Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - IE working after TDSSkiller but not Firefox


  • This topic is locked This topic is locked
23 replies to this topic

#1 bcym

bcym

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 17 May 2012 - 02:20 PM

Hi

I had TDSS issue which I was able to resolve for Internet Explorer after executing TDSS killer.
But Firefox still seems to be having the issue which led me to think whether it was cured at all by running TDSS killer.

Here is the DDS log. Please let me know if you need to TDSSkiller log too.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3027.1262 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NHM Writer\NhmWriter.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Installation Diagnostics] "c:\program files\brother\brmfl05c\Brinstck.exe" /I MFC-8860DN LAN
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [NhmWriter] c:\program files\nhm writer\NhmWriter.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [Adobe] rundll32.exe "c:\users\bpalaniswamy.idl\appdata\local\apple computer\adobe\ukech.dll",DllRegisterServer
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
dRun: [Adobe] rundll32.exe "c:\users\bpalaniswamy.idl\appdata\local\apple computer\adobe\ukech.dll",DllRegisterServer
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: ivave.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ecfmg.webex.com/client/T27LB/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.9.1.1 64.62.206.164 64.62.206.164 10.9.1.1
TCP: Interfaces\{8EAFC2AB-33F7-4CD9-8410-503BAFBDECCA} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F} : DhcpNameServer = 10.9.1.1 64.62.206.164 64.62.206.164 10.9.1.1
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\16474777966696 : DhcpNameServer = 10.0.50.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\26F696E676F60286F6473707F647 : DhcpNameServer = 10.1.0.1 66.103.80.4 66.103.64.4
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\45F6E69775966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\64169627669656C646F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\645444751405 : DhcpNameServer = 192.168.122.1
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\645444751405D225543545F4E4 : DhcpNameServer = 192.168.20.14 192.168.20.10 64.62.206.164 172.16.4.10 172.16.4.30
TCP: Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bpalaniswamy.idl\appdata\roaming\mozilla\firefox\profiles\tq6rwfwa.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\bpalaniswamy.idl\appdata\roaming\move networks\plugins\npqmp071706000001.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-7-20 81920]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-3 2984832]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-7-20 260648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-20 29472]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-7-20 126976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-1-20 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 129976]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-20 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-7-20 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-7-20 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-17 1343400]
.
=============== Created Last 30 ================
.
2012-05-17 11:44:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-17 11:24:25 98816 ----a-w- c:\windows\sed.exe
2012-05-17 11:24:25 518144 ----a-w- c:\windows\SWREG.exe
2012-05-17 11:24:25 256000 ----a-w- c:\windows\PEV.exe
2012-05-17 11:24:25 208896 ----a-w- c:\windows\MBR.exe
2012-05-16 19:19:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-09 07:07:27 707354 ----a-w- c:\users\bpalaniswamy.idl\appdata\roaming\microsoft\addins\tm powerpoint timer\unins000.exe
2012-05-05 00:37:38 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 00:37:36 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-05 00:37:36 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-03 03:22:52 -------- d-----w- c:\program files\comcasttb
2012-05-03 03:22:15 -------- d-----w- c:\program files\xfinitytb
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 04:46:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43:16 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:29:05 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-17 07:20:17 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-06 16:52:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-03 05:40:21 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-23 00:39:18 1350232 ----a-w- c:\program files\TDSSKiller.exe
2011-01-21 08:40:05 296448 ----a-w- c:\program files\GMER.exe
.
============= FINISH: 14:42:37.09 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 17 May 2012 - 03:16 PM

Good evening. :)

Two things:

1) When you ran DDS it should have created a second log, Attach.txt, which i'd like to see the contents of. If you didn't save a copy you'll need to run DDS again.
2) When you ran TDSSKiller it should have created a log, which i'd also like to see. It will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.. Please check that you get the one with the right date and time as I want to see what the tool actually detected and removed.

So long, and thanks for all the fish.

 

 


#3 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 19 May 2012 - 10:34 PM

Here is the TDSS killer log. I have also enclosing attach.txt zip file.

