:35:29.0484 0232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:35:29.0484 0232 usbehci - ok
09:35:29.0625 0232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:35:29.0625 0232 usbhub - ok
09:35:29.0750 0232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:35:29.0750 0232 usbprint - ok
09:35:29.0859 0232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:35:29.0875 0232 usbscan - ok
09:35:30.0000 0232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:35:30.0000 0232 USBSTOR - ok
09:35:30.0109 0232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:35:30.0109 0232 usbuhci - ok
09:35:30.0203 0232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:35:30.0203 0232 VgaSave - ok
09:35:30.0328 0232 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
09:35:30.0328 0232 viaagp - ok
09:35:30.0453 0232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:35:30.0453 0232 ViaIde - ok
09:35:30.0562 0232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:35:30.0562 0232 VolSnap - ok
09:35:30.0671 0232 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:35:30.0703 0232 VSS - ok
09:35:30.0796 0232 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
09:35:30.0796 0232 W32Time - ok
09:35:30.0875 0232 W700bus - ok
09:35:31.0000 0232 W8335XP (f0bdc2b474e26117ee77bfdba051fb3c) C:\WINDOWS\system32\DRIVERS\Mrvw125.sys
09:35:31.0015 0232 W8335XP - ok
09:35:31.0140 0232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:35:31.0140 0232 Wanarp - ok
09:35:31.0312 0232 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:35:31.0359 0232 Wdf01000 - ok
09:35:31.0453 0232 WDICA - ok
09:35:31.0546 0232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:35:31.0546 0232 wdmaud - ok
09:35:31.0640 0232 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:35:31.0640 0232 WebClient - ok
09:35:31.0796 0232 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:35:31.0828 0232 winachsf - ok
09:35:31.0921 0232 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:35:31.0921 0232 winmgmt - ok
09:35:32.0031 0232 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:35:32.0031 0232 WmdmPmSN - ok
09:35:32.0171 0232 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:35:32.0171 0232 WmiApSrv - ok
09:35:32.0296 0232 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:35:32.0328 0232 WMPNetworkSvc - ok
09:35:32.0453 0232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:35:32.0453 0232 WpdUsb - ok
09:35:32.0546 0232 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:35:32.0562 0232 wuauserv - ok
09:35:32.0687 0232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:35:32.0687 0232 WudfPf - ok
09:35:32.0796 0232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:35:32.0796 0232 WudfRd - ok
09:35:32.0890 0232 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:35:32.0890 0232 WudfSvc - ok
09:35:33.0000 0232 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:35:33.0046 0232 WZCSVC - ok
09:35:33.0140 0232 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:35:33.0140 0232 xmlprov - ok
09:35:33.0171 0232 MBR (0x1B8) (ab67d479e4ee1ccad757294b60ddb98f) \Device\Harddisk0\DR0
09:35:33.0218 0232 \Device\Harddisk0\DR0 - ok
09:35:33.0218 0232 Boot (0x1200) (434dff4ca046d42723174f2bfc615180) \Device\Harddisk0\DR0\Partition0
09:35:33.0218 0232 \Device\Harddisk0\DR0\Partition0 - ok
09:35:33.0234 0232 ============================================================
09:35:33.0234 0232 Scan finished
09:35:33.0234 0232 ============================================================
09:35:33.0250 2696 Detected object count: 0
09:35:33.0250 2696 Actual detected object count: 0
09:35:54.0890 2404 ============================================================
09:35:54.0890 2404 Scan started
09:35:54.0890 2404 Mode: Manual; SigCheck; TDLFS;
09:35:54.0890 2404 ============================================================
09:35:55.0125 2404 Abiosdsk - ok
09:35:55.0250 2404 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
09:35:57.0296 2404 abp480n5 - ok
09:35:57.0406 2404 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
09:35:57.0656 2404 ac97intc - ok
09:35:57.0781 2404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:35:57.0953 2404 ACPI - ok
09:35:58.0078 2404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:35:58.0234 2404 ACPIEC - ok
09:35:58.0375 2404 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
09:35:58.0562 2404 adpu160m - ok
09:35:58.0687 2404 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
09:35:58.0734 2404 aeaudio - ok
09:35:58.0843 2404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:35:59.0015 2404 aec - ok
09:35:59.0140 2404 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:35:59.0218 2404 AFD - ok
09:35:59.0328 2404 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:35:59.0515 2404 agp440 - ok
09:35:59.0625 2404 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
09:35:59.0812 2404 agpCPQ - ok
09:35:59.0921 2404 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
09:36:00.0000 2404 Aha154x - ok
09:36:00.0125 2404 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
09:36:00.0296 2404 aic78u2 - ok
09:36:00.0421 2404 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
09:36:00.0578 2404 aic78xx - ok
09:36:00.0671 2404 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:36:00.0843 2404 Alerter - ok
09:36:00.0937 2404 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:36:01.0000 2404 ALG - ok
09:36:01.0125 2404 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
09:36:01.0296 2404 AliIde - ok
09:36:01.0421 2404 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
09:36:01.0609 2404 alim1541 - ok
09:36:01.0734 2404 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
09:36:01.0921 2404 amdagp - ok
09:36:01.0968 2404 ami0nt - ok
09:36:02.0078 2404 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
09:36:02.0156 2404 amsint - ok
09:36:02.0187 2404 AppMgmt - ok
09:36:02.0265 2404 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
09:36:02.0453 2404 asc - ok
09:36:02.0531 2404 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
09:36:02.0609 2404 asc3350p - ok
09:36:02.0671 2404 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
09:36:02.0843 2404 asc3550 - ok
09:36:02.0968 2404 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:36:02.0984 2404 aspnet_state - ok
09:36:03.0078 2404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:36:03.0281 2404 AsyncMac - ok
09:36:03.0375 2404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:36:03.0578 2404 atapi - ok
09:36:03.0671 2404 Atdisk - ok
09:36:03.0796 2404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:36:04.0000 2404 Atmarpc - ok
09:36:04.0078 2404 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:36:04.0265 2404 AudioSrv - ok
09:36:04.0390 2404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:36:04.0578 2404 audstub - ok
09:36:04.0718 2404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:36:04.0906 2404 Beep - ok
09:36:04.0984 2404 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:36:05.0203 2404 BITS - ok
09:36:05.0296 2404 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:36:05.0500 2404 Browser - ok
09:36:05.0625 2404 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
09:36:05.0812 2404 cbidf - ok
09:36:05.0859 2404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:36:06.0046 2404 cbidf2k - ok
09:36:06.0109 2404 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
09:36:06.0171 2404 cd20xrnt - ok
09:36:06.0296 2404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:36:06.0500 2404 Cdaudio - ok
09:36:06.0578 2404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:36:06.0765 2404 Cdfs - ok
09:36:06.0875 2404 Cdrom (0f1542324b1586971e5a436acdc10180) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:36:06.0890 2404 Cdrom ( UnsignedFile.Multi.Generic ) - warning
09:36:06.0890 2404 Cdrom - detected UnsignedFile.Multi.Generic (1)
09:36:06.0984 2404 Changer - ok
09:36:07.0046 2404 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:36:07.0250 2404 CiSvc - ok
09:36:07.0343 2404 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:36:07.0546 2404 ClipSrv - ok
09:36:07.0656 2404 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:36:07.0671 2404 clr_optimization_v2.0.50727_32 - ok
09:36:07.0781 2404 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
09:36:07.0953 2404 CmdIde - ok
09:36:08.0000 2404 CoachAud - ok
09:36:08.0046 2404 COMSysApp - ok
09:36:08.0125 2404 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
09:36:08.0312 2404 Cpqarray - ok
09:36:08.0390 2404 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:36:08.0562 2404 CryptSvc - ok
09:36:08.0703 2404 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
09:36:08.0890 2404 dac2w2k - ok
09:36:09.0000 2404 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
09:36:09.0187 2404 dac960nt - ok
09:36:09.0265 2404 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:36:09.0359 2404 DcomLaunch - ok
09:36:09.0453 2404 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:36:09.0656 2404 Dhcp - ok
09:36:09.0765 2404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:36:09.0937 2404 Disk - ok
09:36:10.0000 2404 dmadmin - ok
09:36:10.0125 2404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:36:10.0359 2404 dmboot - ok
09:36:10.0468 2404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:36:10.0656 2404 dmio - ok
09:36:10.0765 2404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:36:10.0953 2404 dmload - ok
09:36:11.0015 2404 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:36:11.0203 2404 dmserver - ok
09:36:11.0328 2404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:36:11.0531 2404 DMusic - ok
09:36:11.0609 2404 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:36:11.0703 2404 Dnscache - ok
09:36:11.0796 2404 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:36:12.0000 2404 Dot3svc - ok
09:36:12.0125 2404 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
09:36:12.0312 2404 dpti2o - ok
09:36:12.0421 2404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:36:12.0593 2404 drmkaud - ok
09:36:12.0703 2404 drvmcdb (0196321f41476fc1fe6b0b7c37a6051e) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:36:12.0718 2404 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
09:36:12.0718 2404 drvmcdb - detected UnsignedFile.Multi.Generic (1)
09:36:12.0843 2404 drvnddm (273061d90d4af7c1539e8102c7f458b5) C:\WINDOWS\system32\drivers\drvnddm.sys
09:36:12.0843 2404 drvnddm ( UnsignedFile.Multi.Generic ) - warning
09:36:12.0843 2404 drvnddm - detected UnsignedFile.Multi.Generic (1)
