Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Sirefef.FY


  • This topic is locked This topic is locked
28 replies to this topic

#1 Aokansei

Aokansei

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 July 2012 - 05:57 PM

My CA Total Defense Anti Virus software says that I have the Sirefef.FY infection. It keeps trying to quarantine it, but I continue to get the infection warnings. Malwarebytes (since I installed it) also reports that there are periodic attempts to connect to a website (it blocks them). Symptoms: Google searching yields strange websites; occasionally, odd websites are launched when I haven't asked them to.

Please help with removal of this infection.

Note that the Ark.txt file is only a partial log from GMER...I had to stop it because the first 3 times I ran it I got a blue screen of death after 2 hours of scanning.

My DDS.txt file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.2.0
Run by Shawn at 14:24:32 on 2012-07-01
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [S3TRAY2] S3Tray2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} - hxxp://lakehousecamera.dyndns.org:8081/XNC600NetCam.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B6E1AE87-210B-4F65-8BED-D396C76EA947} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\shawn\application data\mozilla\firefox\profiles\ry682y8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ecotton.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.txt=TextPad.txt
.
=============== Created Last 30 ================
.
2012-07-01 17:04:05 110080 ----a-r- c:\documents and settings\shawn\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe
2012-07-01 17:04:05 110080 ----a-r- c:\documents and settings\shawn\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe
2012-07-01 17:04:05 110080 ----a-r- c:\documents and settings\shawn\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe
2012-07-01 17:02:27 -------- d-----w- C:\sh4ldr
2012-07-01 17:02:27 -------- d-----w- c:\program files\Enigma Software Group
2012-07-01 17:01:12 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-01 16:59:26 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-01 16:34:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-01 16:34:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 16:34:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 21:43:33 150392 ----a-w- C:\junction.exe
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-25 22:45:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-15 01:20:37 -------- d-----w- c:\program files\CA
2012-06-15 01:15:25 -------- d-----w- c:\documents and settings\all users\application data\CA
.
==================== Find3M ====================
.
2012-06-30 20:55:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 01:41:50 97328 ----a-w- c:\windows\system32\vetredir.dll
2012-06-15 01:41:50 130096 ----a-w- c:\windows\system32\isafeif.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29:52 81920 ------w- c:\windows\system32\ieencode.dll
2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44:57 369664 ------w- c:\windows\system32\html.iec
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 14:32:09.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 02 July 2012 - 12:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 02 July 2012 - 07:10 PM

Please do not run any tools unless instructed to do so.


Sorry, after I posted, I ran Malwarebytes Anti-Malware. It's scan showed Sirefef.FY and a couple of other problems, which I allowed it to delete. Since then, all problems have gone away, except for the computer booting slowly.

Security Check


Log attached below. Note that I never use Internet Explorer.

Run Combofix:


I was unable to run this completely. I tried several times. It either stalled, crashed, or complained that my "Total Defense" anti-virus (CA) was still running after I tried to kill all of its processes. Do you know how to temporarily shut it down?

How is the computer doing now?


Much better after Malwarebytes cleaned it up. But I'd feel better if I knew the infection(s) were completely gone.

Security Check log:
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Total Defense Anti-Virus Plus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java Web Start
JavaFX 2.0.2
Java™ 7 Update 2
Java™ SE Development Kit 6 Update 26
Java 2 Runtime Environment, SE v1.4.1_02
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.1)
Mozilla Firefox (13.0.1)
Mozilla Thunderbird (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 02 July 2012 - 08:28 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 05 July 2012 - 08:19 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 July 2012 - 11:04 AM

I was out of town for the July 4th holiday...I tried your instructions this morning but when I hit <F8> to interrupt booting, I don't get a "Repair your computer" menu item. I am running Window XP.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 05 July 2012 - 07:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 July 2012 - 07:37 PM

I ran tdsskiller...got no warnings about infected or suspicious files.