15:17:37.0186 5872 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:17:37.0463 5872 ============================================================
15:17:37.0463 5872 Current date / time: 2012/05/16 15:17:37.0463
15:17:37.0463 5872 SystemInfo:
15:17:37.0463 5872
15:17:37.0463 5872 OS Version: 6.1.7600 ServicePack: 0.0
15:17:37.0463 5872 Product type: Workstation
15:17:37.0464 5872 ComputerName: IDL-LAT5400-01
15:17:37.0464 5872 UserName: *****
15:17:37.0464 5872 Windows directory: C:\Windows
15:17:37.0464 5872 System windows directory: C:\Windows
15:17:37.0464 5872 Processor architecture: Intel x86
15:17:37.0464 5872 Number of processors: 2
15:17:37.0464 5872 Page size: 0x1000
15:17:37.0464 5872 Boot type: Normal boot
15:17:37.0464 5872 ============================================================
15:17:38.0263 5872 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:17:38.0265 5872 ============================================================
15:17:38.0265 5872 \Device\Harddisk0\DR0:
15:17:38.0266 5872 MBR partitions:
15:17:38.0266 5872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x43000, BlocksNum 0x12C9000
15:17:38.0266 5872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x130C000, BlocksNum 0x1BEB9000
15:17:38.0266 5872 ============================================================
15:17:38.0307 5872 C: <-> \Device\Harddisk0\DR0\Partition1
15:17:38.0307 5872 ============================================================
15:17:38.0307 5872 Initialize success
15:17:38.0307 5872 ============================================================
15:17:51.0805 2604 ============================================================
15:17:51.0805 2604 Scan started
15:17:51.0805 2604 Mode: Manual;
15:17:51.0805 2604 ============================================================
15:17:52.0812 2604 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:17:52.0815 2604 !SASCORE - ok
15:17:52.0967 2604 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
15:17:52.0971 2604 1394ohci - ok
15:17:53.0034 2604 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:17:53.0053 2604 ACPI - ok
15:17:53.0103 2604 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
15:17:53.0107 2604 acpials - ok
15:17:53.0142 2604 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:17:53.0146 2604 AcpiPmi - ok
15:17:53.0290 2604 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:53.0292 2604 AdobeARMservice - ok
15:17:53.0341 2604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:17:53.0365 2604 adp94xx - ok
15:17:53.0409 2604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:17:53.0425 2604 adpahci - ok
15:17:53.0453 2604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:17:53.0457 2604 adpu320 - ok
15:17:53.0490 2604 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:17:53.0495 2604 AeLookupSvc - ok
15:17:53.0616 2604 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
15:17:53.0618 2604 AESTFilters - ok
15:17:53.0726 2604 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:17:53.0746 2604 AFD - ok
15:17:53.0777 2604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:17:53.0781 2604 agp440 - ok
15:17:53.0816 2604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:17:53.0820 2604 aic78xx - ok
15:17:53.0882 2604 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:17:53.0886 2604 ALG - ok
15:17:53.0926 2604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:17:53.0930 2604 aliide - ok
15:17:53.0964 2604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:17:53.0966 2604 amdagp - ok
15:17:53.0989 2604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:17:53.0992 2604 amdide - ok
15:17:54.0016 2604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:17:54.0020 2604 AmdK8 - ok
15:17:54.0040 2604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:17:54.0043 2604 AmdPPM - ok
15:17:54.0093 2604 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:17:54.0098 2604 amdsata - ok
15:17:54.0144 2604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:17:54.0150 2604 amdsbs - ok
15:17:54.0187 2604 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:17:54.0189 2604 amdxata - ok
15:17:54.0309 2604 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
15:17:54.0352 2604 AntiSpywareService - ok
15:17:54.0416 2604 ApfiltrService (22403504e15810e99a563782e9d45311) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:17:54.0420 2604 ApfiltrService - ok
15:17:54.0473 2604 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:17:54.0478 2604 AppID - ok
15:17:54.0505 2604 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:17:54.0507 2604 AppIDSvc - ok
15:17:54.0548 2604 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
15:17:54.0552 2604 Appinfo - ok
15:17:54.0731 2604 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:54.0735 2604 Apple Mobile Device - ok
15:17:54.0776 2604 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:17:54.0782 2604 AppMgmt - ok
15:17:54.0811 2604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:17:54.0813 2604 arc - ok
15:17:54.0854 2604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:17:54.0858 2604 arcsas - ok
15:17:54.0886 2604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:54.0888 2604 AsyncMac - ok
15:17:55.0961 2604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:17:55.0987 2604 atapi - ok
15:17:56.0139 2604 ATService (f6e8ccf14b84507497d3108518dbb4cc) C:\Program Files\Fingerprint Sensor\AtService.exe
15:17:56.0202 2604 ATService - ok
15:17:56.0331 2604 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:17:56.0354 2604 AudioEndpointBuilder - ok
15:17:56.0360 2604 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:17:56.0363 2604 Audiosrv - ok
15:17:56.0411 2604 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
15:17:56.0414 2604 AxInstSV - ok
15:17:56.0468 2604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:17:56.0483 2604 b06bdrv - ok
15:17:56.0526 2604 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:17:56.0528 2604 b57nd60x - ok
15:17:56.0558 2604 BCM42RLY (57a52ee74fd55c590f209925088cb68b) C:\Windows\system32\drivers\BCM42RLY.sys
15:17:56.0559 2604 BCM42RLY - ok
15:17:56.0791 2604 BCM43XX (edf86011d8a8366c476a9356cb9523b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:17:56.0814 2604 BCM43XX - ok
15:17:56.0942 2604 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:17:56.0946 2604 BDESVC - ok
15:17:56.0999 2604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:17:57.0001 2604 Beep - ok
15:17:57.0053 2604 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
15:17:57.0075 2604 BFE - ok
15:17:57.0133 2604 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
15:17:57.0156 2604 BITS - ok
15:17:57.0187 2604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:57.0190 2604 blbdrive - ok
15:17:57.0229 2604 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
15:17:57.0233 2604 Blfp - ok
15:17:57.0392 2604 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:17:57.0410 2604 Bonjour Service - ok
15:17:57.0460 2604 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:17:57.0462 2604 bowser - ok
15:17:57.0480 2604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:17:57.0482 2604 BrFiltLo - ok
15:17:57.0493 2604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:17:57.0494 2604 BrFiltUp - ok
15:17:57.0523 2604 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
15:17:57.0526 2604 Browser - ok
15:17:57.0551 2604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:17:57.0566 2604 Brserid - ok
15:17:57.0584 2604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:57.0586 2604 BrSerWdm - ok
15:17:57.0622 2604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:57.0625 2604 BrUsbMdm - ok
15:17:57.0645 2604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:57.0647 2604 BrUsbSer - ok
15:17:57.0716 2604 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:17:57.0717 2604 BthEnum - ok
15:17:57.0732 2604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:17:57.0735 2604 BTHMODEM - ok
15:17:57.0779 2604 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:17:57.0783 2604 BthPan - ok
15:17:57.0851 2604 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
15:17:57.0870 2604 BTHPORT - ok
15:17:57.0911 2604 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:17:57.0915 2604 bthserv - ok
15:17:57.0935 2604 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
15:17:57.0938 2604 BTHUSB - ok
15:17:57.0970 2604 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
15:17:57.0971 2604 btwaudio - ok
15:17:58.0026 2604 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
15:17:58.0028 2604 btwavdt - ok
15:17:58.0130 2604 btwdins (7caa4410c25026b9bee85f6c7f86b19b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:17:58.0169 2604 btwdins - ok
15:17:58.0198 2604 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:17:58.0199 2604 btwl2cap - ok
15:17:58.0210 2604 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
15:17:58.0210 2604 btwrchid - ok
15:17:58.0321 2604 buttonsvc32 (d9846a19208e76604e1074bb30228ac8) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
15:17:58.0340 2604 buttonsvc32 - ok
15:17:58.0524 2604 catchme - ok
15:17:58.0661 2604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:58.0665 2604 cdfs - ok
15:17:58.0701 2604 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:58.0705 2604 cdrom - ok
15:17:58.0748 2604 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:17:58.0751 2604 CertPropSvc - ok
15:17:58.0769 2604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:17:58.0773 2604 circlass - ok
15:17:58.0804 2604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:17:58.0808 2604 CLFS - ok
15:17:58.0890 2604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:58.0895 2604 clr_optimization_v2.0.50727_32 - ok
15:17:59.0003 2604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:59.0031 2604 clr_optimization_v4.0.30319_32 - ok
15:17:59.0072 2604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:17:59.0074 2604 CmBatt - ok
15:17:59.0091 2604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:17:59.0093 2604 cmdide - ok
15:17:59.0155 2604 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:17:59.0175 2604 CNG - ok
15:17:59.0188 2604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:17:59.0192 2604 Compbatt - ok
15:17:59.0224 2604 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:59.0226 2604 CompositeBus - ok
15:17:59.0242 2604 COMSysApp - ok
15:17:59.0272 2604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:17:59.0274 2604 crcdisk - ok
15:17:59.0319 2604 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
15:17:59.0325 2604 CryptSvc - ok
15:17:59.0379 2604 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:17:59.0397 2604 CSC - ok
15:17:59.0445 2604 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
15:17:59.0469 2604 CscService - ok
15:17:59.0561 2604 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:17:59.0563 2604 ctxusbm - ok
15:17:59.0611 2604 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
15:17:59.0633 2604 DcomLaunch - ok
15:17:59.0755 2604 dcpsysmgrsvc (55afbb8e560018221911e9ff9f5cf637) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
15:17:59.0776 2604 dcpsysmgrsvc - ok
15:17:59.0812 2604 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:17:59.0816 2604 defragsvc - ok
15:17:59.0850 2604 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:17:59.0854 2604 DfsC - ok
15:17:59.0904 2604 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
15:17:59.0924 2604 Dhcp - ok
15:17:59.0947 2604 discache (ff57c2423d6d8e606aa3e0c369c9a03a) C:\Windows\system32\drivers\discache.sys
15:17:59.0950 2604 discache - ok
15:17:59.0986 2604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:17:59.0990 2604 Disk - ok
15:18:00.0035 2604 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
15:18:00.0039 2604 Dnscache - ok
15:18:00.0086 2604 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
15:18:00.0101 2604 dot3svc - ok
15:18:00.0173 2604 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
15:18:00.0179 2604 Dot4 - ok
15:18:00.0216 2604 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:18:00.0218 2604 Dot4Print - ok
15:18:00.0231 2604 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
15:18:00.0235 2604 dot4usb - ok
15:18:00.0272 2604 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
15:18:00.0276 2604 DPS - ok
15:18:00.0303 2604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:18:00.0305 2604 drmkaud - ok
15:18:00.0390 2604 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:18:00.0401 2604 DXGKrnl - ok
15:18:00.0444 2604 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:18:00.0449 2604 EapHost - ok
15:18:00.0780 2604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:18:00.0862 2604 ebdrv - ok
15:18:00.0984 2604 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
15:18:00.0989 2604 EFS - ok
15:18:01.0081 2604 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
15:18:01.0126 2604 ehRecvr - ok
15:18:01.0151 2604 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:18:01.0155 2604 ehSched - ok
15:18:01.0217 2604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:18:01.0231 2604 elxstor - ok
15:18:01.0243 2604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:18:01.0245 2604 ErrDev - ok
15:18:01.0292 2604 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:18:01.0309 2604 EventSystem - ok
15:18:01.0341 2604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:18:01.0344 2604 exfat - ok
15:18:01.0371 2604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:18:01.0377 2604 fastfat - ok
15:18:01.0432 2604 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
15:18:01.0462 2604 Fax - ok
15:18:01.0497 2604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:18:01.0499 2604 fdc - ok
15:18:01.0521 2604 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:18:01.0524 2604 fdPHost - ok
15:18:01.0540 2604 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:18:01.0544 2604 FDResPub - ok
15:18:01.0555 2604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:18:01.0558 2604 FileInfo - ok
15:18:01.0567 2604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:18:01.0568 2604 Filetrace - ok
15:18:01.0740 2604 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
15:18:01.0764 2604 FlipShare Service - ok
15:18:01.0891 2604 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
15:18:01.0945 2604 FlipShareServer - ok
15:18:02.0070 2604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:02.0073 2604 flpydisk - ok
15:18:02.0115 2604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:18:02.0125 2604 FltMgr - ok
15:18:02.0227 2604 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
15:18:02.0277 2604 FontCache - ok
15:18:02.0348 2604 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:18:02.0352 2604 FontCache3.0.0.0 - ok
15:18:02.0377 2604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:18:02.0380 2604 FsDepends - ok
15:18:02.0422 2604 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
15:18:02.0425 2604 Fs_Rec - ok
15:18:02.0479 2604 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:18:02.0499 2604 fvevol - ok
15:18:02.0526 2604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:02.0528 2604 gagp30kx - ok
15:18:02.0591 2604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:18:02.0592 2604 GEARAspiWDM - ok
15:18:02.0653 2604 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
15:18:02.0673 2604 gpsvc - ok
15:18:02.0758 2604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:02.0763 2604 gupdate - ok
15:18:02.0802 2604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:02.0805 2604 gupdatem - ok
15:18:02.0873 2604 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:02.0877 2604 gusvc - ok
15:18:02.0905 2604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:18:02.0907 2604 hcw85cir - ok
15:18:02.0951 2604 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:02.0954 2604 HDAudBus - ok
15:18:02.0970 2604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:18:02.0973 2604 HidBatt - ok
15:18:02.0999 2604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:18:03.0002 2604 HidBth - ok
15:18:03.0023 2604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:18:03.0027 2604 HidIr - ok
15:18:03.0053 2604 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:18:03.0055 2604 hidserv - ok
15:18:03.0081 2604 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:18:03.0084 2604 HidUsb - ok
15:18:03.0109 2604 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
15:18:03.0112 2604 hkmsvc - ok
15:18:03.0131 2604 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
15:18:03.0136 2604 HomeGroupListener - ok
15:18:03.0167 2604 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
15:18:03.0174 2604 HomeGroupProvider - ok
15:18:03.0358 2604 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:18:03.0370 2604 hpqcxs08 - ok
15:18:03.0418 2604 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:18:03.0423 2604 hpqddsvc - ok
15:18:03.0445 2604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:18:03.0447 2604 HpSAMD - ok
15:18:03.0495 2604 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:18:03.0526 2604 HPSLPSVC - ok
15:18:03.0573 2604 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:18:03.0595 2604 HTTP - ok
15:18:03.0626 2604 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:18:03.0628 2604 hwpolicy - ok
15:18:03.0663 2604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:18:03.0667 2604 i8042prt - ok
15:18:03.0707 2604 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
15:18:03.0709 2604 iaStor - ok
15:18:03.0782 2604 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:18:03.0803 2604 iaStorV - ok
15:18:03.0942 2604 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:18:03.0978 2604 idsvc - ok
15:18:04.0343 2604 igfx (4ee7874572a515d112d2f35112f5ad41) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:18:04.0504 2604 igfx - ok
15:18:04.0658 2604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:18:04.0661 2604 iirsp - ok
15:18:04.0758 2604 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
15:18:04.0799 2604 IKEEXT - ok
15:18:04.0907 2604 IntcHdmiAddService (066beb2421e3f207a8d48ce6d92a6a13) C:\Windows\system32\drivers\IntcHdmi.sys
15:18:04.0911 2604 IntcHdmiAddService - ok
15:18:04.0947 2604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:18:04.0950 2604 intelide - ok
15:18:04.0972 2604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:18:04.0974 2604 intelppm - ok
15:18:05.0002 2604 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:18:05.0005 2604 IPBusEnum - ok
15:18:05.0024 2604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:05.0026 2604 IpFilterDriver - ok
15:18:05.0099 2604 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
15:18:05.0129 2604 iphlpsvc - ok
15:18:05.0157 2604 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:18:05.0159 2604 IPMIDRV - ok
15:18:05.0178 2604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:18:05.0182 2604 IPNAT - ok
15:18:05.0316 2604 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:18:05.0360 2604 iPod Service - ok
15:18:05.0395 2604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:18:05.0397 2604 IRENUM - ok
15:18:05.0432 2604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:18:05.0434 2604 isapnp - ok
15:18:05.0464 2604 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:18:05.0476 2604 iScsiPrt - ok
15:18:05.0578 2604 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
15:18:05.0597 2604 ITMRTSVC - ok
15:18:05.0618 2604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:05.0620 2604 kbdclass - ok
15:18:05.0656 2604 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:05.0659 2604 kbdhid - ok
15:18:05.0694 2604 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:18:05.0696 2604 KeyIso - ok
15:18:05.0716 2604 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:18:05.0719 2604 KSecDD - ok
15:18:05.0742 2604 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:18:05.0746 2604 KSecPkg - ok
15:18:05.0783 2604 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:18:05.0802 2604 KtmRm - ok
15:18:05.0875 2604 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
15:18:05.0888 2604 LanmanServer - ok
15:18:05.0923 2604 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
15:18:05.0929 2604 LanmanWorkstation - ok
15:18:07.0166 2604 LeapFrog Connect Device Service (5dba5d78fb9f7e57630b62678df100af) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
15:18:07.0287 2604 LeapFrog Connect Device Service - ok
15:18:07.0609 2604 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
15:18:07.0628 2604 Leapfrog-USBLAN - ok
15:18:07.0694 2604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:18:07.0699 2604 lltdio - ok
15:18:07.0744 2604 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:18:07.0748 2604 lltdsvc - ok
15:18:07.0772 2604 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:18:07.0775 2604 lmhosts - ok
15:18:07.0810 2604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:07.0813 2604 LSI_FC - ok
15:18:07.0841 2604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:07.0843 2604 LSI_SAS - ok
15:18:07.0861 2604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:07.0863 2604 LSI_SAS2 - ok
15:18:07.0886 2604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:07.0888 2604 LSI_SCSI - ok
15:18:07.0912 2604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:18:07.0917 2604 luafv - ok
15:18:08.0048 2604 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
15:18:08.0055 2604 Mcx2Svc - ok
15:18:08.0077 2604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:18:08.0081 2604 megasas - ok
15:18:08.0119 2604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:18:08.0136 2604 MegaSR - ok
15:18:08.0519 2604 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:18:08.0571 2604 Microsoft Office Groove Audit Service - ok
15:18:08.0670 2604 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:18:08.0689 2604 MMCSS - ok
15:18:08.0711 2604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:18:08.0713 2604 Modem - ok
15:18:08.0756 2604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:18:08.0757 2604 monitor - ok
15:18:08.0777 2604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:18:08.0777 2604 mouclass - ok
15:18:08.0807 2604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:18:08.0808 2604 mouhid - ok
15:18:08.0828 2604 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:18:08.0830 2604 mountmgr - ok
15:18:09.0065 2604 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:18:09.0087 2604 MozillaMaintenance - ok
15:18:09.0153 2604 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:18:09.0158 2604 mpio - ok
15:18:09.0186 2604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:18:09.0188 2604 mpsdrv - ok
15:18:09.0264 2604 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
15:18:09.0284 2604 MpsSvc - ok
15:18:09.0313 2604 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:18:09.0316 2604 MRxDAV - ok
15:18:09.0360 2604 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:09.0362 2604 mrxsmb - ok
15:18:09.0425 2604 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:09.0444 2604 mrxsmb10 - ok
15:18:09.0467 2604 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:09.0471 2604 mrxsmb20 - ok
15:18:09.0495 2604 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
15:18:09.0497 2604 msahci - ok
15:18:09.0519 2604 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:18:09.0522 2604 msdsm - ok
15:18:09.0859 2604 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:18:09.0891 2604 MSDTC - ok
15:18:09.0912 2604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:18:09.0914 2604 Msfs - ok
15:18:09.0941 2604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:18:09.0943 2604 mshidkmdf - ok
15:18:09.0953 2604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:18:09.0956 2604 msisadrv - ok
15:18:10.0008 2604 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:18:10.0015 2604 MSiSCSI - ok
15:18:10.0024 2604 msiserver - ok
15:18:10.0058 2604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:18:10.0060 2604 MSKSSRV - ok
15:18:10.0070 2604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:10.0072 2604 MSPCLOCK - ok
15:18:10.0089 2604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:18:10.0091 2604 MSPQM - ok
15:18:10.0115 2604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:18:10.0118 2604 MsRPC - ok
15:18:10.0140 2604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:10.0141 2604 mssmbios - ok
15:18:10.0159 2604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:18:10.0164 2604 MSTEE - ok
15:18:10.0180 2604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:18:10.0183 2604 MTConfig - ok
15:18:10.0207 2604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:18:10.0209 2604 Mup - ok
15:18:10.0261 2604 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
15:18:10.0274 2604 napagent - ok
15:18:10.0333 2604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:18:10.0353 2604 NativeWifiP - ok
15:18:10.0422 2604 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:18:10.0440 2604 NDIS - ok
15:18:10.0465 2604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:10.0469 2604 NdisCap - ok
15:18:10.0488 2604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:10.0490 2604 NdisTapi - ok
15:18:10.0502 2604 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:10.0504 2604 Ndisuio - ok