09:36:12.0984 2404 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:36:13.0031 2404 E100B - ok
09:36:13.0109 2404 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:36:13.0296 2404 EapHost - ok
09:36:13.0390 2404 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
09:36:13.0406 2404 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
09:36:13.0406 2404 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
09:36:13.0515 2404 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
09:36:13.0546 2404 ENETHUSB ( UnsignedFile.Multi.Generic ) - warning
09:36:13.0546 2404 ENETHUSB - detected UnsignedFile.Multi.Generic (1)
09:36:13.0625 2404 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:36:13.0812 2404 ERSvc - ok
09:36:13.0890 2404 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:36:13.0921 2404 Eventlog - ok
09:36:14.0015 2404 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:36:14.0062 2404 EventSystem - ok
09:36:14.0187 2404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:36:14.0359 2404 Fastfat - ok
09:36:14.0453 2404 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:36:14.0515 2404 FastUserSwitchingCompatibility - ok
09:36:14.0640 2404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:36:14.0812 2404 Fdc - ok
09:36:14.0937 2404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:36:15.0125 2404 Fips - ok
09:36:15.0234 2404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:36:15.0421 2404 Flpydisk - ok
09:36:15.0531 2404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:36:15.0718 2404 FltMgr - ok
09:36:15.0828 2404 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:36:15.0843 2404 FontCache3.0.0.0 - ok
09:36:15.0953 2404 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
09:36:15.0968 2404 fssfltr - ok
09:36:16.0109 2404 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:36:16.0156 2404 fsssvc - ok
09:36:16.0296 2404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:36:16.0468 2404 Fs_Rec - ok
09:36:16.0546 2404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:36:16.0734 2404 Ftdisk - ok
09:36:16.0843 2404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:36:17.0046 2404 Gpc - ok
09:36:17.0140 2404 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:36:17.0312 2404 helpsvc - ok
09:36:17.0390 2404 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:36:17.0578 2404 HidServ - ok
09:36:17.0687 2404 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:36:17.0875 2404 HidUsb - ok
09:36:17.0953 2404 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:36:18.0140 2404 hkmsvc - ok
09:36:18.0281 2404 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
09:36:18.0437 2404 hpn - ok
09:36:18.0562 2404 HSFHWBS2 (1fdb1af2bb9a57ed3ab29e6a204b2519) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:36:18.0609 2404 HSFHWBS2 - ok
09:36:18.0750 2404 HSF_DP (a95b7c58da69abefcbb849a38ae377c4) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:36:18.0828 2404 HSF_DP - ok
09:36:18.0953 2404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:36:19.0015 2404 HTTP - ok
09:36:19.0093 2404 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:36:19.0281 2404 HTTPFilter - ok
09:36:19.0406 2404 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:36:19.0578 2404 i2omgmt - ok
09:36:19.0703 2404 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
09:36:19.0875 2404 i2omp - ok
09:36:20.0000 2404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:36:20.0187 2404 i8042prt - ok
09:36:20.0312 2404 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:36:20.0359 2404 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:36:20.0359 2404 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:36:20.0484 2404 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:36:20.0562 2404 idsvc - ok
09:36:20.0687 2404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:36:20.0875 2404 Imapi - ok
09:36:20.0968 2404 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
09:36:21.0140 2404 ImapiService - ok
09:36:21.0250 2404 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
09:36:21.0437 2404 ini910u - ok
09:36:21.0562 2404 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
09:36:21.0734 2404 IntelIde - ok
09:36:21.0843 2404 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:36:22.0031 2404 intelppm - ok
09:36:22.0156 2404 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:36:22.0343 2404 ip6fw - ok
09:36:22.0484 2404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:36:22.0656 2404 IpFilterDriver - ok
09:36:22.0734 2404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:36:22.0906 2404 IpInIp - ok
09:36:23.0031 2404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:36:23.0234 2404 IpNat - ok
09:36:23.0359 2404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:36:23.0546 2404 IPSec - ok
09:36:23.0671 2404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:36:23.0750 2404 IRENUM - ok
09:36:23.0859 2404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:36:24.0046 2404 isapnp - ok
09:36:24.0156 2404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:36:24.0343 2404 Kbdclass - ok
09:36:24.0453 2404 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:36:24.0671 2404 kbdhid - ok
09:36:24.0750 2404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:36:24.0937 2404 kmixer - ok
09:36:25.0062 2404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:36:25.0156 2404 KSecDD - ok
09:36:25.0234 2404 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:36:25.0296 2404 lanmanserver - ok
09:36:25.0390 2404 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:36:25.0484 2404 lanmanworkstation - ok
09:36:25.0578 2404 lbrtfdc - ok
09:36:25.0687 2404 LexBceS (095aafc4129ed6cc8ea6bb1bc712af72) C:\WINDOWS\system32\LEXBCES.EXE
09:36:25.0765 2404 LexBceS - ok
09:36:25.0843 2404 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:36:26.0031 2404 LmHosts - ok
09:36:26.0156 2404 m4cxwxp (034dab73c9e6c6f861375814fb34390b) C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys
09:36:26.0171 2404 m4cxwxp ( UnsignedFile.Multi.Generic ) - warning
09:36:26.0171 2404 m4cxwxp - detected UnsignedFile.Multi.Generic (1)
09:36:26.0296 2404 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:36:26.0343 2404 MBAMProtector - ok
09:36:26.0453 2404 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:36:26.0484 2404 MBAMService - ok
09:36:26.0609 2404 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:36:26.0625 2404 mdmxsdk - ok
09:36:26.0718 2404 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:36:26.0875 2404 Messenger - ok
09:36:26.0984 2404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:36:27.0171 2404 mnmdd - ok
09:36:27.0250 2404 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:36:27.0437 2404 mnmsrvc - ok
09:36:27.0546 2404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:36:27.0718 2404 Modem - ok
09:36:27.0828 2404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:36:28.0046 2404 Mouclass - ok
09:36:28.0187 2404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:36:28.0359 2404 mouhid - ok
09:36:28.0468 2404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:36:28.0656 2404 MountMgr - ok
09:36:28.0765 2404 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
09:36:28.0921 2404 mraid35x - ok
09:36:29.0046 2404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:36:29.0234 2404 MRxDAV - ok
09:36:29.0359 2404 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:36:29.0453 2404 MRxSmb - ok
09:36:29.0546 2404 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:36:29.0718 2404 MSDTC - ok
09:36:29.0843 2404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:36:30.0015 2404 Msfs - ok
09:36:30.0093 2404 MSIServer - ok
09:36:30.0187 2404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:36:30.0343 2404 MSKSSRV - ok
09:36:30.0468 2404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:36:30.0640 2404 MSPCLOCK - ok
09:36:30.0765 2404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:36:30.0953 2404 MSPQM - ok
09:36:31.0062 2404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:36:31.0234 2404 mssmbios - ok
09:36:31.0359 2404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:36:31.0421 2404 Mup - ok
09:36:31.0531 2404 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:36:31.0718 2404 napagent - ok
09:36:31.0812 2404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:36:31.0984 2404 NDIS - ok
09:36:32.0093 2404 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:36:32.0156 2404 NdisTapi - ok
09:36:32.0281 2404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:36:32.0453 2404 Ndisuio - ok
09:36:32.0562 2404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:36:32.0734 2404 NdisWan - ok
09:36:32.0812 2404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:36:32.0859 2404 NDProxy - ok
09:36:32.0968 2404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:36:33.0140 2404 NetBIOS - ok
09:36:33.0265 2404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:36:33.0437 2404 NetBT - ok
09:36:33.0515 2404 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:36:33.0671 2404 NetDDE - ok
09:36:33.0687 2404 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:36:33.0859 2404 NetDDEdsdm - ok
09:36:33.0937 2404 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:36:34.0093 2404 Netlogon - ok
09:36:34.0203 2404 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:36:34.0375 2404 Netman - ok
09:36:34.0484 2404 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:36:34.0500 2404 NetTcpPortSharing - ok
09:36:34.0578 2404 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:36:34.0609 2404 Nla - ok
09:36:34.0796 2404 NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:36:34.0828 2404 NMIndexingService - ok
09:36:34.0937 2404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:36:35.0109 2404 Npfs - ok
09:36:35.0187 2404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:36:35.0390 2404 Ntfs - ok
09:36:35.0484 2404 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:36:35.0656 2404 NtLmSsp - ok
09:36:35.0765 2404 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:36:35.0937 2404 NtmsSvc - ok
09:36:36.0078 2404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:36:36.0250 2404 Null - ok
09:36:36.0421 2404 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:36:36.0562 2404 nv - ok
09:36:36.0625 2404 nvnforce - ok
09:36:36.0703 2404 NVSvc (87445455aef55e3ed41d25a803c545fe) C:\WINDOWS\system32\nvsvc32.exe
09:36:36.0734 2404 NVSvc - ok
09:36:36.0843 2404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:36:37.0015 2404 NwlnkFlt - ok