tdsskiller log:
20:34:37.0122 0344 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
20:34:37.0492 0344 ============================================================
20:34:37.0492 0344 Current date / time: 2012/07/05 20:34:37.0492
20:34:37.0492 0344 SystemInfo:
20:34:37.0492 0344
20:34:37.0492 0344 OS Version: 5.1.2600 ServicePack: 3.0
20:34:37.0492 0344 Product type: Workstation
20:34:37.0492 0344 ComputerName: SHAWNS-THINKPAD
20:34:37.0492 0344 UserName: Shawn
20:34:37.0492 0344 Windows directory: C:\WINDOWS
20:34:37.0492 0344 System windows directory: C:\WINDOWS
20:34:37.0492 0344 Processor architecture: Intel x86
20:34:37.0492 0344 Number of processors: 1
20:34:37.0492 0344 Page size: 0x1000
20:34:37.0492 0344 Boot type: Normal boot
20:34:37.0492 0344 ============================================================
20:34:48.0558 0344 Drive \Device\Harddisk0\DR0 - Size: 0x1206834A00 (72.10 Gb), SectorSize: 0x200, Cylinders: 0x2710, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:34:48.0588 0344 ============================================================
20:34:48.0588 0344 \Device\Harddisk0\DR0:
20:34:48.0588 0344 MBR partitions:
20:34:48.0588 0344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x90320C1
20:34:48.0588 0344 ============================================================
20:34:48.0668 0344 C: <-> \Device\Harddisk0\DR0\Partition0
20:34:48.0668 0344 ============================================================
20:34:48.0668 0344 Initialize success
20:34:48.0668 0344 ============================================================
20:34:50.0341 2108 ============================================================
20:34:50.0341 2108 Scan started
20:34:50.0341 2108 Mode: Manual;
20:34:50.0341 2108 ============================================================
20:34:52.0013 2108 Abiosdsk - ok
20:34:52.0294 2108 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:34:52.0314 2108 abp480n5 - ok
20:34:52.0464 2108 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
20:34:52.0554 2108 ac97intc - ok
20:34:52.0794 2108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:34:52.0885 2108 ACPI - ok
20:34:53.0165 2108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:34:53.0175 2108 ACPIEC - ok
20:34:53.0475 2108 AcPrfMgrSvc (42d7629b46468dc3a6748884af98a3ed) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
20:34:53.0505 2108 AcPrfMgrSvc - ok
20:34:53.0596 2108 ACS (4db2f17ad06c170eab5f6f36973f5e9c) C:\WINDOWS\system32\acs.exe
20:34:53.0626 2108 ACS - ok
20:34:53.0796 2108 AcSvc (61fb15d2e201a2e53aa38893fb481f0f) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
20:34:55.0689 2108 AcSvc - ok
20:34:57.0411 2108 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:34:57.0451 2108 adpu160m - ok
20:34:57.0561 2108 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
20:34:57.0611 2108 aeaudio - ok
20:34:57.0701 2108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:34:57.0762 2108 aec - ok
20:34:57.0802 2108 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:34:57.0812 2108 AegisP - ok
20:34:57.0922 2108 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:34:57.0992 2108 AFD - ok
20:34:59.0584 2108 AgereSoftModem (aff071b6290776e1fa162837c35eac78) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:35:00.0786 2108 AgereSoftModem - ok
20:35:00.0856 2108 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:35:00.0876 2108 agp440 - ok
20:35:00.0906 2108 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:35:00.0926 2108 agpCPQ - ok
20:35:00.0986 2108 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:35:00.0996 2108 Aha154x - ok
20:35:01.0046 2108 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:35:01.0066 2108 aic78u2 - ok
20:35:01.0106 2108 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:35:01.0136 2108 aic78xx - ok
20:35:01.0367 2108 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:35:01.0457 2108 Alerter - ok
20:35:01.0717 2108 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:35:01.0737 2108 ALG - ok
20:35:01.0807 2108 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
20:35:01.0807 2108 AliIde - ok
20:35:01.0847 2108 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:35:01.0857 2108 alim1541 - ok
20:35:01.0938 2108 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:35:01.0958 2108 amdagp - ok
20:35:01.0988 2108 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
20:35:01.0988 2108 amsint - ok
20:35:02.0048 2108 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:35:02.0048 2108 ANC - ok
20:35:02.0769 2108 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:35:02.0829 2108 Apple Mobile Device - ok
20:35:02.0959 2108 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:35:03.0019 2108 AppMgmt - ok
20:35:03.0460 2108 AR5211 (655d16ae3156986eba366a50dc2696d3) C:\WINDOWS\system32\DRIVERS\ar5211.sys
20:35:03.0640 2108 AR5211 - ok
20:35:03.0720 2108 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:35:03.0740 2108 Arp1394 - ok
20:35:03.0810 2108 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
20:35:03.0820 2108 asc - ok
20:35:03.0840 2108 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:35:03.0850 2108 asc3350p - ok
20:35:03.0880 2108 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:35:03.0890 2108 asc3550 - ok
20:35:04.0061 2108 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:35:04.0131 2108 aspnet_state - ok
20:35:04.0151 2108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:35:04.0161 2108 AsyncMac - ok
20:35:04.0361 2108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:35:04.0361 2108 atapi - ok
20:35:04.0371 2108 Atdisk - ok
20:35:04.0571 2108 Ati HotKey Poller (bf997dfd2969902d9f7b983c1ba95811) C:\WINDOWS\system32\Ati2evxx.exe
20:35:04.0712 2108 Ati HotKey Poller - ok
20:35:05.0312 2108 ati2mtag (5719f857136ee618f6ec7a5ccd9fb7ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:35:05.0743 2108 ati2mtag - ok
20:35:05.0803 2108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:35:05.0833 2108 Atmarpc - ok
20:35:05.0913 2108 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:35:05.0933 2108 AudioSrv - ok
20:35:05.0993 2108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:35:05.0993 2108 audstub - ok
20:35:06.0053 2108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:35:06.0053 2108 Beep - ok