15:18:10.0523 2604 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:10.0526 2604 NdisWan - ok
15:18:10.0536 2604 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:18:10.0538 2604 NDProxy - ok
15:18:10.0592 2604 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
15:18:10.0597 2604 Net Driver HPZ12 - ok
15:18:10.0618 2604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:18:10.0622 2604 NetBIOS - ok
15:18:10.0657 2604 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:18:10.0675 2604 NetBT - ok
15:18:10.0734 2604 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:18:10.0738 2604 Netlogon - ok
15:18:10.0836 2604 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:18:10.0852 2604 Netman - ok
15:18:11.0001 2604 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:18:11.0034 2604 netprofm - ok
15:18:11.0253 2604 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:11.0270 2604 NetTcpPortSharing - ok
15:18:11.0304 2604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:18:11.0308 2604 nfrd960 - ok
15:18:11.0364 2604 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
15:18:11.0370 2604 NlaSvc - ok
15:18:11.0383 2604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:18:11.0385 2604 Npfs - ok
15:18:11.0402 2604 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:18:11.0405 2604 nsi - ok
15:18:11.0420 2604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:18:11.0422 2604 nsiproxy - ok
15:18:12.0594 2604 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:18:12.0741 2604 Ntfs - ok
15:18:12.0797 2604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:18:12.0800 2604 NuidFltr - ok
15:18:12.0828 2604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:18:12.0829 2604 Null - ok
15:18:12.0873 2604 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:18:12.0878 2604 nvraid - ok
15:18:12.0961 2604 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:18:12.0966 2604 nvstor - ok
15:18:12.0975 2604 NvtSp50 - ok
15:18:13.0021 2604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:18:13.0023 2604 nv_agp - ok
15:18:13.0776 2604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:18:13.0828 2604 odserv - ok
15:18:13.0871 2604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:18:13.0875 2604 ohci1394 - ok
15:18:13.0954 2604 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:13.0961 2604 ose - ok
15:18:14.0022 2604 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:18:14.0030 2604 p2pimsvc - ok
15:18:14.0068 2604 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:18:14.0081 2604 p2psvc - ok
15:18:14.0120 2604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:18:14.0123 2604 Parport - ok
15:18:14.0157 2604 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
15:18:14.0161 2604 partmgr - ok
15:18:14.0180 2604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:18:14.0183 2604 Parvdm - ok
15:18:14.0222 2604 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
15:18:14.0225 2604 PBADRV - ok
15:18:14.0300 2604 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:18:14.0320 2604 PcaSvc - ok
15:18:14.0344 2604 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:18:14.0349 2604 pci - ok
15:18:14.0377 2604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:18:14.0379 2604 pciide - ok
15:18:14.0412 2604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:18:14.0426 2604 pcmcia - ok
15:18:14.0450 2604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:18:14.0453 2604 pcw - ok
15:18:14.0490 2604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:18:14.0524 2604 PEAUTH - ok
15:18:14.0698 2604 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:18:14.0732 2604 PeerDistSvc - ok
15:18:15.0319 2604 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
15:18:15.0377 2604 pla - ok
15:18:15.0705 2604 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
15:18:15.0726 2604 PlugPlay - ok
15:18:15.0821 2604 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
15:18:15.0823 2604 Pml Driver HPZ12 - ok
15:18:15.0841 2604 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:18:15.0844 2604 PNRPAutoReg - ok
15:18:15.0873 2604 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:18:15.0876 2604 PNRPsvc - ok
15:18:15.0920 2604 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
15:18:15.0939 2604 PolicyAgent - ok
15:18:15.0973 2604 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
15:18:15.0978 2604 Power - ok
15:18:16.0054 2604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:18:16.0058 2604 PptpMiniport - ok
15:18:16.0077 2604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:18:16.0079 2604 Processor - ok
15:18:16.0115 2604 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
15:18:16.0131 2604 ProfSvc - ok
15:18:16.0183 2604 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:18:16.0187 2604 ProtectedStorage - ok
15:18:16.0225 2604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:18:16.0230 2604 Psched - ok
15:18:16.0292 2604 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
15:18:16.0296 2604 PxHelp20 - ok
15:18:17.0344 2604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:18:17.0400 2604 ql2300 - ok
15:18:18.0736 2604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:18:18.0757 2604 ql40xx - ok
15:18:18.0911 2604 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:18:18.0964 2604 QWAVE - ok
15:18:18.0983 2604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:18:18.0985 2604 QWAVEdrv - ok
15:18:19.0033 2604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:18:19.0034 2604 RasAcd - ok
15:18:19.0073 2604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:19.0076 2604 RasAgileVpn - ok
15:18:19.0106 2604 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:18:19.0110 2604 RasAuto - ok
15:18:19.0127 2604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:19.0129 2604 Rasl2tp - ok
15:18:19.0171 2604 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
15:18:19.0194 2604 RasMan - ok
15:18:19.0216 2604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:19.0225 2604 RasPppoe - ok
15:18:19.0257 2604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:18:19.0259 2604 RasSstp - ok
15:18:19.0290 2604 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:18:19.0327 2604 rdbss - ok
15:18:19.0343 2604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:18:19.0345 2604 rdpbus - ok
15:18:19.0364 2604 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:19.0367 2604 RDPCDD - ok
15:18:19.0404 2604 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:18:19.0409 2604 RDPDR - ok
15:18:19.0434 2604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:18:19.0436 2604 RDPENCDD - ok
15:18:19.0454 2604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:18:19.0455 2604 RDPREFMP - ok
15:18:19.0729 2604 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
15:18:19.0736 2604 RDPWD - ok
15:18:19.0953 2604 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:18:19.0959 2604 rdyboost - ok
15:18:20.0009 2604 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:18:20.0017 2604 RemoteAccess - ok
15:18:20.0079 2604 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:18:20.0083 2604 RemoteRegistry - ok
15:18:20.0136 2604 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:18:20.0140 2604 RFCOMM - ok
15:18:20.0179 2604 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:18:20.0183 2604 rimmptsk - ok
15:18:20.0249 2604 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
15:18:20.0252 2604 rimspci - ok
15:18:20.0276 2604 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:18:20.0278 2604 rimsptsk - ok
15:18:20.0290 2604 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
15:18:20.0292 2604 risdpcie - ok
15:18:20.0310 2604 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:18:20.0313 2604 rismxdp - ok
15:18:20.0331 2604 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
15:18:20.0333 2604 rixdpcie - ok
15:18:20.0362 2604 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:18:20.0376 2604 RpcEptMapper - ok
15:18:20.0398 2604 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:18:20.0401 2604 RpcLocator - ok
15:18:20.0433 2604 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
15:18:20.0437 2604 RpcSs - ok
15:18:20.0467 2604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:18:20.0469 2604 rspndr - ok
15:18:20.0502 2604 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:18:20.0505 2604 s3cap - ok
15:18:20.0541 2604 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:18:20.0542 2604 SamSs - ok
15:18:20.0698 2604 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:18:20.0700 2604 SASDIFSV - ok
15:18:20.0743 2604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:18:20.0744 2604 SASKUTIL - ok
15:18:20.0786 2604 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:18:20.0789 2604 sbp2port - ok
15:18:20.0812 2604 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:18:20.0817 2604 SCardSvr - ok
15:18:20.0832 2604 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:18:20.0834 2604 scfilter - ok
15:18:20.0902 2604 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
15:18:20.0934 2604 Schedule - ok
15:18:21.0013 2604 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:18:21.0015 2604 SCPolicySvc - ok
15:18:21.0059 2604 sdbus (882a3e55b88a15d4ad9c0b0c62e0bb8b) C:\Windows\system32\DRIVERS\sdbus.sys
15:18:21.0063 2604 sdbus - ok
15:18:21.0126 2604 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
15:18:21.0130 2604 SDRSVC - ok
15:18:21.0171 2604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:18:21.0172 2604 secdrv - ok
15:18:21.0187 2604 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:18:21.0191 2604 seclogon - ok
15:18:23.0226 2604 SecureStorageService (f6a6dbd275ec9ef7b573e48b3fd8d3df) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
15:18:23.0314 2604 SecureStorageService - ok
15:18:23.0351 2604 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:18:23.0358 2604 SENS - ok
15:18:23.0395 2604 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:18:23.0398 2604 SensrSvc - ok
15:18:23.0430 2604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:18:23.0432 2604 Serenum - ok
15:18:23.0454 2604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:18:23.0458 2604 Serial - ok
15:18:23.0493 2604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:18:23.0495 2604 sermouse - ok
15:18:23.0536 2604 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
15:18:23.0544 2604 SessionEnv - ok
15:18:23.0571 2604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:18:23.0573 2604 sffdisk - ok
15:18:23.0588 2604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:18:23.0590 2604 sffp_mmc - ok
15:18:23.0610 2604 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:18:23.0612 2604 sffp_sd - ok
15:18:23.0628 2604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:18:23.0633 2604 sfloppy - ok
15:18:23.0718 2604 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:18:23.0763 2604 SharedAccess - ok
15:18:24.0346 2604 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
15:18:24.0366 2604 ShellHWDetection - ok
15:18:24.0400 2604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:18:24.0402 2604 sisagp - ok
15:18:24.0431 2604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:24.0433 2604 SiSRaid2 - ok
15:18:24.0454 2604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:18:24.0456 2604 SiSRaid4 - ok
15:18:24.0563 2604 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:18:24.0568 2604 SkypeUpdate - ok
15:18:24.0600 2604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:18:24.0603 2604 Smb - ok
15:18:24.0848 2604 SMManager (8fea8f9939ba29e750310fc1f32ccf8f) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
15:18:24.0857 2604 SMManager - ok
15:18:24.0921 2604 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:18:24.0928 2604 SNMPTRAP - ok
15:18:24.0964 2604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:18:24.0966 2604 spldr - ok
15:18:25.0377 2604 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
15:18:25.0422 2604 Spooler - ok
15:18:26.0487 2604 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
15:18:26.0557 2604 sppsvc - ok
15:18:27.0827 2604 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
15:18:27.0857 2604 sppuinotify - ok
15:18:27.0962 2604 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
15:18:27.0963 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
15:18:27.0965 2604 sptd ( LockedFile.Multi.Generic ) - warning
15:18:27.0965 2604 sptd - detected LockedFile.Multi.Generic (1)
15:18:28.0010 2604 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:18:28.0026 2604 srv - ok
15:18:28.0097 2604 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:18:28.0106 2604 srv2 - ok
15:18:28.0131 2604 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:28.0134 2604 srvnet - ok
15:18:28.0159 2604 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:18:28.0164 2604 SSDPSRV - ok
15:18:28.0181 2604 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:18:28.0185 2604 SstpSvc - ok
15:18:28.0672 2604 STacSV (0a8fa56553913e87aa24a6ce218b88de) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
15:18:28.0675 2604 STacSV - ok
15:18:28.0697 2604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:18:28.0699 2604 stexstor - ok
15:18:28.0776 2604 STHDA (2b50cfed920d4cd973adbaaad3fe704f) C:\Windows\system32\DRIVERS\stwrt.sys
15:18:28.0808 2604 STHDA - ok
15:18:28.0861 2604 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
15:18:28.0864 2604 StillCam - ok
15:18:29.0268 2604 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
15:18:29.0284 2604 StiSvc - ok
15:18:29.0505 2604 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:18:29.0510 2604 stllssvr - ok
15:18:29.0545 2604 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:18:29.0549 2604 storflt - ok
15:18:29.0581 2604 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:18:29.0585 2604 StorSvc - ok
15:18:29.0605 2604 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:18:29.0607 2604 storvsc - ok
15:18:29.0631 2604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:18:29.0632 2604 swenum - ok
15:18:30.0240 2604 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:18:30.0256 2604 swprv - ok
15:18:31.0187 2604 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
15:18:31.0249 2604 SysMain - ok
15:18:31.0286 2604 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
15:18:31.0290 2604 TabletInputService - ok
15:18:31.0312 2604 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
15:18:31.0318 2604 TapiSrv - ok
15:18:31.0336 2604 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:18:31.0339 2604 TBS - ok
15:18:31.0719 2604 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
15:18:31.0795 2604 Tcpip - ok
15:18:31.0825 2604 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:31.0833 2604 TCPIP6 - ok
15:18:31.0865 2604 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:18:31.0868 2604 tcpipreg - ok
15:18:32.0643 2604 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
15:18:32.0677 2604 tcsd_win32.exe - ok
15:18:33.0706 2604 TdmService (55ff1b851d685c928807dfa84529be9f) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
15:18:33.0792 2604 TdmService - ok
15:18:35.0155 2604 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:18:35.0156 2604 TDPIPE - ok
15:18:35.0202 2604 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
15:18:35.0205 2604 TDTCP - ok
15:18:35.0225 2604 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:18:35.0229 2604 tdx - ok
15:18:37.0303 2604 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:18:37.0320 2604 TeamViewer7 - ok
15:18:39.0005 2604 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:18:39.0006 2604 TermDD - ok
15:18:39.0287 2604 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
15:18:39.0310 2604 TermService - ok
15:18:39.0390 2604 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:18:39.0400 2604 Themes - ok
15:18:39.0429 2604 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:18:39.0431 2604 THREADORDER - ok
15:18:39.0524 2604 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:18:39.0538 2604 TrkWks - ok
15:18:39.0736 2604 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
15:18:39.0745 2604 TrustedInstaller - ok
15:18:39.0821 2604 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:39.0826 2604 tssecsrv - ok
15:18:39.0856 2604 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:18:39.0859 2604 tunnel - ok
15:18:39.0877 2604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:18:39.0879 2604 uagp35 - ok
15:18:39.0919 2604 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
15:18:39.0934 2604 udfs - ok
15:18:39.0969 2604 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:18:39.0973 2604 UI0Detect - ok
15:18:40.0008 2604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:18:40.0018 2604 uliagpkx - ok
15:18:40.0041 2604 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:18:40.0045 2604 umbus - ok
15:18:40.0067 2604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:18:40.0069 2604 UmPass - ok
15:18:40.0130 2604 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
15:18:40.0140 2604 UmRdpService - ok
15:18:40.0189 2604 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:18:40.0210 2604 upnphost - ok
15:18:40.0259 2604 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
15:18:40.0263 2604 USBAAPL - ok
15:18:40.0305 2604 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:40.0308 2604 usbccgp - ok
15:18:40.0443 2604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:18:40.0453 2604 usbcir - ok
15:18:40.0479 2604 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
15:18:40.0482 2604 usbehci - ok
15:18:40.0541 2604 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
15:18:40.0545 2604 usbhub - ok
15:18:40.0563 2604 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
15:18:40.0566 2604 usbohci - ok
15:18:40.0604 2604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:18:40.0607 2604 usbprint - ok
15:18:40.0661 2604 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:18:40.0665 2604 usbscan - ok
15:18:40.0706 2604 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:40.0709 2604 USBSTOR - ok
15:18:40.0761 2604 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:18:40.0764 2604 usbuhci - ok
15:18:40.0784 2604 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:18:40.0789 2604 UxSms - ok
15:18:40.0825 2604 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
15:18:40.0827 2604 VaultSvc - ok
15:18:40.0864 2604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:18:40.0868 2604 vdrvroot - ok
15:18:40.0903 2604 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
15:18:40.0924 2604 vds - ok
15:18:40.0953 2604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:40.0955 2604 vga - ok
15:18:40.0968 2604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:18:40.0969 2604 VgaSave - ok
15:18:40.0999 2604 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:18:41.0005 2604 vhdmp - ok
15:18:41.0047 2604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:18:41.0049 2604 viaagp - ok
15:18:41.0059 2604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:18:41.0060 2604 ViaC7 - ok
15:18:41.0089 2604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:18:41.0093 2604 viaide - ok
15:18:41.0129 2604 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:18:41.0134 2604 vmbus - ok
15:18:41.0159 2604 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:18:41.0161 2604 VMBusHID - ok
15:18:41.0184 2604 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:18:41.0188 2604 volmgr - ok
15:18:41.0225 2604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:18:41.0245 2604 volmgrx - ok
15:18:41.0282 2604 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:18:41.0286 2604 volsnap - ok
15:18:41.0304 2604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:18:41.0308 2604 vsmraid - ok
15:18:41.0514 2604 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
15:18:41.0549 2604 VSS - ok
15:18:41.0571 2604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:18:41.0573 2604 vwifibus - ok
15:18:41.0595 2604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:18:41.0597 2604 vwififlt - ok
15:18:41.0628 2604 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:18:41.0629 2604 vwifimp - ok
15:18:41.0660 2604 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:18:41.0676 2604 W32Time - ok
15:18:41.0709 2604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:18:41.0711 2604 WacomPen - ok
15:18:41.0745 2604 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:41.0747 2604 WANARP - ok
15:18:41.0755 2604 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:41.0761 2604 Wanarpv6 - ok
15:18:43.0296 2604 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:18:43.0330 2604 WatAdminSvc - ok
15:18:43.0511 2604 WavxDMgr (52abd9e0e6f37eaae78097d9e2772208) C:\Windows\system32\DRIVERS\WavxDMgr.sys
15:18:43.0512 2604 WavxDMgr - ok
15:18:44.0295 2604 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
15:18:44.0349 2604 wbengine - ok
15:18:44.0565 2604 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:18:44.0583 2604 WbioSrvc - ok
15:18:44.0651 2604 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
15:18:44.0674 2604 wcncsvc - ok
15:18:44.0711 2604 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:18:44.0720 2604 WcsPlugInService - ok
15:18:44.0793 2604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:18:44.0795 2604 Wd - ok
15:18:44.0828 2604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:18:44.0851 2604 Wdf01000 - ok
15:18:44.0874 2604 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:18:44.0883 2604 WdiServiceHost - ok
15:18:44.0891 2604 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:18:44.0898 2604 WdiSystemHost - ok
15:18:44.0947 2604 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
15:18:44.0972 2604 WebClient - ok
15:18:45.0194 2604 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:18:45.0207 2604 Wecsvc - ok
15:18:45.0242 2604 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:18:45.0252 2604 wercplsupport - ok
15:18:45.0285 2604 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:18:45.0289 2604 WerSvc - ok
15:18:45.0306 2604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:45.0308 2604 WfpLwf - ok
15:18:45.0333 2604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:18:45.0335 2604 WIMMount - ok
15:18:46.0055 2604 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:18:46.0086 2604 WinDefend - ok
15:18:46.0098 2604 WinHttpAutoProxySvc - ok
15:18:46.0455 2604 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:18:46.0475 2604 Winmgmt - ok
15:18:46.0807 2604 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
15:18:46.0864 2604 WinRM - ok
15:18:46.0968 2604 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
15:18:46.0971 2604 WinUsb - ok
15:18:47.0093 2604 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:18:47.0147 2604 Wlansvc - ok
15:18:47.0244 2604 wltrysvc (505372073eae4b6db42ee2cd16957c74) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
15:18:47.0246 2604 wltrysvc - ok
15:18:47.0284 2604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:18:47.0285 2604 WmiAcpi - ok
15:18:47.0530 2604 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:18:47.0552 2604 wmiApSrv - ok
15:18:47.0634 2604 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:18:47.0674 2604 WMPNetworkSvc - ok
15:18:47.0694 2604 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:18:47.0698 2604 WPCSvc - ok
15:18:47.0715 2604 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
15:18:47.0720 2604 WPDBusEnum - ok
15:18:47.0775 2604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:18:47.0777 2604 ws2ifsl - ok
15:18:47.0814 2604 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
15:18:47.0817 2604 wscsvc - ok
15:18:47.0820 2604 WSearch - ok
15:18:49.0268 2604 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
15:18:49.0338 2604 wuauserv - ok
15:18:49.0728 2604 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
15:18:49.0732 2604 WudfPf - ok
15:18:49.0772 2604 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:49.0775 2604 WUDFRd - ok
15:18:49.0813 2604 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
15:18:49.0828 2604 wudfsvc - ok
15:18:49.0867 2604 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:18:49.0872 2604 WwanSvc - ok
15:18:49.0936 2604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:18:52.0345 2604 \Device\Harddisk0\DR0 - ok
15:18:52.0359 2604 Boot (0x1200) (9291f5ec22b525b4461e8cdaafc8d617) \Device\Harddisk0\DR0\Partition0
15:18:52.0362 2604 \Device\Harddisk0\DR0\Partition0 - ok
15:18:52.0376 2604 Boot (0x1200) (dfb32177c0e5306e0697763d4c462af5) \Device\Harddisk0\DR0\Partition1
15:18:52.0391 2604 \Device\Harddisk0\DR0\Partition1 - ok
15:18:52.0392 2604 ============================================================
15:18:52.0392 2604 Scan finished
15:18:52.0392 2604 ============================================================
15:18:52.0419 3284 Detected object count: 1
15:18:52.0419 3284 Actual detected object count: 1
15:19:32.0799 3284 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
15:19:32.0801 3284 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
15:19:32.0883 3284 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
15:19:33.0090 3284 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
15:19:33.0090 3284 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
15:19:35.0438 3352 Deinitialize success