09:36:37.0125 2404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:36:37.0312 2404 NwlnkFwd - ok
09:36:37.0375 2404 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:36:37.0375 2404 ose - ok
09:36:37.0484 2404 PalmUSBD - ok
09:36:37.0609 2404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:36:37.0781 2404 Parport - ok
09:36:37.0906 2404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:36:38.0078 2404 PartMgr - ok
09:36:38.0203 2404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:36:38.0375 2404 ParVdm - ok
09:36:38.0453 2404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:36:38.0609 2404 PCI - ok
09:36:38.0703 2404 PCIDump - ok
09:36:38.0781 2404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:36:38.0937 2404 PCIIde - ok
09:36:39.0062 2404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:36:39.0250 2404 Pcmcia - ok
09:36:39.0343 2404 PDCOMP - ok
09:36:39.0390 2404 PDFRAME - ok
09:36:39.0453 2404 PDRELI - ok
09:36:39.0515 2404 PDRFRAME - ok
09:36:39.0609 2404 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
09:36:39.0656 2404 pelmouse - ok
09:36:39.0765 2404 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
09:36:39.0796 2404 pelusblf - ok
09:36:39.0921 2404 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
09:36:40.0093 2404 perc2 - ok
09:36:40.0203 2404 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
09:36:40.0375 2404 perc2hib - ok
09:36:40.0500 2404 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:36:40.0531 2404 PlugPlay - ok
09:36:40.0625 2404 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:36:40.0781 2404 PolicyAgent - ok
09:36:40.0906 2404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:36:41.0062 2404 PptpMiniport - ok
09:36:41.0187 2404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:36:41.0359 2404 Processor - ok
09:36:41.0437 2404 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:36:41.0593 2404 ProtectedStorage - ok
09:36:41.0703 2404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:36:41.0859 2404 PSched - ok
09:36:41.0984 2404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:36:42.0156 2404 Ptilink - ok
09:36:42.0234 2404 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
09:36:42.0390 2404 ql1080 - ok
09:36:42.0515 2404 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
09:36:42.0687 2404 Ql10wnt - ok
09:36:42.0812 2404 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
09:36:43.0000 2404 ql12160 - ok
09:36:43.0125 2404 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
09:36:43.0281 2404 ql1240 - ok
09:36:43.0390 2404 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
09:36:43.0562 2404 ql1280 - ok
09:36:43.0703 2404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:36:43.0875 2404 RasAcd - ok
09:36:43.0953 2404 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:36:44.0109 2404 RasAuto - ok
09:36:44.0234 2404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:36:44.0406 2404 Rasl2tp - ok
09:36:44.0484 2404 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:36:44.0656 2404 RasMan - ok
09:36:44.0765 2404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:36:44.0968 2404 RasPppoe - ok
09:36:45.0109 2404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:36:45.0250 2404 Raspti - ok
09:36:45.0328 2404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:36:45.0531 2404 Rdbss - ok
09:36:45.0656 2404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:36:45.0796 2404 RDPCDD - ok
09:36:45.0890 2404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:36:46.0062 2404 rdpdr - ok
09:36:46.0203 2404 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:36:46.0250 2404 RDPWD - ok
09:36:46.0343 2404 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:36:46.0531 2404 RDSessMgr - ok
09:36:46.0656 2404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:36:46.0843 2404 redbook - ok
09:36:46.0921 2404 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:36:47.0093 2404 RemoteAccess - ok
09:36:47.0187 2404 RimUsb - ok
09:36:47.0312 2404 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:36:47.0343 2404 RimVSerPort - ok
09:36:47.0468 2404 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:36:47.0640 2404 ROOTMODEM - ok
09:36:47.0765 2404 RoxLiveShare9 - ok
09:36:47.0875 2404 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:36:48.0031 2404 RpcLocator - ok
09:36:48.0156 2404 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:36:48.0187 2404 RpcSs - ok
09:36:48.0312 2404 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:36:48.0468 2404 RSVP - ok
09:36:48.0546 2404 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:36:48.0718 2404 SamSs - ok
09:36:48.0812 2404 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:36:48.0984 2404 SCardSvr - ok
09:36:49.0062 2404 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:36:49.0234 2404 Schedule - ok
09:36:49.0359 2404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:36:49.0437 2404 Secdrv - ok
09:36:49.0515 2404 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:36:49.0687 2404 seclogon - ok
09:36:49.0765 2404 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:36:49.0937 2404 SENS - ok
09:36:50.0031 2404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:36:50.0203 2404 serenum - ok
09:36:50.0281 2404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:36:50.0437 2404 Serial - ok
09:36:50.0562 2404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:36:50.0750 2404 Sfloppy - ok
09:36:50.0843 2404 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:36:51.0015 2404 SharedAccess - ok
09:36:51.0109 2404 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:36:51.0156 2404 ShellHWDetection - ok
09:36:51.0250 2404 Simbad - ok
09:36:51.0328 2404 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
09:36:51.0515 2404 sisagp - ok
09:36:51.0656 2404 smwdm (a817845e68342d7d1c97937ea707412b) C:\WINDOWS\system32\drivers\smwdm.sys
09:36:51.0687 2404 smwdm - ok
09:36:51.0796 2404 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:36:51.0968 2404 SONYPVU1 - ok
09:36:52.0062 2404 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
09:36:52.0078 2404 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
09:36:52.0078 2404 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
09:36:52.0187 2404 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
09:36:52.0265 2404 Sparrow - ok
09:36:52.0390 2404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:36:52.0562 2404 splitter - ok
09:36:52.0640 2404 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:36:52.0687 2404 Spooler - ok
09:36:52.0796 2404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:36:52.0875 2404 sr - ok
09:36:52.0968 2404 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
09:36:53.0046 2404 srservice - ok
09:36:53.0140 2404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:36:53.0203 2404 Srv - ok
09:36:53.0312 2404 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:36:53.0328 2404 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
09:36:53.0328 2404 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
09:36:53.0421 2404 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:36:53.0484 2404 SSDPSRV - ok
09:36:53.0609 2404 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
09:36:53.0625 2404 ssrtln ( UnsignedFile.Multi.Generic ) - warning
09:36:53.0625 2404 ssrtln - detected UnsignedFile.Multi.Generic (1)
09:36:53.0718 2404 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:36:53.0875 2404 stisvc - ok
09:36:53.0984 2404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:36:54.0156 2404 swenum - ok
09:36:54.0234 2404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:36:54.0390 2404 swmidi - ok
09:36:54.0453 2404 SwPrv - ok
09:36:54.0562 2404 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
09:36:54.0734 2404 symc810 - ok
09:36:54.0843 2404 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
09:36:55.0046 2404 symc8xx - ok
09:36:55.0171 2404 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
09:36:55.0328 2404 sym_hi - ok
09:36:55.0437 2404 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
09:36:55.0593 2404 sym_u3 - ok
09:36:55.0656 2404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:36:55.0828 2404 sysaudio - ok
09:36:55.0937 2404 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:36:56.0109 2404 SysmonLog - ok
09:36:56.0203 2404 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:36:56.0375 2404 TapiSrv - ok
09:36:56.0500 2404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:36:56.0531 2404 Tcpip - ok
09:36:56.0656 2404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:36:56.0812 2404 TDPIPE - ok
09:36:56.0937 2404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:36:57.0125 2404 TDTCP - ok
09:36:57.0250 2404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:36:57.0406 2404 TermDD - ok
09:36:57.0515 2404 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:36:57.0687 2404 TermService - ok
09:36:57.0796 2404 tfsnboio (9acc8b321ac40d09f8ede8c86e125da3) C:\WINDOWS\system32\dla\tfsnboio.sys
09:36:57.0796 2404 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
09:36:57.0796 2404 tfsnboio - detected UnsignedFile.Multi.Generic (1)
09:36:57.0906 2404 tfsncofs (de9189d99ebcbbab2b31b6b09c9c3009) C:\WINDOWS\system32\dla\tfsncofs.sys
09:36:57.0921 2404 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
09:36:57.0921 2404 tfsncofs - detected UnsignedFile.Multi.Generic (1)
09:36:58.0015 2404 tfsndrct (61ad01c2e8365608831f46a7bf85a4c8) C:\WINDOWS\system32\dla\tfsndrct.sys
09:36:58.0031 2404 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0031 2404 tfsndrct - detected UnsignedFile.Multi.Generic (1)
09:36:58.0140 2404 tfsndres (0d3463ada11b5cd081e49f74a79d7458) C:\WINDOWS\system32\dla\tfsndres.sys
09:36:58.0156 2404 tfsndres ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0156 2404 tfsndres - detected UnsignedFile.Multi.Generic (1)
09:36:58.0265 2404 tfsnifs (760d69f3bd16de68b235ba9cafab5dd1) C:\WINDOWS\system32\dla\tfsnifs.sys
09:36:58.0296 2404 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0296 2404 tfsnifs - detected UnsignedFile.Multi.Generic (1)
09:36:58.0390 2404 tfsnopio (1e2ad02f3557e18d4b77ccc20d370318) C:\WINDOWS\system32\dla\tfsnopio.sys
09:36:58.0406 2404 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0406 2404 tfsnopio - detected UnsignedFile.Multi.Generic (1)
09:36:58.0515 2404 tfsnpool (3e43969d4d7f9140483d150fa35d4c72) C:\WINDOWS\system32\dla\tfsnpool.sys
09:36:58.0515 2404 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0515 2404 tfsnpool - detected UnsignedFile.Multi.Generic (1)