20:35:06.0795 2108 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:35:06.0945 2108 BITS - ok
20:35:07.0145 2108 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
20:35:07.0285 2108 Bonjour Service - ok
20:35:07.0365 2108 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:35:07.0395 2108 Browser - ok
20:35:07.0576 2108 CAAMSvc (684b1485fa8288b59830d5329198545c) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
20:35:07.0656 2108 CAAMSvc - ok
20:35:07.0796 2108 CaCCProvSP (103f57902c7a2ecdbf202b978d4546f7) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
20:35:07.0896 2108 CaCCProvSP - ok
20:35:08.0016 2108 CAISafe (dcd93f9e17bfa3e0918f2409994cae40) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
20:35:08.0106 2108 CAISafe - ok
20:35:08.0207 2108 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:35:08.0207 2108 cbidf - ok
20:35:08.0227 2108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:35:08.0227 2108 cbidf2k - ok
20:35:08.0948 2108 ccSchedulerSVC (0d69535784e075175ffa87c0d51a98f1) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
20:35:09.0028 2108 ccSchedulerSVC - ok
20:35:09.0078 2108 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:35:09.0088 2108 cd20xrnt - ok
20:35:09.0118 2108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:35:09.0128 2108 Cdaudio - ok
20:35:09.0208 2108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:35:09.0238 2108 Cdfs - ok
20:35:09.0278 2108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:35:09.0308 2108 Cdrom - ok
20:35:09.0308 2108 Changer - ok
20:35:09.0368 2108 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:35:09.0368 2108 CiSvc - ok
20:35:09.0418 2108 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:35:09.0438 2108 ClipSrv - ok
20:35:09.0589 2108 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:09.0749 2108 clr_optimization_v2.0.50727_32 - ok
20:35:09.0809 2108 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:35:09.0809 2108 CmBatt - ok
20:35:09.0869 2108 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:35:09.0869 2108 CmdIde - ok
20:35:09.0899 2108 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:35:09.0899 2108 Compbatt - ok
20:35:09.0909 2108 COMSysApp - ok
20:35:09.0949 2108 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:35:09.0959 2108 Cpqarray - ok
20:35:10.0039 2108 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:35:10.0069 2108 CryptSvc - ok
20:35:10.0169 2108 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:35:10.0240 2108 dac2w2k - ok
20:35:10.0260 2108 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:35:10.0270 2108 dac960nt - ok
20:35:10.0500 2108 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:35:10.0650 2108 DcomLaunch - ok
20:35:10.0750 2108 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:35:10.0800 2108 Dhcp - ok
20:35:10.0870 2108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:35:10.0890 2108 Disk - ok
20:35:10.0900 2108 dmadmin - ok
20:35:12.0032 2108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:35:12.0373 2108 dmboot - ok
20:35:12.0473 2108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:35:12.0523 2108 dmio - ok
20:35:12.0583 2108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:35:12.0593 2108 dmload - ok
20:35:12.0653 2108 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:35:12.0663 2108 dmserver - ok
20:35:12.0713 2108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:35:12.0733 2108 DMusic - ok
20:35:12.0803 2108 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:35:12.0823 2108 Dnscache - ok
20:35:12.0933 2108 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:35:12.0983 2108 Dot3svc - ok
20:35:13.0024 2108 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:35:13.0034 2108 dpti2o - ok
20:35:13.0054 2108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:35:13.0054 2108 drmkaud - ok
20:35:13.0144 2108 drvmcdb (d078ee6ab06a6cdd3849d9b93ddf1ca5) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:35:13.0174 2108 drvmcdb - ok
20:35:13.0254 2108 drvnddm (cf3281bf00e13de8337fbd0cfaadbee9) C:\WINDOWS\system32\drivers\drvnddm.sys
20:35:13.0274 2108 drvnddm - ok
20:35:13.0394 2108 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:35:13.0474 2108 E100B - ok
20:35:13.0554 2108 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:35:13.0564 2108 EapHost - ok
20:35:13.0634 2108 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:35:13.0644 2108 ERSvc - ok
20:35:13.0745 2108 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:35:13.0795 2108 Eventlog - ok
20:35:13.0955 2108 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:35:14.0055 2108 EventSystem - ok
20:35:14.0165 2108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:35:14.0265 2108 Fastfat - ok
20:35:14.0876 2108 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:35:14.0926 2108 FastUserSwitchingCompatibility - ok
20:35:14.0966 2108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:35:14.0976 2108 Fdc - ok
20:35:15.0016 2108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:35:15.0036 2108 Fips - ok
20:35:15.0056 2108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:35:15.0066 2108 Flpydisk - ok
20:35:15.0147 2108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:35:15.0237 2108 FltMgr - ok
20:35:15.0277 2108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:35:15.0287 2108 Fs_Rec - ok
20:35:15.0367 2108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:35:15.0417 2108 Ftdisk - ok
20:35:15.0457 2108 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:35:15.0467 2108 GEARAspiWDM - ok
20:35:15.0517 2108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:35:15.0597 2108 Gpc - ok
20:35:15.0767 2108 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:15.0767 2108 gupdate - ok
20:35:15.0777 2108 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:15.0777 2108 gupdatem - ok
20:35:15.0898 2108 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:35:15.0908 2108 helpsvc - ok
20:35:15.0978 2108 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:35:15.0988 2108 HidServ - ok
20:35:16.0048 2108 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:35:16.0058 2108 HidUsb - ok
20:35:16.0138 2108 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:35:16.0158 2108 hkmsvc - ok
20:35:16.0238 2108 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