Attached Files


Edited by bcym, 19 May 2012 - 10:38 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 20 May 2012 - 01:48 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • When prompted "Would you like to download latest Avast! virus definitions?" click Yes - you may need to allow access through your firewall.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully" click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#5 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 21 May 2012 - 09:23 AM

thanks for your reply.

Here are the ones you asked for.

Eset output
C:\Users\******\Downloads\FinalTorrent2010Setup.exe a variant of Win32/InstallIQ application


aswMBR
swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 08:48:16
-----------------------------
08:48:16.557 OS Version: Windows 6.1.7600
08:48:16.557 Number of processors: 2 586 0x170A
08:48:16.558 ComputerName: **** UserName: ***
08:49:13.435 Initialize success
08:49:22.889 AVAST engine defs: 12052001
08:49:26.572 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:26.575 Disk 0 Vendor: Size: 0MB BusType: 0
08:49:26.587 Disk 0 MBR read successfully
08:49:26.591 Disk 0 MBR scan
08:49:26.624 Disk 0 Windows 7 default MBR code
08:49:26.628 Disk 0 MBR hidden
08:49:26.633 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
08:49:26.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9618 MB offset 274432
08:49:26.694 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228722 MB offset 19972096
08:49:26.784 Disk 0 scanning C:\Windows\system32\drivers
08:49:31.575 File: C:\Windows\system32\drivers\discache.sys **INFECTED** Win32:Alureon-FZ
08:49:46.594 Disk 0 trace - called modules:
08:49:46.618 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll intelppm.sys
08:49:46.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f6e880]
08:49:46.634 3 CLASSPNP.SYS[8bccc59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x864f3028]
08:49:47.840 AVAST engine scan C:\Windows
08:49:54.520 AVAST engine scan C:\Windows\system32
08:56:22.155 AVAST engine scan C:\Windows\system32\drivers
08:56:26.757 File: C:\Windows\system32\drivers\discache.sys **INFECTED** Win32:Alureon-FZ
08:56:53.403 AVAST engine scan C:\Users\****
10:03:55.408 AVAST engine scan C:\ProgramData
10:10:23.454 Scan finished successfully
10:13:37.132 Disk 0 MBR has been saved successfully to "C:\Users\********\Desktop\MBR.dat"
10:13:37.157 The log file has been saved successfully to "C:\Users\********\Desktop\aswMBR.txt"

Please let me know what to do now.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 21 May 2012 - 02:28 PM

Good evening. :)

Run aswMBR.exe again.

  • Click the Scan button as before.
  • Once the scan has completed, and let it complete first, either the Fix button or the FixMBR button should be active - click the one that isn't greyed out.
  • Once complete, click Save log as before, save it to your desktop and post in your next reply.

EDIT: Reboot the PC and tell me if the redirects still occur.

Edited by Noviciate, 21 May 2012 - 02:28 PM.

So long, and thanks for all the fish.

 

 


#7 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 22 May 2012 - 07:23 PM

I had a bluescreen when fixMBR was done. After the restart, I ran MBR once again and did not see the infection. But went ahead fixMBR once again. I still get the redirect in Firefox intermittently. Usually when I search for a new item and click the results. (Redirect does not seem to happen if I do the same search during the same session). IE

Here is the mswMBR log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 09:52:08
-----------------------------
09:52:08.077 OS Version: Windows 6.1.7600
09:52:08.077 Number of processors: 2 586 0x170A
09:52:08.078 ComputerName: ***
09:52:10.014 Initialize success
09:52:16.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:52:16.238 Disk 0 Vendor: Size: 0MB BusType: 0
09:52:16.265 Disk 0 MBR read successfully
09:52:16.269 Disk 0 MBR scan
09:52:16.273 Disk 0 Windows 7 default MBR code
09:52:16.277 Disk 0 MBR hidden
09:52:16.282 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
09:52:16.302 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9618 MB offset 274432
09:52:16.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228722 MB offset 19972096
09:52:16.346 Disk 0 scanning C:\Windows\system32\drivers
09:52:28.397 Service scanning
09:53:05.094 Modules scanning
09:53:32.907 Disk 0 trace - called modules:
09:53:32.939 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:53:32.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f6d390]
09:53:33.266 3 CLASSPNP.SYS[8bccd59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x864f0028]
09:53:33.266 Scan finished successfully
12:12:18.754 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:12:18.754 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR2.txt"

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 23 May 2012 - 02:29 PM

Good evening. :)

Do you have a flashdrive of at least 128 Mb that you can play around with - you'll need it to create a log using a new tool.

So long, and thanks for all the fish.

 

 


#9 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 24 May 2012 - 07:21 AM

Morning

Yes, I do have a flashdrive with enough memory.
Please let me know what to tool to run.

Thanks for the contunued support.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 24 May 2012 - 03:12 PM

Good evening. :)

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#11 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 May 2012 - 01:51 PM

Please find below the FRST log.

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 29-05-2012 14:13:14
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [278528 2010-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-05] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2010-04-22] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [175640 2010-04-22] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [166936 2010-04-22] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2010-07-20] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [1845248 2009-12-22] (Smith Micro Software, Inc.)
HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [331 2012-05-29] ()
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [622592 2006-12-18] (Brother Industries, Ltd.)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [193880 2010-11-08] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-03-06] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s [395528 2011-07-05] (StrikeForce Technologies Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [519632 2011-03-23] (Cisco Systems, Inc.)
HKLM\...\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe [487680 2010-10-26] (Cisco Systems, Inc.)
HKU\Administrator\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Administrator\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\bpalaniswamy.IDL\...\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" [39816 2012-03-12] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\*****\...\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl05c\Brinstck.exe" /I MFC-8860DN LAN [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\*****\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-04-04] (SUPERAntiSpyware.com)
HKU\*****\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\*****\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\*****\...\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [1589208 2009-08-19] ()
HKU\*****\...\Policies\system: [HideLogonScripts] 0
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.9.1.1 64.62.206.164 64.62.206.164 10.9.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Privoxy.lnk
ShortcutTarget: Privoxy.lnk -> C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [81920 2010-04-05] (Andrea Electronics Corporation)
2 AntiSpywareService; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)
2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.)
4 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()
4 FlipShareServer; "C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()
2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [65648 2012-05-18] (White Sky, Inc.)
2 ITMRTSVC; "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe" [283912 2007-09-26] (CA, Inc.)
4 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [4916568 2010-11-08] (LeapFrog Enterprises, Inc.)
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-05-04] (Mozilla Foundation)
2 N360; "C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NACAgent; "C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe" [1050880 2010-10-26] (Cisco Systems, Inc.)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 SMManager; "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" [77312 2009-12-22] (Smith Micro Software, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [229458 2010-04-05] (IDT, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.)
2 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2984832 2011-12-14] (TeamViewer GmbH)
2 vpnagent; "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [435152 2011-03-23] (Cisco Systems, Inc.)
2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [4038656 2010-07-20] (Dell Inc.)
2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x]