09:36:58.0593 2404 tfsnudf (07b9263a4f470c75bd4c54871e6072e7) C:\WINDOWS\system32\dla\tfsnudf.sys
09:36:58.0609 2404 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0609 2404 tfsnudf - detected UnsignedFile.Multi.Generic (1)
09:36:58.0734 2404 tfsnudfa (f2c9d20d32d782b3f311a5b256d83803) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:36:58.0750 2404 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
09:36:58.0750 2404 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
09:36:58.0843 2404 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:36:58.0859 2404 Themes - ok
09:36:58.0984 2404 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
09:36:59.0140 2404 TosIde - ok
09:36:59.0234 2404 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:36:59.0421 2404 TrkWks - ok
09:36:59.0562 2404 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:36:59.0718 2404 tunmp - ok
09:36:59.0828 2404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:37:00.0000 2404 Udfs - ok
09:37:00.0078 2404 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
09:37:00.0156 2404 ultra - ok
09:37:00.0296 2404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:37:00.0484 2404 Update - ok
09:37:00.0578 2404 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:37:00.0656 2404 upnphost - ok
09:37:00.0750 2404 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:37:00.0937 2404 UPS - ok
09:37:01.0046 2404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:37:01.0203 2404 usbccgp - ok
09:37:01.0328 2404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:37:01.0484 2404 usbehci - ok
09:37:01.0625 2404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:37:01.0796 2404 usbhub - ok
09:37:01.0875 2404 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:37:02.0031 2404 usbprint - ok
09:37:02.0156 2404 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:37:02.0312 2404 usbscan - ok
09:37:02.0437 2404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:37:02.0609 2404 USBSTOR - ok
09:37:02.0703 2404 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:37:02.0875 2404 usbuhci - ok
09:37:02.0984 2404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:37:03.0156 2404 VgaSave - ok
09:37:03.0281 2404 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
09:37:03.0453 2404 viaagp - ok
09:37:03.0578 2404 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:37:03.0750 2404 ViaIde - ok
09:37:03.0875 2404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:37:04.0031 2404 VolSnap - ok
09:37:04.0140 2404 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:37:04.0218 2404 VSS - ok
09:37:04.0312 2404 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
09:37:04.0468 2404 W32Time - ok
09:37:04.0531 2404 W700bus - ok
09:37:04.0640 2404 W8335XP (f0bdc2b474e26117ee77bfdba051fb3c) C:\WINDOWS\system32\DRIVERS\Mrvw125.sys
09:37:04.0656 2404 W8335XP ( UnsignedFile.Multi.Generic ) - warning
09:37:04.0656 2404 W8335XP - detected UnsignedFile.Multi.Generic (1)
09:37:04.0781 2404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:37:04.0953 2404 Wanarp - ok
09:37:05.0093 2404 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:37:05.0125 2404 Wdf01000 - ok
09:37:05.0171 2404 WDICA - ok
09:37:05.0234 2404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:37:05.0390 2404 wdmaud - ok
09:37:05.0484 2404 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:37:05.0640 2404 WebClient - ok
09:37:05.0781 2404 winachsf (602a1608c419d1be4a52df3a2e8f4516) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:37:05.0843 2404 winachsf - ok
09:37:05.0968 2404 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:37:06.0125 2404 winmgmt - ok
09:37:06.0234 2404 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:37:06.0312 2404 WmdmPmSN - ok
09:37:06.0437 2404 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:37:06.0609 2404 WmiApSrv - ok
09:37:06.0718 2404 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:37:06.0796 2404 WMPNetworkSvc - ok
09:37:06.0906 2404 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:37:06.0937 2404 WpdUsb - ok
09:37:07.0031 2404 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:37:07.0218 2404 wuauserv - ok
09:37:07.0343 2404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:37:07.0390 2404 WudfPf - ok
09:37:07.0515 2404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:37:07.0546 2404 WudfRd - ok
09:37:07.0640 2404 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:37:07.0687 2404 WudfSvc - ok
09:37:07.0781 2404 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:37:07.0984 2404 WZCSVC - ok
09:37:08.0078 2404 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:37:08.0250 2404 xmlprov - ok
09:37:08.0296 2404 MBR (0x1B8) (ab67d479e4ee1ccad757294b60ddb98f) \Device\Harddisk0\DR0
09:37:08.0359 2404 \Device\Harddisk0\DR0 - ok
09:37:08.0375 2404 Boot (0x1200) (434dff4ca046d42723174f2bfc615180) \Device\Harddisk0\DR0\Partition0
09:37:08.0375 2404 \Device\Harddisk0\DR0\Partition0 - ok
09:37:08.0375 2404 ============================================================
09:37:08.0375 2404 Scan finished
09:37:08.0375 2404 ============================================================
09:37:08.0515 3312 Detected object count: 20
09:37:08.0515 3312 Actual detected object count: 20
12:57:13.0187 3312 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0187 3312 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0187 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0187 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0203 3312 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0203 3312 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0203 3312 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0203 3312 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0203 3312 ENETHUSB ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0203 3312 ENETHUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0203 3312 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0203 3312 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0218 3312 m4cxwxp ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0218 3312 m4cxwxp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0218 3312 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0218 3312 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0218 3312 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0218 3312 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0234 3312 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0234 3312 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0234 3312 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0234 3312 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0250 3312 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0250 3312 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0265 3312 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0265 3312 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0265 3312 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0265 3312 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0265 3312 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0265 3312 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0265 3312 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0281 3312 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0281 3312 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0281 3312 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0281 3312 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0281 3312 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0296 3312 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0296 3312 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:13.0296 3312 W8335XP ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:13.0296 3312 W8335XP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:01:15.0218 2328 ============================================================
13:01:15.0218 2328 Scan started
13:01:15.0218 2328 Mode: Manual; SigCheck; TDLFS;
13:01:15.0218 2328 ============================================================
13:01:16.0062 2328 Abiosdsk - ok
13:01:16.0187 2328 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
13:01:16.0406 2328 abp480n5 - ok
13:01:16.0515 2328 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:01:16.0718 2328 ac97intc - ok
13:01:16.0843 2328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:17.0031 2328 ACPI - ok
13:01:17.0156 2328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:17.0343 2328 ACPIEC - ok
13:01:17.0468 2328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
13:01:17.0640 2328 adpu160m - ok
13:01:17.0750 2328 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
13:01:17.0796 2328 aeaudio - ok
13:01:17.0921 2328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:18.0125 2328 aec - ok
13:01:18.0265 2328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:18.0296 2328 AFD - ok
13:01:18.0375 2328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:01:18.0546 2328 agp440 - ok
13:01:18.0671 2328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
13:01:18.0875 2328 agpCPQ - ok
13:01:18.0984 2328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
13:01:19.0062 2328 Aha154x - ok
13:01:19.0187 2328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
13:01:19.0359 2328 aic78u2 - ok
13:01:19.0484 2328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
13:01:19.0640 2328 aic78xx - ok
13:01:19.0718 2328 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:01:19.0906 2328 Alerter - ok
13:01:20.0000 2328 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:01:20.0078 2328 ALG - ok
13:01:20.0203 2328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
13:01:20.0390 2328 AliIde - ok
13:01:20.0500 2328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
13:01:20.0671 2328 alim1541 - ok
13:01:20.0796 2328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
13:01:20.0968 2328 amdagp - ok
13:01:21.0078 2328 ami0nt - ok
13:01:21.0312 2328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
13:01:21.0593 2328 amsint - ok
13:01:21.0609 2328 Scan interrupted by user!
13:01:21.0609 2328 Scan interrupted by user!
13:01:21.0609 2328 Scan interrupted by user!
13:01:21.0609 2328 ============================================================
13:01:21.0609 2328 Scan finished
13:01:21.0609 2328 ============================================================
13:01:21.0625 1288 Detected object count: 0
13:01:21.0625 1288 Actual detected object count: 0
13:01:22.0906 0404 Deinitialize success