20:35:16.0258 2108 hpn - ok
20:35:16.0298 2108 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
20:35:16.0318 2108 HTCAND32 - ok
20:35:16.0368 2108 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
20:35:16.0378 2108 htcnprot - ok
20:35:16.0529 2108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:35:16.0639 2108 HTTP - ok
20:35:16.0699 2108 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:35:16.0709 2108 HTTPFilter - ok
20:35:16.0729 2108 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:35:16.0739 2108 i2omgmt - ok
20:35:16.0779 2108 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:35:16.0789 2108 i2omp - ok
20:35:16.0839 2108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:35:16.0869 2108 i8042prt - ok
20:35:16.0929 2108 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:35:16.0949 2108 IBMPMDRV - ok
20:35:16.0979 2108 IBMPMSVC (495f184a29b80b51735bcee91d84fe8f) C:\WINDOWS\system32\ibmpmsvc.exe
20:35:16.0999 2108 IBMPMSVC - ok
20:35:17.0039 2108 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
20:35:17.0039 2108 IBMTPCHK - ok
20:35:17.0240 2108 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:35:17.0280 2108 IDriverT - ok
20:35:17.0320 2108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:35:17.0340 2108 Imapi - ok
20:35:17.0450 2108 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:35:17.0510 2108 ImapiService - ok
20:35:17.0560 2108 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:35:17.0570 2108 ini910u - ok
20:35:17.0600 2108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:35:17.0600 2108 IntelIde - ok
20:35:17.0660 2108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:35:17.0680 2108 intelppm - ok
20:35:17.0720 2108 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:35:17.0730 2108 ip6fw - ok
20:35:17.0800 2108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:35:17.0810 2108 IpFilterDriver - ok
20:35:17.0860 2108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:35:17.0870 2108 IpInIp - ok
20:35:17.0981 2108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:35:18.0041 2108 IpNat - ok
20:35:19.0032 2108 iPod Service (62937a89470af8ff172f0980ca8aefc9) C:\Program Files\iPod\bin\iPodService.exe
20:35:19.0242 2108 iPod Service - ok
20:35:19.0313 2108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:35:19.0343 2108 IPSec - ok
20:35:19.0393 2108 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:35:19.0433 2108 irda - ok
20:35:19.0463 2108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:35:19.0463 2108 IRENUM - ok
20:35:19.0523 2108 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
20:35:19.0543 2108 Irmon - ok
20:35:19.0593 2108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:35:19.0623 2108 isapnp - ok
20:35:19.0663 2108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:35:19.0673 2108 Kbdclass - ok
20:35:19.0773 2108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:35:19.0843 2108 kmixer - ok
20:35:19.0913 2108 KmxAgent (e47f14be186a4f52fcc7408e328e5d05) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
20:35:19.0953 2108 KmxAgent - ok
20:35:20.0064 2108 KmxAMRT (dbe10508574482bb52c9a75a54c9d306) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
20:35:20.0124 2108 KmxAMRT - ok
20:35:20.0314 2108 KmxCfg (ebbc74b243a683f7f9b71c764851c3f6) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
20:35:20.0444 2108 KmxCfg - ok
20:35:20.0514 2108 KmxStart (1586d02325159caa68cb02e3d9c1aa65) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
20:35:20.0564 2108 KmxStart - ok
20:35:20.0644 2108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:35:20.0685 2108 KSecDD - ok
20:35:20.0785 2108 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:35:20.0955 2108 lanmanserver - ok
20:35:21.0576 2108 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:35:21.0626 2108 lanmanworkstation - ok
20:35:21.0646 2108 lbrtfdc - ok
20:35:22.0447 2108 LevelReaderService (2cb054f41f80a46d0aaab0ccd222cfc1) C:\SMLLevel\SMLLevel.exe
20:35:23.0098 2108 LevelReaderService - ok
20:35:23.0589 2108 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:35:23.0589 2108 LmHosts - ok
20:35:23.0929 2108 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
20:35:24.0170 2108 ltmodem5 - ok
20:35:24.0230 2108 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
20:35:24.0240 2108 MBAMProtector - ok
20:35:24.0620 2108 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:35:24.0871 2108 MBAMService - ok
20:35:24.0941 2108 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:35:24.0961 2108 Messenger - ok
20:35:25.0021 2108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:35:25.0021 2108 mnmdd - ok
20:35:25.0091 2108 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:35:25.0101 2108 mnmsrvc - ok
20:35:25.0161 2108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:35:25.0171 2108 Modem - ok
20:35:25.0211 2108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:35:25.0231 2108 Mouclass - ok
20:35:25.0301 2108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:35:25.0301 2108 mouhid - ok
20:35:25.0351 2108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:35:25.0371 2108 MountMgr - ok
20:35:25.0471 2108 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:35:25.0521 2108 MozillaMaintenance - ok
20:35:25.0562 2108 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:35:25.0572 2108 mraid35x - ok
20:35:25.0702 2108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:35:25.0772 2108 MRxDAV - ok
20:35:26.0002 2108 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:35:26.0172 2108 MRxSmb - ok
20:35:26.0273 2108 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:35:26.0283 2108 MSDTC - ok
20:35:26.0323 2108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:35:26.0333 2108 Msfs - ok
20:35:26.0353 2108 MSIServer - ok
20:35:26.0383 2108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:35:26.0393 2108 MSKSSRV - ok
20:35:26.0433 2108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:35:26.0433 2108 MSPCLOCK - ok
20:35:26.0473 2108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:35:26.0483 2108 MSPQM - ok
20:35:26.0553 2108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:35:26.0563 2108 mssmbios - ok
20:35:26.0683 2108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:35:26.0723 2108 Mup - ok