========================== Drivers (Whitelisted) =============

3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [77968 2011-03-23] (Cisco Systems, Inc.)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [251440 2010-03-10] (Alps Electric Co., Ltd.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-07-20] (Broadcom Corporation)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys [821880 2012-05-07] (Symantec Corporation)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [65584 2009-09-08] (Citrix Systems, Inc.)
1 discache; C:\Windows\System32\drivers\discache.sys [32256 2011-01-23] ()
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-05-15] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-05-15] (Symantec Corporation)
1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [25232 2011-07-05] (StrikeForce Technologies, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120528.001\IDSvix86.sys [368248 2012-05-17] (Symantec Corporation)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [126976 2009-12-14] (Intel® Corporation)
3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [33792 2010-01-20] (Belcarra Technologies)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120528.024\NAVENG.SYS [87928 2012-05-15] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120528.024\NAVEX15.SYS [1589752 2012-05-15] (Symantec Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
3 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [47104 2009-07-02] (REDC)
3 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
3 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\Drivers\N360\0502010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360\0502010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0502010.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0502010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2012-05-18] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360\0502010.003\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [19680 2011-03-23] (Cisco Systems, Inc.)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
3 catchme; \??\C:\Users\BPALAN~1.IDL\AppData\Local\Temp\catchme.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-29 06:41 - 2012-05-29 06:41 - 0739139 ____A C:\Users\*****\Desktop\From latent disseminated cells to overt metastasis Genetic analysis of systemic breast cancer progression.mht
2012-05-28 16:45 - 2012-05-28 16:45 - 0007618 ____A C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2012-05-28 16:42 - 2012-05-28 16:42 - 0000000 ____D C:\Windows\pss
2012-05-28 06:03 - 2012-05-28 06:03 - 0178416 ____A C:\Users\*****\Desktop\What's new on circulating tumor cells A meeting report.htm
2012-05-28 06:03 - 2012-05-28 06:03 - 0000000 ____D C:\Users\*****\Desktop\What's new on circulating tumor cells A meeting report_files
2012-05-28 05:54 - 2012-05-28 05:54 - 1430850 ____A C:\Users\*****\Desktop\systemic early spread of breast cancer.pdf
2012-05-28 05:01 - 2012-05-28 05:19 - 0972570 ____A C:\Users\*****\Desktop\KLEIN INFLAMMATION AND CANCER.pdf
2012-05-27 05:52 - 2012-05-29 07:28 - 0644792 ____A C:\Users\*****\Desktop\Presentation1-ctcs.pptx
2012-05-27 05:04 - 2012-05-27 05:04 - 0561230 ____A C:\Users\*****\Desktop\Role of organ selectivity in the determination of___ [Cancer Res_ 1980] - PubMed - NCBI.mht
2012-05-26 18:44 - 2012-05-26 18:44 - 0161630 ____A C:\Users\*****\Desktop\breast cancer stem cellsd.htm
2012-05-26 18:44 - 2012-05-26 18:44 - 0000000 ____D C:\Users\*****\Desktop\breast cancer stem cellsd_files
2012-05-26 18:34 - 2012-05-26 18:34 - 0126129 ____A C:\Users\*****\Desktop\stem cells resistant to therapy.htm
2012-05-26 18:34 - 2012-05-26 18:34 - 0000000 ____D C:\Users\*****\Desktop\stem cells resistant to therapy_files
2012-05-26 18:33 - 2012-05-26 18:33 - 0228927 ____A C:\Users\*****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value.htm
2012-05-26 18:33 - 2012-05-26 18:33 - 0000000 ____D C:\Users\*****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value_files
2012-05-26 18:22 - 2012-05-26 18:22 - 0084190 ____A C:\Users\*****\Desktop\breast cancer stem cells.htm
2012-05-26 18:22 - 2012-05-26 18:22 - 0000000 ____D C:\Users\*****\Desktop\breast cancer stem cells_files
2012-05-26 18:09 - 2012-05-26 18:09 - 1345343 ____A C:\Users\*****\Desktop\emt and breast cancer.pdf
2012-05-26 18:04 - 2012-05-26 18:04 - 0279862 ____A C:\Users\*****\Desktop\emt and stem cell markers.pdf
2012-05-26 17:38 - 2012-05-26 17:38 - 0012198 ____A C:\Users\*****\Desktop\do all roads lead to rome.htm
2012-05-26 17:38 - 2012-05-26 17:38 - 0000000 ____D C:\Users\*****\Desktop\do all roads lead to rome_files
2012-05-26 17:27 - 2012-05-26 17:27 - 0811154 ____A C:\Users\*****\Desktop\plantel clinical relevance of dtcs.pdf
2012-05-26 15:45 - 2012-05-26 15:45 - 2837492 ____A C:\Users\*****\Desktop\fidler2003.pdf
2012-05-26 15:31 - 2012-05-26 15:31 - 0364499 ____A C:\Users\*****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor.htm
2012-05-26 15:31 - 2012-05-26 15:31 - 0000000 ____D C:\Users\*****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor_files
2012-05-26 15:16 - 2012-05-26 15:16 - 0836002 ____A C:\Users\*****\Desktop\Mack_GS_-_Lost_in_Migration_-_final_PDF.66105316.pdf
2012-05-26 14:56 - 2012-05-26 14:56 - 0669718 ____A C:\Users\*****\Desktop\Preparing the “Soil” The Premetastatic Niche.mht
2012-05-26 14:51 - 2012-05-26 14:51 - 0248480 ____A C:\Users\*****\Desktop\bone-marrow-cells-pre-metastatic-niche-kaplan.pdf
2012-05-26 09:02 - 2012-05-26 09:02 - 0000000 ____D C:\Users\*****\AppData\Local\Mendeley Ltd
2012-05-26 09:01 - 2012-05-26 09:01 - 0001103 ____A C:\Users\Public\Desktop\Mendeley Desktop.lnk
2012-05-26 09:01 - 2012-05-26 09:01 - 0000000 ____D C:\Program Files\Mendeley Desktop
2012-05-23 20:22 - 2012-05-23 20:22 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2012-05-23 20:07 - 2012-05-23 20:07 - 0002085 ____A C:\Users\Public\Desktop\Cisco NAC Agent.lnk
2012-05-23 20:06 - 2012-05-23 20:06 - 0000000 ____D C:\Program Files\Common Files\Cisco
2012-05-23 20:01 - 2012-05-23 20:01 - 5159936 ____A C:\Users\*****\Desktop\nacagentsetup-win-4.8.0.35.msi
2012-05-23 14:04 - 2011-06-07 11:46 - 0001076 ____A C:\Users\Public\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2012-05-23 14:03 - 2012-05-23 20:07 - 0000000 ____D C:\Users\All Users\Cisco
2012-05-23 14:03 - 2012-05-23 20:06 - 0000000 ____D C:\Program Files\Cisco
2012-05-23 14:03 - 2012-05-23 14:03 - 0000000 ____D C:\Users\*****\AppData\Local\Cisco
2012-05-23 14:02 - 2012-05-23 14:02 - 3864534 ____A C:\Users\*****\Desktop\Cisco_AnyConnect_3.0.1047.EXE
2012-05-23 11:45 - 2012-05-23 13:02 - 58582314 ____A C:\Users\*****\Documents\2012-05-23 15.45 CMMi Presentation by DQS.wmv
2012-05-23 11:03 - 2012-05-23 11:03 - 0000000 ____D C:\Program Files\Common Files\Java
2012-05-23 11:02 - 2012-05-23 11:02 - 0060304 ____A C:\Users\*****\g2mdlhlpx.exe
2012-05-23 11:02 - 2012-05-23 11:02 - 0000000 ____D C:\Program Files\Oracle
2012-05-23 11:01 - 2012-04-04 14:47 - 0772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-23 11:01 - 2012-04-04 14:47 - 0227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-23 11:00 - 2012-05-23 11:00 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-23 10:56 - 2012-05-23 10:56 - 0892360 ____A (Oracle Corporation) C:\Users\*****\Downloads\chromeinstall-7u4.exe
2012-05-22 08:27 - 2012-05-22 08:27 - 0001694 ____A C:\Users\*****\Desktop\aswMBR3.txt
2012-05-22 08:12 - 2012-05-22 08:12 - 0001608 ____A C:\Users\*****\Desktop\aswMBR2.txt
2012-05-22 05:49 - 2012-05-22 05:49 - 0147080 ____A C:\Windows\Minidump\052212-49031-01.dmp
2012-05-21 12:34 - 2009-07-13 18:17 - 0032256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.clean
2012-05-21 06:13 - 2012-05-22 08:27 - 0000512 ____A C:\Users\*****\Desktop\MBR.dat
2012-05-21 06:13 - 2012-05-21 06:18 - 0002015 ____A C:\Users\*****\Desktop\aswMBR.txt
2012-05-20 22:09 - 2012-05-20 22:09 - 4731392 ____A (AVAST Software) C:\Users\*****\Desktop\aswMBR.exe
2012-05-20 22:08 - 2012-05-20 22:08 - 0000094 ____A C:\Users\*****\Desktop\eset.txt
2012-05-20 18:43 - 2012-05-20 18:43 - 0000000 ____D C:\Program Files\ESET
2012-05-19 19:30 - 2012-05-19 19:30 - 0014759 ____A C:\Users\*****\Desktop\Attach.txt
2012-05-19 19:30 - 2012-05-19 19:30 - 0004971 ____A C:\Users\*****\Desktop\Attach.zip
2012-05-19 05:47 - 2012-05-19 05:47 - 0079936 ____A C:\Users\*****\Desktop\ctcs.docx
2012-05-17 19:55 - 2012-05-20 20:02 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-05-17 19:55 - 2012-05-20 20:01 - 0002434 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-05-17 19:55 - 2012-05-18 02:59 - 0000000 ____D C:\Program Files\Symantec
2012-05-17 19:55 - 2012-05-18 02:58 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-05-17 19:55 - 2012-05-18 02:58 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-05-17 19:55 - 2012-05-18 02:58 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-05-17 19:55 - 2012-05-17 20:00 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-17 19:55 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\NortonInstaller
2012-05-17 19:55 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\Norton Security Suite
2012-05-17 19:55 - 2010-08-20 20:59 - 0026600 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-05-17 19:48 - 2012-05-17 19:48 - 0001372 ____A C:\Users\*****\Desktop\Norton Installation Files.lnk
2012-05-17 19:41 - 2012-05-24 04:16 - 0000000 ____D C:\Users\*****\AppData\Local\ID Vault
2012-05-17 19:41 - 2012-05-17 19:41 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2012-05-17 19:40 - 2012-05-17 19:46 - 0000000 ____D C:\Users\*****\AppData\Roaming\ID Vault
2012-05-17 19:39 - 2012-05-22 05:53 - 0002182 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-05-17 19:39 - 2012-05-22 05:53 - 0000000 ____D C:\Program Files\Constant Guard Protection Suite
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Users\All Users\GID
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Program Files\SFT
2012-05-17 19:39 - 2011-07-05 06:24 - 0025232 ____N (StrikeForce Technologies, Inc.) C:\Windows\System32\Drivers\gidv2.sys
2012-05-17 10:41 - 2012-05-17 10:41 - 0607260 ____R (Swearware) C:\Users\*****\Desktop\dds.scr
2012-05-17 03:46 - 2012-05-17 03:46 - 0027496 ____A C:\ComboFix.txt
2012-05-17 03:44 - 2012-05-17 03:44 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 03:24 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-17 03:24 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-17 03:24 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-17 03:24 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-17 03:24 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-17 03:24 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-17 03:24 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-17 03:24 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-17 03:23 - 2012-05-17 03:46 - 0000000 ____D C:\Qoobox
2012-05-17 03:22 - 2012-05-17 03:22 - 4495594 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2012-05-17 03:20 - 2012-05-17 03:21 - 0137476 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_07.20.37_log.txt
2012-05-17 03:20 - 2012-05-17 03:20 - 2107843 ____A C:\Users\*****\Desktop\tdsskiller.zip
2012-05-17 03:20 - 2012-05-17 03:20 - 0000000 ____D C:\Users\*****\Desktop\tdsskiller
2012-05-16 18:06 - 2012-05-16 18:06 - 0000000 ____D C:\Users\*****\Documents\ZonedOut[1]
2012-05-16 11:19 - 2012-05-16 11:19 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-16 11:17 - 2012-05-16 11:19 - 0139130 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_15.17.37_log.txt
2012-05-10 08:05 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 08:05 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 08:05 - 2012-04-01 18:43 - 2342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 08:05 - 2012-03-30 02:29 - 1287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 08:05 - 2012-03-16 23:20 - 0056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 08:05 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-10 08:05 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 08:05 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-10 08:05 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-10 08:05 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-04 16:37 - 2012-05-04 16:37 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-04 16:37 - 2012-05-04 16:37 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-03 12:55 - 2012-05-03 12:55 - 0909088 ____A (Sun Microsystems, Inc.) C:\Users\*****\Downloads\chromeinstall (1).exe
2012-05-02 22:52 - 2012-05-02 23:02 - 113585967 ____A C:\Users\*****\Downloads\The_Beatles_White_Album__-_1968.zip
2012-05-02 22:42 - 2012-05-02 22:49 - 115387513 ____A C:\Users\*****\Downloads\Abbey_Road_-_1969.zip
2012-05-02 22:37 - 2012-05-02 22:41 - 96113240 ____A C:\Users\*****\Downloads\Sgt_Pepper_s_Lonely_Hearts_Club_Band_-_1967.zip
2012-05-02 22:19 - 2012-05-02 22:26 - 70229368 ____A C:\Users\*****\Downloads\Rubber_Soul_US__-_1965.zip
2012-05-02 22:01 - 2012-05-02 22:02 - 19631786 ____A C:\Users\*****\Downloads\ivave-arch-download-0f10b6986a9e1cb1cf29d03ff95286d2.zip
2012-05-02 21:41 - 2012-05-02 21:42 - 11001030 ____A C:\Users\*****\Downloads\ivave-arch-download-f33d4f5301f006f13cc8b0b739392c4f.zip
2012-05-02 19:22 - 2012-05-02 19:22 - 0000000 ____D C:\Program Files\xfinitytb
2012-05-02 19:22 - 2012-05-02 19:22 - 0000000 ____D C:\Program Files\comcasttb
2012-05-02 10:07 - 2012-05-02 10:07 - 0000000 ____D C:\Users\*****\Documents\MAISTRO_Assessment_Findings-01192012-updated