Farbar Service Scanner Version: 01-03-2012
Ran by Cassie Wood (administrator) on 07-04-2012 at 13:01:48
Running from "C:\Documents and Settings\Cassie Wood\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

OTL logfile created on: 4/7/2012 1:06:04 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Cassie Wood\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 417.96 Mb Available Physical Memory | 40.86% Memory free
1.28 Gb Paging File | 0.79 Gb Available in Paging File | 61.55% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.11 Gb Total Space | 1.38 Gb Free Space | 1.92% Space Free | Partition Type: NTFS

Computer Name: CASSIE | User Name: Cassie Wood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 13:02:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassie Wood\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 04:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 20:32:54 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
PRC - [2007/09/13 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2004/02/13 09:37:00 | 000,094,208 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
PRC - [2004/02/13 09:08:00 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
PRC - [2003/11/20 17:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 18:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002/11/08 18:50:32 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/07/01 19:24:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\SKDAEMON.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/01 14:07:47 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/04 14:44:12 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE for SD\pxl_m17n_tool.dll
MOD - [2004/02/04 18:27:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2004/01/06 11:00:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 2200 Series\ConvDIB.dll
MOD - [2003/12/05 10:42:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBVPP5C.DLL
MOD - [2003/11/06 18:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
MOD - [2002/07/01 19:24:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\SKDAEMON.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\paamsrv.dll -- (W700bus)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifsfilter.dll -- (nvnforce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonypvs1.dll -- (CoachAud)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvpr2mon.dll -- (ami0nt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2005/12/29 19:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) 802.11g/b Driver for Windows XP (8335)
DRV - [2003/08/26 18:23:00 | 000,171,264 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\m4cxwxp.sys -- (m4cxwxp)
DRV - [2003/03/13 17:17:00 | 000,622,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/13 17:17:00 | 000,176,768 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/03/13 17:15:00 | 001,106,944 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/02/11 16:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/31 12:08:54 | 000,028,005 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2003/01/10 16:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcfinancial.ca/
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 AC 1F 20 20 37 CA 01 [binary data]
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\SearchScopes,DefaultScope = {2029E5AB-B550-4AD8-8540-1B17C79B963F}
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\SearchScopes\{2029E5AB-B550-4AD8-8540-1B17C79B963F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\SearchScopes\{3130A456-BEE8-4092-8D61-A2ED36ED1D96}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\SearchScopes\{EA38CC4D-000E-4A6C-A104-DDA578F51B6E}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()