20:35:26.0783 2108 NAL (ab7cc5ddfa1557bab312e12abb6a5158) C:\WINDOWS\system32\Drivers\iqvw32.sys
20:35:26.0793 2108 NAL - ok
20:35:26.0964 2108 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:35:27.0084 2108 napagent - ok
20:35:27.0174 2108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:35:27.0244 2108 NDIS - ok
20:35:27.0274 2108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:35:27.0284 2108 NdisTapi - ok
20:35:27.0334 2108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:35:27.0334 2108 Ndisuio - ok
20:35:27.0394 2108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:35:27.0424 2108 NdisWan - ok
20:35:27.0494 2108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:35:27.0504 2108 NDProxy - ok
20:35:27.0544 2108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:35:27.0564 2108 NetBIOS - ok
20:35:27.0655 2108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:35:27.0715 2108 NetBT - ok
20:35:27.0825 2108 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:35:27.0875 2108 NetDDE - ok
20:35:27.0885 2108 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:35:27.0885 2108 NetDDEdsdm - ok
20:35:27.0925 2108 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:35:27.0935 2108 Netlogon - ok
20:35:28.0055 2108 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:35:28.0135 2108 Netman - ok
20:35:28.0366 2108 NetSvc (d3376ecfdde375d86554074d5645d38e) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
20:35:28.0426 2108 NetSvc - ok
20:35:28.0476 2108 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:35:28.0526 2108 NIC1394 - ok
20:35:28.0686 2108 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:35:28.0776 2108 Nla - ok
20:35:28.0856 2108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:35:28.0866 2108 Npfs - ok
20:35:28.0896 2108 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:35:28.0906 2108 NSCIRDA - ok
20:35:29.0277 2108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:35:29.0537 2108 Ntfs - ok
20:35:29.0597 2108 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:35:29.0607 2108 NtLmSsp - ok
20:35:29.0848 2108 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:35:30.0008 2108 NtmsSvc - ok
20:35:30.0078 2108 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:35:30.0088 2108 NuidFltr - ok
20:35:30.0138 2108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:35:30.0138 2108 Null - ok
20:35:30.0188 2108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:35:30.0198 2108 NwlnkFlt - ok
20:35:30.0248 2108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:35:30.0258 2108 NwlnkFwd - ok
20:35:30.0348 2108 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:35:30.0378 2108 ohci1394 - ok
20:35:30.0429 2108 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
20:35:30.0449 2108 P3 - ok
20:35:30.0519 2108 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
20:35:30.0529 2108 PalmUSBD - ok
20:35:30.0599 2108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:35:30.0629 2108 Parport - ok
20:35:30.0659 2108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:35:30.0669 2108 PartMgr - ok
20:35:30.0739 2108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:35:30.0739 2108 ParVdm - ok
20:35:30.0899 2108 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:35:30.0939 2108 PassThru Service - ok
20:35:30.0949 2108 PcdrNdisuio - ok
20:35:31.0049 2108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:35:31.0079 2108 PCI - ok
20:35:31.0100 2108 PCIDump - ok
20:35:31.0120 2108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:35:31.0120 2108 PCIIde - ok
20:35:31.0200 2108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:35:31.0340 2108 Pcmcia - ok
20:35:31.0360 2108 PDCOMP - ok
20:35:31.0370 2108 PDFRAME - ok
20:35:31.0390 2108 PDRELI - ok
20:35:31.0410 2108 PDRFRAME - ok
20:35:31.0480 2108 pelmouse (03f37bebd1f699b12304c4aeeedc0fae) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
20:35:31.0490 2108 pelmouse - ok
20:35:31.0520 2108 pelps2m (efaf54987ca0102481753363b0759dda) C:\WINDOWS\system32\DRIVERS\pelps2m.sys
20:35:31.0530 2108 pelps2m - ok
20:35:31.0580 2108 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
20:35:31.0600 2108 perc2 - ok
20:35:31.0610 2108 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:35:31.0620 2108 perc2hib - ok
20:35:31.0740 2108 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:35:31.0740 2108 PlugPlay - ok
20:35:31.0760 2108 PMEM - ok
20:35:31.0831 2108 pnetmdm (750318586b5ea1e7f48e2dbe54074c7e) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
20:35:31.0841 2108 pnetmdm - ok
20:35:31.0911 2108 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:35:31.0911 2108 PolicyAgent - ok
20:35:31.0991 2108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:35:32.0011 2108 PptpMiniport - ok
20:35:32.0051 2108 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:35:32.0061 2108 Processor - ok
20:35:32.0081 2108 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:35:32.0091 2108 ProtectedStorage - ok
20:35:32.0161 2108 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
20:35:32.0171 2108 psadd - ok
20:35:32.0231 2108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:35:32.0281 2108 PSched - ok
20:35:32.0361 2108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:35:32.0371 2108 Ptilink - ok
20:35:32.0431 2108 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:35:32.0441 2108 PxHelp20 - ok
20:35:32.0522 2108 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:35:32.0532 2108 ql1080 - ok
20:35:32.0592 2108 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:35:32.0602 2108 Ql10wnt - ok
20:35:32.0652 2108 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:35:32.0672 2108 ql12160 - ok
20:35:32.0722 2108 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:35:32.0742 2108 ql1240 - ok
20:35:32.0782 2108 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:35:32.0802 2108 ql1280 - ok
20:35:32.0832 2108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:35:32.0832 2108 RasAcd - ok
20:35:32.0932 2108 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:35:32.0962 2108 RasAuto - ok
20:35:33.0002 2108 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:35:33.0012 2108 Rasirda - ok
20:35:33.0062 2108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:35:33.0082 2108 Rasl2tp - ok