============ 3 Months Modified Files and Folders ===============

2012-05-29 14:13 - 2012-05-29 14:13 - 0000000 ____D C:\FRST
2012-05-29 10:08 - 2010-08-17 07:01 - 0000000 ____D C:\Users\*****\AppData\Roaming\Skype
2012-05-29 10:08 - 2009-07-13 20:55 - 1424203 ____A C:\Windows\WindowsUpdate.log
2012-05-29 10:01 - 2010-07-20 13:21 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-29 09:10 - 2010-08-17 07:01 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-29 07:55 - 2012-03-06 08:52 - 0000000 ____D C:\Users\*****\AppData\Roaming\Real
2012-05-29 07:55 - 2012-03-06 08:52 - 0000000 ____D C:\Users\All Users\Real
2012-05-29 07:28 - 2012-05-27 05:52 - 0644792 ____A C:\Users\*****\Desktop\Presentation1-ctcs.pptx
2012-05-29 06:41 - 2012-05-29 06:41 - 0739139 ____A C:\Users\*****\Desktop\From latent disseminated cells to overt metastasis Genetic analysis of systemic breast cancer progression.mht
2012-05-29 06:10 - 2010-08-17 07:01 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-29 02:52 - 2009-07-13 20:34 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-29 02:52 - 2009-07-13 20:34 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-29 02:45 - 2010-08-02 07:02 - 0000000 ____A C:\Users\*****\AppData\Local\WavXMapDrive.bat
2012-05-29 02:45 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-29 02:45 - 2009-07-13 20:39 - 0067305 ____A C:\Windows\setupact.log
2012-05-29 02:44 - 2010-07-20 15:06 - 2380660736 __ASH C:\hiberfil.sys
2012-05-28 16:45 - 2012-05-28 16:45 - 0007618 ____A C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2012-05-28 06:03 - 2012-05-28 06:03 - 0178416 ____A C:\Users\*****\Desktop\What's new on circulating tumor cells A meeting report.htm
2012-05-28 06:03 - 2012-05-28 06:03 - 0000000 ____D C:\Users\*****\Desktop\What's new on circulating tumor cells A meeting report_files
2012-05-28 05:54 - 2012-05-28 05:54 - 1430850 ____A C:\Users\*****\Desktop\systemic early spread of breast cancer.pdf
2012-05-28 05:19 - 2012-05-28 05:01 - 0972570 ____A C:\Users\*****\Desktop\KLEIN INFLAMMATION AND CANCER.pdf
2012-05-27 05:04 - 2012-05-27 05:04 - 0561230 ____A C:\Users\*****\Desktop\Role of organ selectivity in the determination of___ [Cancer Res_ 1980] - PubMed - NCBI.mht
2012-05-26 18:44 - 2012-05-26 18:44 - 0161630 ____A C:\Users\*****\Desktop\breast cancer stem cellsd.htm
2012-05-26 18:44 - 2012-05-26 18:44 - 0000000 ____D C:\Users\*****\Desktop\breast cancer stem cellsd_files
2012-05-26 18:34 - 2012-05-26 18:34 - 0126129 ____A C:\Users\*****\Desktop\stem cells resistant to therapy.htm
2012-05-26 18:34 - 2012-05-26 18:34 - 0000000 ____D C:\Users\*****\Desktop\stem cells resistant to therapy_files
2012-05-26 18:33 - 2012-05-26 18:33 - 0228927 ____A C:\Users\*****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value.htm
2012-05-26 18:33 - 2012-05-26 18:33 - 0000000 ____D C:\Users\*****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value_files
2012-05-26 18:22 - 2012-05-26 18:22 - 0084190 ____A C:\Users\*****\Desktop\breast cancer stem cells.htm
2012-05-26 18:22 - 2012-05-26 18:22 - 0000000 ____D C:\Users\*****\Desktop\breast cancer stem cells_files
2012-05-26 18:09 - 2012-05-26 18:09 - 1345343 ____A C:\Users\*****\Desktop\emt and breast cancer.pdf
2012-05-26 18:04 - 2012-05-26 18:04 - 0279862 ____A C:\Users\*****\Desktop\emt and stem cell markers.pdf
2012-05-26 17:38 - 2012-05-26 17:38 - 0012198 ____A C:\Users\*****\Desktop\do all roads lead to rome.htm
2012-05-26 17:38 - 2012-05-26 17:38 - 0000000 ____D C:\Users\*****\Desktop\do all roads lead to rome_files
2012-05-26 17:27 - 2012-05-26 17:27 - 0811154 ____A C:\Users\*****\Desktop\plantel clinical relevance of dtcs.pdf
2012-05-26 15:45 - 2012-05-26 15:45 - 2837492 ____A C:\Users\*****\Desktop\fidler2003.pdf
2012-05-26 15:31 - 2012-05-26 15:31 - 0364499 ____A C:\Users\*****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor.htm
2012-05-26 15:31 - 2012-05-26 15:31 - 0000000 ____D C:\Users\*****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor_files
2012-05-26 15:16 - 2012-05-26 15:16 - 0836002 ____A C:\Users\*****\Desktop\Mack_GS_-_Lost_in_Migration_-_final_PDF.66105316.pdf
2012-05-26 14:56 - 2012-05-26 14:56 - 0669718 ____A C:\Users\*****\Desktop\Preparing the “Soil” The Premetastatic Niche.mht
2012-05-26 14:51 - 2012-05-26 14:51 - 0248480 ____A C:\Users\*****\Desktop\bone-marrow-cells-pre-metastatic-niche-kaplan.pdf
2012-05-26 09:02 - 2012-05-26 09:02 - 0000000 ____D C:\Users\*****\AppData\Local\Mendeley Ltd
2012-05-26 09:01 - 2012-05-26 09:01 - 0001103 ____A C:\Users\Public\Desktop\Mendeley Desktop.lnk
2012-05-26 09:01 - 2012-05-26 09:01 - 0000000 ____D C:\Program Files\Mendeley Desktop
2012-05-24 14:04 - 2010-08-18 21:44 - 0000000 ____D C:\Users\*****\AppData\Local\CutePDF Writer
2012-05-24 04:16 - 2012-05-17 19:41 - 0000000 ____D C:\Users\*****\AppData\Local\ID Vault
2012-05-23 20:22 - 2012-05-23 20:22 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2012-05-23 20:07 - 2012-05-23 20:07 - 0002085 ____A C:\Users\Public\Desktop\Cisco NAC Agent.lnk
2012-05-23 20:07 - 2012-05-23 14:03 - 0000000 ____D C:\Users\All Users\Cisco
2012-05-23 20:07 - 2010-12-27 03:46 - 0000000 ____D C:\Config.Msi
2012-05-23 20:06 - 2012-05-23 20:06 - 0000000 ____D C:\Program Files\Common Files\Cisco
2012-05-23 20:06 - 2012-05-23 14:03 - 0000000 ____D C:\Program Files\Cisco
2012-05-23 20:01 - 2012-05-23 20:01 - 5159936 ____A C:\Users\*****\Desktop\nacagentsetup-win-4.8.0.35.msi
2012-05-23 14:04 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-05-23 14:03 - 2012-05-23 14:03 - 0000000 ____D C:\Users\*****\AppData\Local\Cisco
2012-05-23 14:02 - 2012-05-23 14:02 - 3864534 ____A C:\Users\*****\Desktop\Cisco_AnyConnect_3.0.1047.EXE
2012-05-23 13:02 - 2012-05-23 11:45 - 58582314 ____A C:\Users\*****\Documents\2012-05-23 15.45 CMMi Presentation by DQS.wmv
2012-05-23 11:03 - 2012-05-23 11:03 - 0000000 ____D C:\Program Files\Common Files\Java
2012-05-23 11:02 - 2012-05-23 11:02 - 0060304 ____A C:\Users\*****\g2mdlhlpx.exe
2012-05-23 11:02 - 2012-05-23 11:02 - 0000000 ____D C:\Program Files\Oracle
2012-05-23 11:02 - 2010-08-02 07:01 - 0000000 ____D C:\users\*****
2012-05-23 11:01 - 2010-08-02 07:01 - 0000000 ____D C:\Users\*****\AppData\LocalLow
2012-05-23 11:00 - 2012-05-23 11:00 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-23 11:00 - 2012-02-07 10:12 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-23 11:00 - 2010-07-20 13:13 - 0000000 ____D C:\Program Files\Java
2012-05-23 10:56 - 2012-05-23 10:56 - 0892360 ____A (Oracle Corporation) C:\Users\*****\Downloads\chromeinstall-7u4.exe
2012-05-23 03:37 - 2010-08-17 07:40 - 0000000 ____D C:\Users\*****\AppData\Local\TSVNCache
2012-05-22 08:27 - 2012-05-22 08:27 - 0001694 ____A C:\Users\*****\Desktop\aswMBR3.txt
2012-05-22 08:27 - 2012-05-21 06:13 - 0000512 ____A C:\Users\*****\Desktop\MBR.dat
2012-05-22 08:12 - 2012-05-22 08:12 - 0001608 ____A C:\Users\*****\Desktop\aswMBR2.txt
2012-05-22 05:53 - 2012-05-17 19:39 - 0002182 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-05-22 05:53 - 2012-05-17 19:39 - 0000000 ____D C:\Program Files\Constant Guard Protection Suite
2012-05-22 05:49 - 2012-05-22 05:49 - 0147080 ____A C:\Windows\Minidump\052212-49031-01.dmp
2012-05-22 05:49 - 2011-01-21 11:04 - 510092517 ____A C:\Windows\MEMORY.DMP
2012-05-22 05:49 - 2011-01-21 11:04 - 0000000 ____D C:\Windows\Minidump
2012-05-21 06:18 - 2012-05-21 06:13 - 0002015 ____A C:\Users\*****\Desktop\aswMBR.txt
2012-05-20 22:09 - 2012-05-20 22:09 - 4731392 ____A (AVAST Software) C:\Users\*****\Desktop\aswMBR.exe
2012-05-20 22:08 - 2012-05-20 22:08 - 0000094 ____A C:\Users\*****\Desktop\eset.txt
2012-05-20 20:02 - 2012-05-17 19:55 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-05-20 20:01 - 2012-05-17 19:55 - 0002434 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-05-20 18:43 - 2012-05-20 18:43 - 0000000 ____D C:\Program Files\ESET
2012-05-20 18:43 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-19 19:30 - 2012-05-19 19:30 - 0014759 ____A C:\Users\*****\Desktop\Attach.txt
2012-05-19 19:30 - 2012-05-19 19:30 - 0004971 ____A C:\Users\*****\Desktop\Attach.zip
2012-05-19 05:47 - 2012-05-19 05:47 - 0079936 ____A C:\Users\*****\Desktop\ctcs.docx
2012-05-18 11:25 - 2009-08-31 08:42 - 0002048 ___AH C:\Users\*****\Documents\Default.rdp
2012-05-18 09:48 - 2010-07-27 14:12 - 0000208 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-18 02:59 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\Symantec
2012-05-18 02:58 - 2012-05-17 19:55 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-05-18 02:58 - 2012-05-17 19:55 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-05-18 02:58 - 2012-05-17 19:55 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-05-18 02:08 - 2010-07-20 15:06 - 0458740 ____A C:\Windows\PFRO.log
2012-05-17 20:00 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-17 19:55 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\NortonInstaller
2012-05-17 19:55 - 2012-05-17 19:55 - 0000000 ____D C:\Program Files\Norton Security Suite
2012-05-17 19:55 - 2010-10-06 12:05 - 0000000 ____D C:\Users\All Users\Norton
2012-05-17 19:48 - 2012-05-17 19:48 - 0001372 ____A C:\Users\*****\Desktop\Norton Installation Files.lnk
2012-05-17 19:48 - 2010-10-06 12:05 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-05-17 19:46 - 2012-05-17 19:40 - 0000000 ____D C:\Users\*****\AppData\Roaming\ID Vault
2012-05-17 19:41 - 2012-05-17 19:41 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2012-05-17 19:40 - 2010-08-17 06:57 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Users\All Users\GID
2012-05-17 19:39 - 2012-05-17 19:39 - 0000000 ____D C:\Program Files\SFT
2012-05-17 18:30 - 2010-11-29 13:11 - 0000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2012-05-17 10:41 - 2012-05-17 10:41 - 0607260 ____R (Swearware) C:\Users\*****\Desktop\dds.scr
2012-05-17 09:23 - 2010-09-17 08:43 - 0000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2012-05-17 03:46 - 2012-05-17 03:46 - 0027496 ____A C:\ComboFix.txt
2012-05-17 03:46 - 2012-05-17 03:23 - 0000000 ____D C:\Qoobox
2012-05-17 03:46 - 2011-06-28 10:10 - 0000000 ____D C:\users\l
2012-05-17 03:44 - 2012-05-17 03:44 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 03:40 - 2011-01-23 12:32 - 0000000 ____D C:\Windows\ERDNT
2012-05-17 03:40 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-17 03:40 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-17 03:22 - 2012-05-17 03:22 - 4495594 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2012-05-17 03:21 - 2012-05-17 03:20 - 0137476 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_07.20.37_log.txt
2012-05-17 03:20 - 2012-05-17 03:20 - 2107843 ____A C:\Users\*****\Desktop\tdsskiller.zip
2012-05-17 03:20 - 2012-05-17 03:20 - 0000000 ____D C:\Users\*****\Desktop\tdsskiller
2012-05-16 20:08 - 2010-08-12 13:14 - 0197329 ____A C:\Users\*****\Documents\Presentation1.pptx
2012-05-16 18:06 - 2012-05-16 18:06 - 0000000 ____D C:\Users\*****\Documents\ZonedOut[1]
2012-05-16 11:19 - 2012-05-16 11:19 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-16 11:19 - 2012-05-16 11:17 - 0139130 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_15.17.37_log.txt
2012-05-16 11:11 - 2009-07-13 23:50 - 0000000 ____D C:\Windows\CSC
2012-05-16 10:58 - 2011-01-04 22:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-16 08:32 - 2010-09-17 08:42 - 0000000 ____D C:\Users\*****\AppData\Local\Apple
2012-05-15 09:15 - 2009-09-03 09:56 - 0000000 ____D C:\Users\*****\Documents\My Scans
2012-05-14 02:38 - 2010-07-20 13:37 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 03:15 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-11 03:04 - 2009-07-13 20:33 - 0412872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 03:02 - 2009-07-13 23:50 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-10 20:55 - 2010-07-27 15:01 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 11:34 - 2009-07-13 18:04 - 0000629 ____A C:\Windows\win.ini
2012-05-09 08:04 - 2010-08-27 04:58 - 0000000 ____D C:\Users\*****\AppData\Local\ElevatedDiagnostics
2012-05-07 01:24 - 2012-01-17 18:45 - 0000000 ____D C:\Users\*****\Desktop\CD
2012-05-04 16:37 - 2012-05-04 16:37 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-04 16:37 - 2012-05-04 16:37 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-03 12:55 - 2012-05-03 12:55 - 0909088 ____A (Sun Microsystems, Inc.) C:\Users\*****\Downloads\chromeinstall (1).exe
2012-05-03 09:23 - 2010-05-29 04:54 - 0000000 ____D C:\Users\*****\Documents\Proposals
2012-05-02 23:02 - 2012-05-02 22:52 - 113585967 ____A C:\Users\*****\Downloads\The_Beatles_White_Album__-_1968.zip
2012-05-02 22:49 - 2012-05-02 22:42 - 115387513 ____A C:\Users\*****\Downloads\Abbey_Road_-_1969.zip
2012-05-02 22:41 - 2012-05-02 22:37 - 96113240 ____A C:\Users\*****\Downloads\Sgt_Pepper_s_Lonely_Hearts_Club_Band_-_1967.zip
2012-05-02 22:26 - 2012-05-02 22:19 - 70229368 ____A C:\Users\*****\Downloads\Rubber_Soul_US__-_1965.zip
2012-05-02 22:02 - 2012-05-02 22:01 - 19631786 ____A C:\Users\*****\Downloads\ivave-arch-download-0f10b6986a9e1cb1cf29d03ff95286d2.zip
2012-05-02 21:42 - 2012-05-02 21:41 - 11001030 ____A C:\Users\*****\Downloads\ivave-arch-download-f33d4f5301f006f13cc8b0b739392c4f.zip
2012-05-02 19:22 - 2012-05-02 19:22 - 0000000 ____D C:\Program Files\xfinitytb
2012-05-02 19:22 - 2012-05-02 19:22 - 0000000 ____D C:\Program Files\comcasttb
2012-05-02 19:19 - 2010-08-11 12:59 - 0000000 ____D C:\Users\*****\Documents\Pers
2012-05-02 10:07 - 2012-05-02 10:07 - 0000000 ____D C:\Users\*****\Documents\MAISTRO_Assessment_Findings-01192012-updated
2012-05-01 10:50 - 2010-12-27 04:14 - 0152137 ____A C:\Windows\System32\TEST.log
2012-04-28 01:08 - 2012-04-28 01:08 - 0011477 ____A C:\Users\*****\Documents\Worksheet in MAISTRO_Release 7 (Recovered).xlsx
2012-04-24 09:38 - 2012-04-24 08:35 - 0217490 ____A C:\Users\*****\Documents\IDL Response to FDA CBER RFI_v2_Bala_comments.docx
2012-04-22 20:22 - 2012-04-22 20:10 - 101287435 ____A C:\Users\*****\Downloads\ivave-arch-download-e3195a369840793318643f8fbfc31646.zip
2012-04-22 18:53 - 2012-04-22 18:53 - 0000000 ____D C:\Program Files\Common Files\Skype
2012-04-22 18:53 - 2010-07-27 15:32 - 0000000 ___RD C:\Program Files\Skype
2012-04-22 18:53 - 2010-07-27 15:32 - 0000000 ____D C:\Users\All Users\Skype
2012-04-21 06:45 - 2012-04-21 06:44 - 6758567 ____A C:\Users\*****\Downloads\ivave-arch-download-6feb61b78c50228de560462e0ee0c549.zip
2012-04-21 06:39 - 2012-04-21 06:38 - 9034112 ____A C:\Users\*****\Downloads\ivave-arch-download-723cb8e3648923c01079e336d3895127.zip
2012-04-21 06:28 - 2012-04-21 06:28 - 11503095 ____A C:\Users\*****\Downloads\ivave-arch-download-6e93502f06483da9089af08e091574c4.zip
2012-04-20 03:00 - 2012-04-20 03:00 - 0017640 ____A C:\Users\*****\Downloads\IDL DEV - Test User IDs.xlsx
2012-04-18 07:48 - 2012-04-18 07:48 - 0009910 ____A C:\Users\*****\Desktop\test.docx
2012-04-17 12:17 - 2011-06-03 01:59 - 0000000 ____D C:\Users\*****\Documents\Miscellaneous
2012-04-14 16:30 - 2010-09-17 08:43 - 0000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2012-04-14 04:06 - 2012-04-14 04:06 - 0001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-14 04:06 - 2012-04-14 04:05 - 0000000 ____D C:\Program Files\iTunes
2012-04-14 04:05 - 2012-04-14 04:05 - 0000000 ____D C:\Program Files\iPod
2012-04-14 04:05 - 2010-09-17 08:41 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-12 03:50 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-04-05 02:06 - 2010-12-27 03:46 - 0000000 ____D C:\Users\All Users\HP
2012-04-04 14:47 - 2012-05-23 11:01 - 0772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-04-04 14:47 - 2012-05-23 11:01 - 0227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-04 14:47 - 2011-01-24 04:00 - 0687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-04 11:56 - 2011-01-04 22:34 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 09:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Speech
2012-04-04 06:17 - 2011-09-04 06:46 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-04 03:04 - 2012-04-04 03:04 - 0000162 ___AH C:\Users\*****\Desktop\~$TATION REQUESTS.docx
2012-04-03 07:41 - 2012-04-03 07:41 - 0231936 ____A C:\Users\*****\Downloads\PDRTemplate.zip
2012-04-01 20:46 - 2012-05-10 08:05 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-01 20:46 - 2012-05-10 08:05 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-01 18:43 - 2012-05-10 08:05 - 2342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-31 05:35 - 2012-03-31 05:24 - 101216977 ____A C:\Users\*****\Downloads\ivave-arch-download-c4fef7bcd49f33567787c99873e63683.zip
2012-03-31 05:08 - 2012-03-31 05:07 - 33466069 ____A C:\Users\*****\Downloads\ivave-arch-download-3644f960e3dd7870d3dac1ec6e958dae.zip
2012-03-31 05:04 - 2012-03-31 05:03 - 11374960 ____A C:\Users\*****\Downloads\ivave-arch-download-34fb4d4b94a877d26042e774c9587ef5.zip
2012-03-31 05:00 - 2012-03-31 05:00 - 5271680 ____A C:\Users\*****\Downloads\ivave-arch-download-aada7c3320730b972f4fd4eca2b9e7ec.zip
2012-03-31 04:59 - 2012-03-31 04:59 - 12508251 ____A C:\Users\*****\Downloads\ivave-arch-download-522ddf7dad3d4f2406dadf9197542295.zip
2012-03-31 04:56 - 2012-03-31 04:56 - 12326776 ____A C:\Users\*****\Downloads\ivave-arch-download-b46c462feb9b1ec398f7226124cdc22e.zip
2012-03-31 04:51 - 2012-03-31 04:49 - 39043898 ____A C:\Users\*****\Downloads\ivave-arch-download-83fe82beb711b3180880b43297b6362a.zip
2012-03-30 02:29 - 2012-05-10 08:05 - 1287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 14:12 - 2012-03-28 06:59 - 0007030 ____A C:\Users\*****\Documents\MyGames.pgn
2012-03-27 21:20 - 2010-07-27 15:28 - 0000039 ____A C:\Windows\vbaddin.ini
2012-03-27 21:17 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-27 21:16 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-27 19:34 - 2012-03-27 19:34 - 0000000 ____D C:\Users\*****\AppData\Roaming\Internet Chess Club
2012-03-27 19:34 - 2012-03-27 19:34 - 0000000 ____D C:\Program Files\Internet Chess Club
2012-03-24 04:56 - 2012-03-24 04:56 - 0006825 ____A C:\Windows\System32\_GEAREXT.WO_IDENT.TXT
2012-03-23 16:09 - 2012-03-23 16:09 - 0094109 ____A C:\Users\*****\Downloads\1083_ftp_002.pdf
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr
2012-03-21 20:17 - 2012-03-21 20:17 - 0624055 ____A C:\Users\*****\Downloads\Addendum_DD_NRC_187.pdf
2012-03-21 20:16 - 2012-03-21 20:16 - 0047104 ____A C:\Users\*****\Downloads\Addendum_AA_List_of_K_ (1).doc
2012-03-21 20:11 - 2012-03-21 20:11 - 2903552 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011.(2.25.2011).doc
2012-03-21 13:16 - 2012-03-21 13:16 - 0278409 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011--A007 (2).pdf
2012-03-21 13:16 - 2012-03-21 13:16 - 0072205 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011_A006.pdf
2012-03-21 13:15 - 2012-03-21 13:15 - 0278409 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011--A007 (1).pdf
2012-03-21 13:12 - 2012-03-21 13:12 - 0278409 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011--A007.pdf
2012-03-21 13:12 - 2012-03-21 13:12 - 0028024 ____A C:\Users\*****\Downloads\NRC-HQ-11-R-33-0011_A008.pdf
2012-03-21 13:07 - 2012-03-21 13:07 - 0048640 ____A C:\Users\*****\Downloads\Addendum_EE_COI_Guidelines.doc
2012-03-21 13:07 - 2012-03-21 13:07 - 0047104 ____A C:\Users\*****\Downloads\Addendum_AA_List_of_K_.doc
2012-03-19 06:20 - 2011-09-21 08:24 - 0002203 ____A C:\Users\*****\Desktop\GoToWebinar.lnk
2012-03-16 23:20 - 2012-05-10 08:05 - 0056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 20:42 - 2012-03-14 20:42 - 0322612 ____A C:\Users\*****\Downloads\MSPSC Graphics (1).pptx
2012-03-14 20:28 - 2012-03-14 20:28 - 0322612 ____A C:\Users\*****\Downloads\MSPSC Graphics.pptx
2012-03-12 07:28 - 2010-07-27 13:54 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-03-12 06:01 - 2012-03-12 06:01 - 0000000 ____D C:\Users\*****\AppData\Roaming\com.Shutterfly.ExpressUploader
2012-03-12 06:01 - 2012-03-12 06:00 - 0000000 ____D C:\Program Files\Shutterfly
2012-03-12 06:00 - 2010-08-17 08:57 - 0000000 ____D C:\Users\*****\AppData\Local\Adobe
2012-03-12 06:00 - 2010-08-03 06:23 - 0000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2012-03-06 15:02 - 2012-03-06 12:11 - 1823232 ____A C:\Users\*****\Documents\CMS EIDM Program WBS_03_05_2012.mpp
2012-03-06 08:54 - 2012-03-06 08:54 - 0000000 ____D C:\Users\*****\AppData\Roaming\RealNetworks
2012-03-06 08:53 - 2012-03-06 08:53 - 0272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-03-06 08:53 - 2012-03-06 08:53 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-03-06 08:53 - 2012-03-06 08:53 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-03-06 08:53 - 2012-03-06 08:53 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-03-06 08:53 - 2012-03-06 08:53 - 0000000 ____D C:\Program Files\Common Files\xing shared
2012-03-06 08:53 - 2012-03-06 08:52 - 0000000 ____D C:\Program Files\Real
2012-03-06 08:52 - 2006-08-14 07:02 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-03-05 14:48 - 2012-03-05 14:48 - 0400384 ____A C:\Users\*****\Desktop\TM PowerPoint Timer.ppa
2012-03-05 14:47 - 2012-03-05 14:47 - 0176502 ____A C:\Users\*****\Desktop\TM PowerPoint Timer (Ribbon UI).ppam
2012-03-04 19:00 - 2010-07-27 15:27 - 0000162 ____A C:\Windows\ODBC.INI
2012-03-04 18:42 - 2012-03-04 07:05 - 0000000 ____D C:\Users\*****\.freemind
2012-03-04 07:05 - 2012-03-04 07:05 - 0000000 ____D C:\Program Files\FreeMind
2012-03-02 21:40 - 2012-05-10 08:05 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-02 21:40 - 2012-05-10 08:05 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:40 - 2012-05-10 08:05 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-02 21:40 - 2012-05-10 08:05 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-02 21:40 - 2012-05-10 08:05 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-01 06:07 - 2012-03-01 06:07 - 0000000 ____D C:\Program Files\Privoxy