O1 HOSTS File: ([2012/04/02 08:23:17 | 000,000,627 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Hot Key Kbd Daemon] C:\WINDOWS\System32\SKDAEMON.EXE ()
O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StandardInstall] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006..\Run: [IBM RecordNow!] File not found
O4 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006..\Run: [tgcmd] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe (PIXELA CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163813155250 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://webmail.trapsoft.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab (acpRunner Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDA2088B-B834-4509-ACD3-ABE083A74D5F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\axcifda: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cassie Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/23 23:22:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/06/23 23:22:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell - "" = AutoRun
O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ed898720-2f95-11df-9ae8-001195d7b8e6}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{ed898721-2f95-11df-9ae8-001195d7b8e6}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: nvnforce - %systemroot%\system32\tifsfilter.dll File not found
NetSvcs: mail2ec - File not found
NetSvcs: CoachAud - %systemroot%\system32\sonypvs1.dll File not found
NetSvcs: ami0nt - %systemroot%\system32\lvpr2mon.dll File not found
NetSvcs: W700bus - %systemroot%\system32\paamsrv.dll File not found
NetSvcs: mcsysmon - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 13:02:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cassie Wood\Desktop\OTL.exe
[2012/04/07 09:34:27 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassie Wood\Desktop\tdsskiller.exe
[2012/04/06 23:41:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cassie Wood\Desktop\dds.scr
[2012/04/06 23:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\save$$updater
[2012/04/06 13:46:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Cassie Wood\Desktop\aswMBR.exe
[2012/03/31 22:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/31 22:05:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/31 21:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/31 21:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/31 21:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassie Wood\Application Data\Ad-Aware Antivirus
[2012/03/31 21:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D561CC03BE6BFF000122E2D151FC84
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 13:02:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassie Wood\Desktop\OTL.exe
[2012/04/07 13:01:09 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\Desktop\FSS.exe
[2012/04/07 09:34:27 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassie Wood\Desktop\tdsskiller.exe
[2012/04/07 00:30:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/07 00:19:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 00:19:02 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/07 00:18:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 00:18:42 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 00:05:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\Desktop\iylqe3ho.exe
[2012/04/06 23:49:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/06 23:47:32 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 23:41:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Cassie Wood\Desktop\dds.scr
[2012/04/06 23:39:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\defogger_reenable
[2012/04/06 17:47:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 15:18:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\Desktop\MBR.dat
[2012/04/06 13:46:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Cassie Wood\Desktop\aswMBR.exe
[2012/04/06 13:35:33 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\Desktop\SecurityCheck.exe
[2012/03/30 06:19:28 | 000,441,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/30 06:19:28 | 000,071,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/18 15:47:03 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 21:31:45 | 2632,159,388 | ---- | M] () -- C:\Documents and Settings\Cassie Wood\My Documents\Image.nrg
[2012/03/14 17:03:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 13:01:09 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\Desktop\FSS.exe
[2012/04/07 00:05:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\Desktop\iylqe3ho.exe
[2012/04/06 23:54:30 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 23:39:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\defogger_reenable
[2012/04/06 15:18:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\Desktop\MBR.dat
[2012/04/06 13:35:33 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\Desktop\SecurityCheck.exe
[2012/04/01 14:07:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll
[2012/03/31 21:44:05 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/15 21:19:52 | 2632,159,388 | ---- | C] () -- C:\Documents and Settings\Cassie Wood\My Documents\Image.nrg
[2012/02/17 09:56:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/27 21:19:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 17:32:23 | 000,897,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/21 07:59:59 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/02/21 10:26:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/02/21 10:26:22 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/02/21 10:26:22 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/01/09 12:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 02:14:14 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 06:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 06:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/22 21:45:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 21:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/10/22 21:45:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/08 21:52:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/10/16 20:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\I386\ATAPI.SYS
[2002/08/29 04:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\ATAPI.SYS
[2002/08/29 04:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 02:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 06:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 19:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 19:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB59117$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