20:35:33.0223 2108 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:35:33.0313 2108 RasMan - ok
20:35:33.0373 2108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:35:33.0393 2108 RasPppoe - ok
20:35:33.0423 2108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:35:33.0433 2108 Raspti - ok
20:35:33.0543 2108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:35:33.0603 2108 Rdbss - ok
20:35:33.0633 2108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:35:33.0633 2108 RDPCDD - ok
20:35:33.0753 2108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:35:33.0833 2108 rdpdr - ok
20:35:33.0964 2108 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:35:34.0014 2108 RDPWD - ok
20:35:34.0124 2108 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:35:34.0174 2108 RDSessMgr - ok
20:35:34.0244 2108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:35:34.0284 2108 redbook - ok
20:35:34.0374 2108 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:35:34.0394 2108 RemoteAccess - ok
20:35:34.0474 2108 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:35:34.0504 2108 RemoteRegistry - ok
20:35:34.0544 2108 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:35:34.0554 2108 ROOTMODEM - ok
20:35:34.0625 2108 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:35:34.0665 2108 RpcLocator - ok
20:35:34.0865 2108 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:35:34.0875 2108 RpcSs - ok
20:35:34.0995 2108 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:35:35.0045 2108 RSVP - ok
20:35:35.0125 2108 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
20:35:35.0155 2108 S3SSavage - ok
20:35:35.0225 2108 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:35:35.0225 2108 SamSs - ok
20:35:35.0346 2108 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:35:35.0386 2108 SCardSvr - ok
20:35:35.0496 2108 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:35:35.0566 2108 Schedule - ok
20:35:35.0636 2108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:35:35.0646 2108 Secdrv - ok
20:35:35.0686 2108 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:35:35.0696 2108 seclogon - ok
20:35:35.0746 2108 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:35:35.0766 2108 SENS - ok
20:35:35.0826 2108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:35:35.0836 2108 serenum - ok
20:35:35.0876 2108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:35:35.0906 2108 Serial - ok
20:35:35.0926 2108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:35:35.0926 2108 Sfloppy - ok
20:35:36.0047 2108 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:35:36.0057 2108 ShellHWDetection - ok
20:35:36.0067 2108 Simbad - ok
20:35:36.0127 2108 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:35:36.0147 2108 sisagp - ok
20:35:36.0177 2108 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
20:35:36.0187 2108 Smapint - ok
20:35:36.0367 2108 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
20:35:36.0447 2108 smwdm - ok
20:35:36.0487 2108 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:35:36.0497 2108 SONYPVU1 - ok
20:35:36.0657 2108 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
20:35:36.0678 2108 SoundMAX Agent Service (default) - ok
20:35:36.0738 2108 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:35:36.0748 2108 Sparrow - ok
20:35:36.0808 2108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:35:36.0808 2108 splitter - ok
20:35:36.0898 2108 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:35:36.0928 2108 Spooler - ok
20:35:36.0978 2108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:35:37.0018 2108 sr - ok
20:35:37.0138 2108 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:35:37.0198 2108 srservice - ok
20:35:37.0389 2108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:35:37.0519 2108 Srv - ok
20:35:37.0589 2108 sscdbhk5 (1c55ecbdeaa473d904bf651e4afd69cd) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:35:37.0589 2108 sscdbhk5 - ok
20:35:37.0649 2108 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:35:37.0679 2108 SSDPSRV - ok
20:35:37.0719 2108 ssrtln (05b851a76942004cdb93711ae81efb85) C:\WINDOWS\system32\drivers\ssrtln.sys
20:35:37.0729 2108 ssrtln - ok
20:35:37.0919 2108 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:35:38.0050 2108 stisvc - ok
20:35:38.0170 2108 SUService (b384a999c5326ba7bc940347a26fc0b9) C:\Program Files\Lenovo\System Update\SUService.exe
20:35:38.0180 2108 SUService - ok
20:35:38.0240 2108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:35:38.0240 2108 swenum - ok
20:35:38.0310 2108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:35:38.0340 2108 swmidi - ok
20:35:38.0360 2108 SwPrv - ok
20:35:38.0420 2108 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:35:38.0430 2108 symc810 - ok
20:35:38.0490 2108 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:35:38.0500 2108 symc8xx - ok
20:35:38.0550 2108 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:35:38.0560 2108 sym_hi - ok
20:35:38.0620 2108 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:35:38.0640 2108 sym_u3 - ok
20:35:38.0781 2108 SynTP (31801b16a0da62afa55e49f1e4c16045) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:35:38.0871 2108 SynTP - ok
20:35:38.0921 2108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:35:38.0941 2108 sysaudio - ok
20:35:39.0031 2108 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:35:39.0071 2108 SysmonLog - ok
20:35:39.0211 2108 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:35:39.0301 2108 TapiSrv - ok
20:35:39.0532 2108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:35:39.0662 2108 Tcpip - ok
20:35:39.0722 2108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:35:39.0732 2108 TDPIPE - ok
20:35:39.0762 2108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:35:39.0772 2108 TDTCP - ok
20:35:39.0832 2108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:35:39.0842 2108 TermDD - ok
20:35:40.0022 2108 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:35:40.0143 2108 TermService - ok
20:35:40.0223 2108 tfsnboio (0f06f074c738e624f087c5bec75a95fd) C:\WINDOWS\system32\dla\tfsnboio.sys
20:35:40.0233 2108 tfsnboio - ok
20:35:40.0273 2108 tfsncofs (d67f3442e3bff5fa2e9464d5e95c655a) C:\WINDOWS\system32\dla\tfsncofs.sys
20:35:40.0293 2108 tfsncofs - ok