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3027.17 MB
Available physical RAM: 2552.07 MB
Total Pagefile: 3025.45 MB
Available Pagefile: 2553.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:223.36 GB) (Free:126.36 GB) NTFS
3 Drive f: (TRAVELDRIVE) (Removable) (Total:1.92 GB) (Free:0.15 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:9.39 GB) (Free:4.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1967 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 9 GB 134 MB
Partition 3 Primary 223 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 133 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1966 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TRAVELDRIVE FAT Removable 1966 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-20 17:57

======================= End Of Log ==========================

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 29 May 2012 - 02:44 PM

Good evening. :)

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

start
c:\users\bpalaniswamy.idl\appdata\local\apple computer\adobe\ukech.dll
3 catchme; \??\C:\Users\BPALAN~1.IDL\AppData\Local\Temp\catchme.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
end

Save the file to your flashdrive as fixlist.txt
Enter the System Recovery Options as before, run FRST64 and click the Fix button just once and wait.
Once the tool has completed it will save a log on the flashdrive called Fixlog.txt - i'd like you to post the contents in your next reply. Also tell me if the PC still suffers from redirects.

So long, and thanks for all the fish.

 

 


#13 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 May 2012 - 10:36 PM

Hi

Here is the FixLog

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 2012-05-29 23:26:30 Run:1
Running from F:\

==============================================

C:\users\***\appdata\local\apple computer\adobe\ukech.dll not found.
catchme service deleted successfully.
NvtSp50 service deleted successfully.

==== End of Fixlog ====

I tried searching again in Firefox. The redirection still happens.
Please let me know what should be done now.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:05 PM

Posted 30 May 2012 - 02:36 PM

Good evening.

Can you tell me what happened to your anti-virus program - I see Norton Security Suite in the Installed Programs section of one of the logs you posted but no corresponding entries in the other.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Check the Scan All User box at the top.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    • netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
  • Click the Run Scan button and allow it to do it's thing.
  • Once the scan has completed two notepad windows, OTL.Txt and Extras.Txt, will open - these text files will be saved in the same location as OTL.
  • Please post the contents of both in your next reply - you may need to post each seperately if they are overly long.

So long, and thanks for all the fish.

 

 


#15 bcym

bcym
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 30 May 2012 - 03:09 PM

Hi
I installed Norton in between and had to uninstall. Sorry if this has caused any confusion in your analysis.
Currently no virus software running in my machine.

Here is OTL.TXT
OTL logfile created on: 5/30/2012 3:46:56 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\****\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 43.92% Memory free
5.91 Gb Paging File | 4.06 Gb Available in Paging File | 68.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.36 Gb Total Space | 124.68 Gb Free Space | 55.82% Space Free | Partition Type: NTFS

Computer Name: IDL-LAT5400-01 | User Name: bpalaniswamy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/30 15:45:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.scr
PRC - [2012/03/06 12:53:02 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2012/03/06 12:52:57 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/27 03:40:10 | 000,359,936 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe
PRC - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/23 16:35:06 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/03/23 16:34:20 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/08 16:27:58 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/10/26 17:56:56 | 000,487,680 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/10/26 17:56:22 | 001,050,880 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/07/20 17:22:21 | 004,685,824 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/07/20 17:22:21 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/07/20 17:22:18 | 004,038,656 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/04/05 12:56:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
PRC - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
PRC - [2010/02/17 20:20:16 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/02/17 19:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/02/08 17:23:40 | 001,327,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2010/02/08 17:19:28 | 000,386,928 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2010/01/05 21:23:58 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/05 15:04:04 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/22 12:23:52 | 001,845,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 16:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/12 12:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/08/11 17:09:52 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/02/01 04:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 07:09:30 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/05/11 07:06:35 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/11 07:06:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 07:06:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/11 07:05:53 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/11 07:05:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/11 07:05:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/11 07:05:27 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/11 07:05:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/12/27 03:40:10 | 000,086,528 | ---- | M] () -- C:\Program Files\Privoxy\mgwz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/20 17:29:27 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.453.27565__f25c74fcad379103\Status Lib.dll
MOD - [2010/07/20 17:29:27 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.453.27562__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/12/22 12:19:42 | 000,573,440 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll
MOD - [2009/11/19 16:47:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/13 09:17:00 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/08/11 17:10:04 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 20:37:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/06 14:07:18 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 13:58:52 | 001,085,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/03/23 16:34:20 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/11/08 16:06:58 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/26 17:56:22 | 001,050,880 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/08/17 17:09:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/20 17:22:21 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
SRV - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
SRV - [2010/02/08 17:19:28 | 000,386,928 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/23 16:25:40 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/03/23 16:25:16 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011/01/23 17:06:19 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2010/07/20 20:00:16 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/20 17:22:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/04/05 12:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/10 22:20:08 | 000,251,440 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/01/20 15:18:26 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2010/01/05 15:03:58 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/14 14:12:34 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/04 22:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 12:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 23:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 20:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 20:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 20:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{FF1877AC-5571-4CEA-86A5-50D75CFD6D15}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\..\SearchScopes,DefaultScope = {650098FB-1C79-4172-B26B-6203ABB07E61}
IE - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\..\SearchScopes\{650098FB-1C79-4172-B26B-6203ABB07E61}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\..\SearchScopes\{6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0}: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&cid=xfstart_tech_search&q={searchTerms}
IE - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/"
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\****\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\****\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 20:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/23 15:01:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\****\AppData\Roaming\Move Networks [2011/07/01 20:31:26 | 000,000,000 | ---D | M]