OTL Extras logfile created on: 4/7/2012 1:06:04 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Cassie Wood\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 417.96 Mb Available Physical Memory | 40.86% Memory free
1.28 Gb Paging File | 0.79 Gb Available in Paging File | 61.55% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.11 Gb Total Space | 1.38 Gb Free Space | 1.92% Space Free | Partition Type: NTFS

Computer Name: CASSIE | User Name: Cassie Wood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares Lite Edition\Ares.exe" = C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher
"C:\Program Files\Support.com\Bin\tgcmd.exe" = C:\Program Files\Support.com\Bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\TEMP\attrxa\setup.exe" = C:\WINDOWS\TEMP\attrxa\setup.exe:*:Enabled:setup -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0150ECF7-60CB-43C5-AB0A-877BB76ABA55}" = Wireless PCI_CardBus utility V1.01
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}" = Nero 8 Essentials
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68952AED-F3C8-83FE-928E-3336D8CFCC65}" = Picaboo X
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80380166-A872-4B78-B98A-33447A032BDF}" = ThinkCentre Wallpaper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E1D7C392-EAF5-405F-A31D-BBD3B56C0C6A}" = ImageMixer 3 SE for SD
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.6.0)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200214F1" = Conexant SoftK56 Data Fax
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"Lexmark 2200 Series" = Lexmark 2200 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"MP3 Wav Editor_is1" = MP3 Wav Editor 3.30
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"Photo Viewer" = Photo Viewer 2.4
"PROSet" = Intel® PRO Network Adapters and Drivers
"Security Task Manager" = Security Task Manager 1.8d
"SK_USBKeyboard" = IBM Rapid Access Keyboard (III, IIIe)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wills Kit05-1" = Wills Kit
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4046329808-4220089147-1157945925-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2012 5:19:53 AM | Computer Name = CASSIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/26/2012 5:19:54 AM | Computer Name = CASSIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/26/2012 5:19:54 AM | Computer Name = CASSIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/26/2012 5:19:54 AM | Computer Name = CASSIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/31/2012 9:53:45 PM | Computer Name = CASSIE | Source = Application Error | ID = 0
Description =

Error - 4/6/2012 11:47:45 PM | Computer Name = CASSIE | Source = McLogEvent | ID = 5004
Description =

Error - 4/6/2012 11:49:15 PM | Computer Name = CASSIE | Source = McLogEvent | ID = 5004
Description =

Error - 4/7/2012 12:14:58 AM | Computer Name = CASSIE | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
unknown, version 0.0.0.0, fault address 0x01820296.