20:35:40.0343 2108 tfsndrct (a7ce3679ec434870501d75bfa175e397) C:\WINDOWS\system32\dla\tfsndrct.sys
20:35:40.0343 2108 tfsndrct - ok
20:35:40.0373 2108 tfsndres (6e96fa2a4cb5b37e1518cb268fb4215a) C:\WINDOWS\system32\dla\tfsndres.sys
20:35:40.0383 2108 tfsndres - ok
20:35:40.0433 2108 tfsnifs (3237b2fe8fa056351adc192d4ec0aee4) C:\WINDOWS\system32\dla\tfsnifs.sys
20:35:40.0463 2108 tfsnifs - ok
20:35:40.0493 2108 tfsnopio (61739dba47ce3010b402c3f9b823a60b) C:\WINDOWS\system32\dla\tfsnopio.sys
20:35:40.0503 2108 tfsnopio - ok
20:35:40.0523 2108 tfsnpool (2d9700de3a7872f4608369d208accfa7) C:\WINDOWS\system32\dla\tfsnpool.sys
20:35:40.0523 2108 tfsnpool - ok
20:35:40.0593 2108 tfsnudf (bbe177f773ddc405645d1fc39bed6e87) C:\WINDOWS\system32\dla\tfsnudf.sys
20:35:40.0623 2108 tfsnudf - ok
20:35:40.0693 2108 tfsnudfa (ddc0652bf85b60e1920e77b76b7f48bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:35:40.0723 2108 tfsnudfa - ok
20:35:40.0844 2108 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:35:40.0854 2108 Themes - ok
20:35:41.0274 2108 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:35:41.0535 2108 ThinkVantage Registry Monitor Service - ok
20:35:41.0615 2108 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
20:35:41.0655 2108 TlntSvr - ok
20:35:41.0875 2108 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
20:35:41.0875 2108 TosIde - ok
20:35:41.0945 2108 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
20:35:41.0955 2108 TPHKDRV - ok
20:35:42.0035 2108 TPPWR (8d6678aaab7ca42a71999e7b931cdf1d) C:\WINDOWS\system32\drivers\Tppwr.sys
20:35:42.0045 2108 TPPWR - ok
20:35:42.0155 2108 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:35:42.0195 2108 TrkWks - ok
20:35:43.0177 2108 TVT Scheduler (7f6be574d93f68894e0b4ed33538bf79) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
20:35:43.0618 2108 TVT Scheduler - ok
20:35:43.0798 2108 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
20:35:43.0808 2108 TwoTrack - ok
20:35:43.0928 2108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:35:43.0948 2108 Udfs - ok
20:35:43.0998 2108 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
20:35:44.0008 2108 ultra - ok
20:35:44.0499 2108 UmxEngine (a6d4800135180ebb6582768c4981a193) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
20:35:44.0749 2108 UmxEngine - ok
20:35:44.0959 2108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:35:45.0110 2108 Update - ok
20:35:45.0210 2108 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:35:45.0280 2108 upnphost - ok
20:35:45.0340 2108 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:35:45.0350 2108 UPS - ok
20:35:45.0420 2108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:35:45.0430 2108 usbccgp - ok
20:35:45.0480 2108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:35:45.0490 2108 usbehci - ok
20:35:45.0580 2108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:35:45.0610 2108 usbhub - ok
20:35:45.0680 2108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:35:45.0690 2108 usbscan - ok
20:35:45.0751 2108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:35:45.0761 2108 USBSTOR - ok
20:35:45.0801 2108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:35:45.0811 2108 usbuhci - ok
20:35:45.0881 2108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:35:45.0901 2108 VgaSave - ok
20:35:45.0951 2108 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:35:45.0971 2108 viaagp - ok
20:35:46.0011 2108 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:35:46.0021 2108 ViaIde - ok
20:35:46.0081 2108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:35:46.0101 2108 VolSnap - ok
20:35:46.0281 2108 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:35:46.0442 2108 VSS - ok
20:35:46.0542 2108 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:35:46.0612 2108 W32Time - ok
20:35:46.0662 2108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:35:46.0682 2108 Wanarp - ok
20:35:46.0892 2108 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:35:47.0062 2108 Wdf01000 - ok
20:35:47.0082 2108 WDICA - ok
20:35:47.0153 2108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:35:47.0183 2108 wdmaud - ok
20:35:47.0233 2108 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:35:47.0263 2108 WebClient - ok
20:35:47.0463 2108 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:35:47.0513 2108 winmgmt - ok
20:35:47.0613 2108 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:35:47.0623 2108 WinUSB - ok
20:35:47.0693 2108 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:35:47.0703 2108 WmdmPmSN - ok
20:35:48.0014 2108 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:35:48.0244 2108 Wmi - ok
20:35:48.0344 2108 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:35:48.0394 2108 WmiApSrv - ok
20:35:48.0965 2108 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:35:49.0346 2108 WMPNetworkSvc - ok
20:35:49.0496 2108 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:35:49.0516 2108 WpdUsb - ok
20:35:49.0546 2108 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:35:49.0556 2108 WS2IFSL - ok
20:35:49.0656 2108 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:35:49.0696 2108 wscsvc - ok
20:35:49.0726 2108 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:35:49.0736 2108 wuauserv - ok
20:35:49.0826 2108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:35:49.0856 2108 WudfPf - ok
20:35:49.0927 2108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:35:49.0967 2108 WudfRd - ok
20:35:50.0027 2108 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:35:50.0047 2108 WudfSvc - ok
20:35:50.0307 2108 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:35:50.0497 2108 WZCSVC - ok
20:35:50.0628 2108 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:35:50.0678 2108 xmlprov - ok
20:35:50.0738 2108 MBR (0x1B8) (ab67d479e4ee1ccad757294b60ddb98f) \Device\Harddisk0\DR0
20:35:51.0489 2108 \Device\Harddisk0\DR0 - ok
20:35:51.0509 2108 Boot (0x1200) (e6d9a2ad238fa5c15bab584cc33794fa) \Device\Harddisk0\DR0\Partition0
20:35:51.0509 2108 \Device\Harddisk0\DR0\Partition0 - ok
20:35:51.0509 2108 ============================================================
20:35:51.0509 2108 Scan finished
20:35:51.0509 2108 ============================================================
20:35:51.0549 3928 Detected object count: 0
20:35:51.0549 3928 Actual detected object count: 0