[2010/08/17 11:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012/05/30 13:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tq6rwfwa.default\extensions
[2011/11/11 13:48:44 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tq6rwfwa.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/12/27 07:42:03 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tq6rwfwa.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/05/30 13:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/22 22:53:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TQ6RWFWA.DEFAULT\EXTENSIONS\WZYKESCWMA@WZYKESCWMA.ORG.XPI
[2012/05/04 20:37:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/26 06:52:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 06:52:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010/10/06 10:51:30 | 000,003,277 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\****\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/05/17 07:40:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-507921405-1606980848-1801674531-7246\..Trusted Domains: ivave.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.9.1.1 64.62.206.164 64.62.206.164 10.9.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ****.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78238858-BEE6-475B-AC3B-DCA1D43E8BC7}: NameServer = 172.16.4.30 172.16.4.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EAFC2AB-33F7-4CD9-8410-503BAFBDECCA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB5B8703-043C-4D3A-ACD7-490E3EC4D40F}: DhcpNameServer = 10.9.1.1 64.62.206.164 64.62.206.164 10.9.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 15:45:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.scr
[2012/05/30 15:26:07 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\SEPG
[2012/05/30 13:38:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\AVG
[2012/05/30 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/30 13:22:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/30 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/30 13:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/30 13:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/30 13:14:24 | 003,879,712 | ---- | C] (AVG Technologies) -- C:\Users\****\Desktop\avg_free_stb_all_2012_2178_cnet.exe
[2012/05/30 08:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hematography Plus
[2012/05/30 08:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hematography Plus
[2012/05/29 18:13:03 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/28 20:42:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/28 10:03:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\What's new on circulating tumor cells A meeting report_files
[2012/05/26 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\breast cancer stem cellsd_files
[2012/05/26 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\stem cells resistant to therapy_files
[2012/05/26 22:33:55 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value_files
[2012/05/26 22:22:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\breast cancer stem cells_files
[2012/05/26 21:38:46 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\do all roads lead to rome_files
[2012/05/26 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor_files
[2012/05/26 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mendeley Ltd
[2012/05/26 13:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
[2012/05/26 13:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mendeley Desktop
[2012/05/24 00:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco
[2012/05/23 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Cisco
[2012/05/23 18:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012/05/23 18:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012/05/23 18:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/05/23 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/23 15:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/23 15:01:05 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/05/23 15:01:05 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/23 15:00:27 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/21 02:09:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012/05/20 22:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/17 23:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/05/17 23:41:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ID Vault
[2012/05/17 23:40:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ID Vault
[2012/05/17 23:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2012/05/17 23:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2012/05/17 14:41:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.scr
[2012/05/17 07:44:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/17 07:24:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/17 07:24:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/17 07:24:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/17 07:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/17 07:22:23 | 004,495,594 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2012/05/17 07:20:30 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\tdsskiller
[2012/05/16 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\ZonedOut[1]
[2012/05/16 15:19:32 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/10 12:05:07 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/10 12:05:06 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/10 12:05:06 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/10 12:05:06 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/10 12:05:06 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/10 12:05:05 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 12:05:04 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 12:05:02 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/04 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/04 20:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 23:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2012/05/02 14:07:39 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MAISTRO_Assessment_Findings-01192012-updated
[2011/01/22 20:39:18 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/05/30 15:45:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.scr
[2012/05/30 15:19:17 | 000,002,048 | -H-- | M] () -- C:\Users\****\Documents\Default.rdp
[2012/05/30 15:10:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 14:38:49 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 14:38:49 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 13:40:26 | 000,034,814 | ---- | M] () -- C:\Users\****\AppData\Local\dt.dat
[2012/05/30 13:29:26 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/30 13:29:26 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/30 13:25:12 | 000,000,000 | ---- | M] () -- C:\Users\****\AppData\Local\WavXMapDrive.bat
[2012/05/30 13:25:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/30 13:23:45 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/30 13:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 13:23:38 | 2380,660,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/30 13:14:31 | 003,879,712 | ---- | M] (AVG Technologies) -- C:\Users\****\Desktop\avg_free_stb_all_2012_2178_cnet.exe
[2012/05/30 07:49:05 | 003,028,459 | ---- | M] () -- C:\Users\****\Desktop\e caqdherin as central.pdf
[2012/05/29 10:41:06 | 000,739,139 | ---- | M] () -- C:\Users\****\Desktop\From latent disseminated cells to overt metastasis Genetic analysis of systemic breast cancer progression.mht
[2012/05/28 20:45:24 | 000,007,618 | ---- | M] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2012/05/28 10:03:03 | 000,178,416 | ---- | M] () -- C:\Users\****\Desktop\What's new on circulating tumor cells A meeting report.htm
[2012/05/28 09:54:52 | 001,430,850 | ---- | M] () -- C:\Users\****\Desktop\systemic early spread of breast cancer.pdf
[2012/05/28 09:19:36 | 000,972,570 | ---- | M] () -- C:\Users\****\Desktop\KLEIN INFLAMMATION AND CANCER.pdf
[2012/05/27 09:04:14 | 000,561,230 | ---- | M] () -- C:\Users\****\Desktop\Role of organ selectivity in the determination of___ [Cancer Res_ 1980] - PubMed - NCBI.mht
[2012/05/26 22:44:31 | 000,161,630 | ---- | M] () -- C:\Users\****\Desktop\breast cancer stem cellsd.htm
[2012/05/26 22:34:48 | 000,126,129 | ---- | M] () -- C:\Users\****\Desktop\stem cells resistant to therapy.htm
[2012/05/26 22:33:55 | 000,228,927 | ---- | M] () -- C:\Users\****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value.htm
[2012/05/26 22:22:32 | 000,084,190 | ---- | M] () -- C:\Users\****\Desktop\breast cancer stem cells.htm
[2012/05/26 22:09:29 | 001,345,343 | ---- | M] () -- C:\Users\****\Desktop\emt and breast cancer.pdf
[2012/05/26 22:04:14 | 000,279,862 | ---- | M] () -- C:\Users\****\Desktop\emt and stem cell markers.pdf
[2012/05/26 21:38:46 | 000,012,198 | ---- | M] () -- C:\Users\****\Desktop\do all roads lead to rome.htm
[2012/05/26 21:27:23 | 000,811,154 | ---- | M] () -- C:\Users\****\Desktop\plantel clinical relevance of dtcs.pdf
[2012/05/26 19:45:27 | 002,837,492 | ---- | M] () -- C:\Users\****\Desktop\fidler2003.pdf
[2012/05/26 19:31:53 | 000,364,499 | ---- | M] () -- C:\Users\****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor.htm
[2012/05/26 19:16:28 | 000,836,002 | ---- | M] () -- C:\Users\****\Desktop\Mack_GS_-_Lost_in_Migration_-_final_PDF.66105316.pdf
[2012/05/26 18:56:25 | 000,669,718 | ---- | M] () -- C:\Users\****\Desktop\Preparing the “Soil” The Premetastatic Niche.mht
[2012/05/26 18:51:56 | 000,248,480 | ---- | M] () -- C:\Users\****\Desktop\bone-marrow-cells-pre-metastatic-niche-kaplan.pdf
[2012/05/26 13:01:59 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2012/05/24 00:22:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/24 00:07:11 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2012/05/24 00:01:29 | 005,159,936 | ---- | M] () -- C:\Users\****\Desktop\nacagentsetup-win-4.8.0.35.msi
[2012/05/23 18:02:52 | 003,864,534 | ---- | M] () -- C:\Users\****\Desktop\Cisco_AnyConnect_3.0.1047.EXE
[2012/05/23 17:02:31 | 058,582,314 | ---- | M] () -- C:\Users\****\Documents\2012-05-23 15.45 CMMi Presentation by DQS.wmv
[2012/05/23 15:02:07 | 000,060,304 | ---- | M] () -- C:\Users\****\g2mdlhlpx.exe
[2012/05/23 15:00:16 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/23 15:00:16 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/22 12:27:54 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2012/05/22 09:49:00 | 510,092,517 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/21 02:09:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012/05/19 23:30:39 | 000,004,971 | ---- | M] () -- C:\Users\****\Desktop\Attach.zip
[2012/05/17 23:48:12 | 000,001,372 | ---- | M] () -- C:\Users\****\Desktop\Norton Installation Files.lnk
[2012/05/17 14:41:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.scr
[2012/05/17 07:40:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/17 07:22:32 | 004,495,594 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2012/05/17 07:20:18 | 002,107,843 | ---- | M] () -- C:\Users\****\Desktop\tdsskiller.zip
[2012/05/11 07:04:27 | 000,412,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/05/30 13:40:26 | 000,034,814 | ---- | C] () -- C:\Users\****\AppData\Local\dt.dat
[2012/05/30 13:23:45 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/30 07:49:05 | 003,028,459 | ---- | C] () -- C:\Users\****\Desktop\e caqdherin as central.pdf
[2012/05/29 10:41:03 | 000,739,139 | ---- | C] () -- C:\Users\****\Desktop\From latent disseminated cells to overt metastasis Genetic analysis of systemic breast cancer progression.mht
[2012/05/28 20:45:24 | 000,007,618 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2012/05/28 10:03:02 | 000,178,416 | ---- | C] () -- C:\Users\****\Desktop\What's new on circulating tumor cells A meeting report.htm
[2012/05/28 09:54:52 | 001,430,850 | ---- | C] () -- C:\Users\****\Desktop\systemic early spread of breast cancer.pdf
[2012/05/28 09:01:10 | 000,972,570 | ---- | C] () -- C:\Users\****\Desktop\KLEIN INFLAMMATION AND CANCER.pdf
[2012/05/27 09:04:11 | 000,561,230 | ---- | C] () -- C:\Users\****\Desktop\Role of organ selectivity in the determination of___ [Cancer Res_ 1980] - PubMed - NCBI.mht
[2012/05/26 22:44:30 | 000,161,630 | ---- | C] () -- C:\Users\****\Desktop\breast cancer stem cellsd.htm
[2012/05/26 22:34:48 | 000,126,129 | ---- | C] () -- C:\Users\****\Desktop\stem cells resistant to therapy.htm
[2012/05/26 22:33:55 | 000,228,927 | ---- | C] () -- C:\Users\****\Desktop\Correlation between Cancer Stem Cells and Circulating Tumor Cells and Their Value.htm
[2012/05/26 22:22:32 | 000,084,190 | ---- | C] () -- C:\Users\****\Desktop\breast cancer stem cells.htm
[2012/05/26 22:09:29 | 001,345,343 | ---- | C] () -- C:\Users\****\Desktop\emt and breast cancer.pdf
[2012/05/26 22:04:14 | 000,279,862 | ---- | C] () -- C:\Users\****\Desktop\emt and stem cell markers.pdf
[2012/05/26 21:38:45 | 000,012,198 | ---- | C] () -- C:\Users\****\Desktop\do all roads lead to rome.htm
[2012/05/26 21:27:22 | 000,811,154 | ---- | C] () -- C:\Users\****\Desktop\plantel clinical relevance of dtcs.pdf
[2012/05/26 19:45:26 | 002,837,492 | ---- | C] () -- C:\Users\****\Desktop\fidler2003.pdf
[2012/05/26 19:31:53 | 000,364,499 | ---- | C] () -- C:\Users\****\Desktop\Mesenchymal Transition and Dissemination of Cancer Cells Is Driven by Myeloid-Derived Suppressor Cells Infiltrating the Primary Tumor.htm
[2012/05/26 19:16:28 | 000,836,002 | ---- | C] () -- C:\Users\****\Desktop\Mack_GS_-_Lost_in_Migration_-_final_PDF.66105316.pdf
[2012/05/26 18:56:22 | 000,669,718 | ---- | C] () -- C:\Users\****\Desktop\Preparing the “Soil” The Premetastatic Niche.mht
[2012/05/26 18:51:56 | 000,248,480 | ---- | C] () -- C:\Users\****\Desktop\bone-marrow-cells-pre-metastatic-niche-kaplan.pdf
[2012/05/26 13:01:58 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2012/05/24 00:22:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/24 00:07:09 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2012/05/24 00:01:29 | 005,159,936 | ---- | C] () -- C:\Users\****\Desktop\nacagentsetup-win-4.8.0.35.msi
[2012/05/23 18:04:29 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
[2012/05/23 18:02:52 | 003,864,534 | ---- | C] () -- C:\Users\****\Desktop\Cisco_AnyConnect_3.0.1047.EXE
[2012/05/23 15:45:45 | 058,582,314 | ---- | C] () -- C:\Users\****\Documents\2012-05-23 15.45 CMMi Presentation by DQS.wmv
[2012/05/23 15:02:06 | 000,060,304 | ---- | C] () -- C:\Users\****\g2mdlhlpx.exe
[2012/05/21 10:13:37 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2012/05/19 23:30:39 | 000,004,971 | ---- | C] () -- C:\Users\****\Desktop\Attach.zip
[2012/05/17 23:48:12 | 000,001,372 | ---- | C] () -- C:\Users\****\Desktop\Norton Installation Files.lnk
[2012/05/17 07:24:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/17 07:24:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/17 07:24:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/17 07:24:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/17 07:24:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/17 07:20:11 | 002,107,843 | ---- | C] () -- C:\Users\****\Desktop\tdsskiller.zip
[2011/11/11 14:32:00 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/08 10:47:20 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{4A52DDA3-60AD-4FFF-9E4F-F853828A9D5E}
[2011/06/02 16:59:45 | 000,675,840 | ---- | C] () -- C:\Users\****\AppData\Local\filesync.metadata
[2011/01/21 04:40:03 | 000,296,448 | ---- | C] () -- C:\Program Files\GMER.exe
[2010/12/27 07:58:58 | 000,202,498 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/12/27 07:58:58 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/12/27 07:48:13 | 000,073,475 | ---- | C] () -- C:\Windows\hpqins16.dat.temp
[2010/12/27 07:46:11 | 000,073,118 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010/12/03 09:13:47 | 000,042,496 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 16:59:17 | 000,004,096 | -H-- | C] () -- C:\Users\****\AppData\Local\keyfile3.drm
[2010/08/26 13:30:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/26 13:30:10 | 000,000,817 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/08/26 13:30:10 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/08/26 13:30:10 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8860dn.dat
[2010/08/26 13:28:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010/08/26 13:28:59 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010/08/26 13:28:57 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/08/26 13:28:57 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/08/26 13:28:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/08/17 11:02:22 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/17 10:57:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/02 11:02:18 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\WavXMapDrive.bat
[2010/08/02 11:01:38 | 000,017,132 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/27 19:44:59 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/07/27 19:27:25 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/27 18:07:25 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/07/20 19:52:14 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/07/20 19:52:12 | 000,982,224 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/07/20 19:52:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/20 19:52:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/20 19:52:11 | 000,092,292 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/07/20 19:52:11 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/07/20 19:52:10 | 000,439,336 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/07/20 19:52:09 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/20 17:18:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/07/20 17:16:24 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/07/20 20:00:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/07/20 20:00:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/07/20 20:00:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/07/20 20:00:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/20 20:00:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/07/20 20:00:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/20 20:00:14 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/07/20 20:00:14 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/07/20 20:00:14 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/20 20:00:14 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: ****-LAT5400-01
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 9 GB Healthy System
Volume 2 C OS NTFS Partition 223 GB Healthy Boot
Volume 3 E Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users