Error - 4/7/2012 12:15:56 AM | Computer Name = CASSIE | Source = McLogEvent | ID = 5004
Description =

Error - 4/7/2012 12:15:56 AM | Computer Name = CASSIE | Source = McLogEvent | ID = 5022
Description =

[ System Events ]
Error - 4/7/2012 11:45:37 AM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 11:55:43 AM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:05:48 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:15:53 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:25:58 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:36:03 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:46:07 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 12:56:12 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 1:06:18 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 1:16:25 PM | Computer Name = CASSIE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 08 April 2012 - 03:10 AM

Hi Adam!

Not a problem! I'm glad to be of assistance!

We have some work to do.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\paamsrv.dll -- (W700bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifsfilter.dll -- (nvnforce)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonypvs1.dll -- (CoachAud)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvpr2mon.dll -- (ami0nt)
    IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
    O4 - HKLM..\Run: [StandardInstall] File not found
    O4 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006..\Run: [IBM RecordNow!] File not found
    O4 - HKU\S-1-5-21-4046329808-4220089147-1157945925-1006..\Run: [tgcmd] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = File not found
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\axcifda: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll ()
    O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b073ca6a-5c8c-11da-b9c0-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe
    O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b5eb83e1-865f-11db-b9ed-000d60d2766b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\{ed898720-2f95-11df-9ae8-001195d7b8e6}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    O33 - MountPoints2\{ed898721-2f95-11df-9ae8-001195d7b8e6}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    NetSvcs: nvnforce - %systemroot%\system32\tifsfilter.dll File not found
    NetSvcs: mail2ec - File not found
    NetSvcs: CoachAud - %systemroot%\system32\sonypvs1.dll File not found
    NetSvcs: ami0nt - %systemroot%\system32\lvpr2mon.dll File not found
    NetSvcs: W700bus - %systemroot%\system32\paamsrv.dll File not found
    NetSvcs: mcsysmon - File not found
    [2012/03/31 21:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D561CC03BE6BFF000122E2D151FC84
    [2012/04/06 23:49:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/04/01 14:07:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\axcifda.dll
    [2012/03/31 21:44:05 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    
    :Reg
    
    :Files
    dir /s /a "C:\WINDOWS\System32\save$$updater" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 April 2012 - 08:31 AM

Hi ST!

Hope you are having an excellent Easter week end.

So I ran OTL sucessfully.

I ran ComboFix and it crashed my computer. I reset my computer and it crashed again.

Now here is the problem. I rebooted my computer again and now my computer is now in a constant state of rebooting. It crashes as Windows loads. Selecting safe mode, last good configuration, etc. before booting Windows does not change the behaviour.

Help! :)

Talk to you soon.

Adam

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 08 April 2012 - 08:36 AM

Hi Adam!

I am having a nice Easter weekend, I hope you're doing the same as well! :)

Sorry to hear you experienced issues with ComboFix.

Can you please advise me on how far ComboFix was able to get with your computer? Was it able to complete it's scan?

Just trying to gather as much information as I can from you, so that I can advise you accordingly.

~ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 April 2012 - 09:05 AM

I sure am having a great Easter week end. Too much chocolate though! :)

I don't remember specifically how far it progressed, but this is how I think it progressed.

The first time I got the following messages (or something like this):

1. "You are infected with RootKit. Fixing this might take some time".
2. "Rootkit infection found. Trying to set new restore point".
3. "You are infected with RootKit. Fixing this might take some time".
4. "Rootkit infection found. Trying to set new restore point".

The second time I ran it all I got was the first message.

Does this make sense?

Adam

#8 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 April 2012 - 11:37 AM

So I've managed to capture the error that causes the Windows boot to fail.

It says something like, "A problem has been detected and Windows has been shut down to prevent damage to your computer"

The error code quoted is

STOP: 0x0000007B (0xF7BF854, 0xC0000034, 0x00000000, 0x00000000)

Maybe this helps...

Adam

#9 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 April 2012 - 01:35 PM

Of note, I attempted a chkdsk /r in windows recovery mode and the system still won't boot...but maybe you would already know that :)

I'm assuming we (or the malware / virus) have messed up the registry or corrupted a driver?

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 10 April 2012 - 01:22 AM

Hi Adam!

Apologizes for not responding back to you yesterday, I was a bit under the weather and spent the entire day in bed.

Does this make sense?

Yes, that did make sense! Thanks for that information!

I'm assuming we (or the malware / virus) have messed up the registry or corrupted a driver?

Yep, the malware is causing some havoc right now, which led to the issue of not being able to boot up properly.

Please try the following for getting back into Windows.

------

If you allowed ComboFix to install the Recovery Console before it proceeded scanning your computer, please complete the following instructions below:

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

Edited by SweetTech, 13 April 2012 - 12:12 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 12 April 2012 - 10:52 PM

Hello,

Sorry for the delayed response (I was out of town).

I performed the operations and the process said files were copied.

Unfortunately I still have the same outcome....Windows will not load up.

Is this good, bad, or ugly? :)

Any recommendations on how to proceed?

Thanks again!

Adam

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 13 April 2012 - 12:17 AM

Hi Adam!

No worries on the delay!

Sorry to hear you're still not able to boot up properly!

Is this good, bad, or ugly?

It's definitely not good, and it's not ugly, so I'd say it's in the middle between good and bad.

Any recommendations on how to proceed?

Yes, I do still have a couple of things to try, before we start worrying.

Do you by any chance have your Windows XP disc??

Lets try this:

If you allowed ComboFix to install the Recovery Console before it proceeded scanning your computer, please complete the following instructions below:

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\hiv-backup

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 13 April 2012 - 03:37 PM

Hi ST!

I ran those commands again and have the same outcome. 10 files are copied and then Windows still does not load.

I do have my Windows CD.

So, what shall we do next?

Adam

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:57 AM

Posted 14 April 2012 - 09:01 AM

Hi Adam!

I ran those commands again and have the same outcome. 10 files are copied and then Windows still does not load.

Okay, I was hoping it would get us booting back into Windows, but that doesn't seem to be the case.

I think the easiest thing for us to do is to perform a repair install, and then go from there.

See this link here: http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/page__view__findpost__p__489 for instructions on how to perform a repair install.

It should not remove any of your personal files, installed programs, etc. It should only repair the operating system.

After you do that, I'd like to have you check and see if a ComboFix.txt log is present in your C:\ drive, and if so, I'd like to have you post it for me to review.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 adamdkennedy

adamdkennedy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 14 April 2012 - 10:12 AM

So I seem to run into a problem...the XP CD I have doesn't seem to be a true installation CD (there is only a self extracting exe on it) that won't boot. Do you know of any other way to complete this process?

Adam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users