#9 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 July 2012 - 07:59 PM

Running aswMBR now...will post results shortly.

In the meantime, I wanted to post the results of the Malwarebytes Anti-Malware scan that I ran right after my first post.

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Shawn :: SHAWNS-THINKPAD [administrator]

Protection: Enabled

7/1/2012 7:25:39 PM
mbam-log-2012-07-01 (19-25-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250153
Time elapsed: 26 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Shawn\Local Settings\Application Data\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\assembly\GAC\delme.now (Trojan.0access) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\WINDOWS\Installer\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

#10 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 July 2012 - 08:40 PM

aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 20:38:28
-----------------------------
20:38:28.935 OS Version: Windows 5.1.2600 Service Pack 3
20:38:28.935 Number of processors: 1 586 0x209
20:38:28.935 ComputerName: SHAWNS-THINKPAD UserName: Shawn
20:38:30.528 Initialize success
20:40:16.820 AVAST engine defs: 12070501
20:41:26.370 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:41:26.370 Disk 0 Vendor: Hitachi_HTS541680J9AT00 SB2OA70H Size: 73832MB BusType: 3
20:41:26.400 Disk 0 MBR read successfully
20:41:26.400 Disk 0 MBR scan
20:41:26.491 Disk 0 unknown MBR code
20:41:26.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 73828 MB offset 63
20:41:26.521 Disk 0 scanning sectors +151200000
20:41:26.661 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:05.947 Service scanning
20:42:58.723 Modules scanning
20:43:19.603 Disk 0 trace - called modules:
20:43:19.633 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys rdbss.sys
20:43:19.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f20ab8]
20:43:19.643 3 CLASSPNP.SYS[f7562fd7] -> nt!IofCallDriver -> \Device\0000007f[0x86f479e8]
20:43:19.874 5 ACPI.sys[f74d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f7bd98]
20:43:21.496 AVAST engine scan C:\WINDOWS
20:43:51.789 AVAST engine scan C:\WINDOWS\system32
20:52:27.321 AVAST engine scan C:\WINDOWS\system32\drivers
20:53:13.577 AVAST engine scan C:\Documents and Settings\Shawn
21:09:22.200 File: C:\Documents and Settings\Shawn\Local Settings\Application Data\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\n **INFECTED** Win32:Malware-gen
21:11:40.259 AVAST engine scan C:\Documents and Settings\All Users
21:28:16.501 Scan finished successfully
21:40:22.936 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shawn\Desktop\Malware Fight\MBR.dat"
21:40:22.966 The log file has been saved successfully to "C:\Documents and Settings\Shawn\Desktop\Malware Fight\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 05 July 2012 - 09:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 07 July 2012 - 11:31 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 08 July 2012 - 09:47 PM

The OTL link you gave leads to a "503 Service Unavailable" page.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 08 July 2012 - 09:57 PM

Greeting

yes they seem to have a problem so lets check it tomarrow


grinbgo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Aokansei

Aokansei
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 10 July 2012 - 05:11 PM

I got OTL to run.

OTL.txt:
OTL logfile created on: 7/10/2012 5:37:46 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Shawn\Desktop\Malware Fight
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.86 Mb Total Physical Memory | 348.57 Mb Available Physical Memory | 34.08% Memory free
2.41 Gb Paging File | 1.87 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.10 Gb Total Space | 25.14 Gb Free Space | 34.88% Space Free | Partition Type: NTFS

Computer Name: SHAWNS-THINKPAD | User Name: Shawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Shawn\Desktop\Malware Fight\OTL.exe (OldTimer Tools)
PRC - C:\Internet\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Internet\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Internet\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Internet\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Internet\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\SQLite3.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthMSVC6.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthExtDLL.dll ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
MOD - C:\WINDOWS\system32\tphklock.dll ()
MOD - C:\WINDOWS\system32\acs.exe ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (CAAMSvc) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (UmxEngine) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
SRV - (LevelReaderService) -- C:\SMLLevel\SMLLevel.exe ()
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KmxAMRT) -- C:\WINDOWS\system32\drivers\KmxAMRT.sys (Total Defense)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\system32\drivers\KmxStart.sys (CA)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (pnetmdm) -- C:\WINDOWS\system32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (pelps2m) -- C:\WINDOWS\system32\drivers\pelps2m.sys (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMouse.SYS (Primax Electronics Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-603003810-3578206407-1438391354-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-603003810-3578206407-1438391354-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-603003810-3578206407-1438391354-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autocompletePopupMinWidth: 300
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.maxwidth: 1000
FF - prefs.js..browser.search.minwidth: 300
FF - prefs.js..browser.search.skipWizard: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ecotton.com/"
FF - prefs.js..extensions.enabledItems: {5CB1C342-C68F-4af7-BC21-17D5C2E0C5BF}:1.0.1
FF - prefs.js..extensions.enabledItems: CustomButtons2@cbtnext.org:3.1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.7
FF - prefs.js..extensions.enabledItems: {305cdad7-3fd0-c3df-5947-68e5318f5a1c}:1.78
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {210249CE-F888-11DD-B868-4CB456D89593}:3.0.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.8.2
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Internet\Mozilla Firefox\components [2012/07/01 20:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Internet\Mozilla Firefox\plugins [2012/07/09 14:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Internet\Mozilla Thunderbird\components [2012/07/01 20:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Internet\Mozilla Thunderbird\plugins

[2009/12/21 20:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Extensions
[2009/12/21 20:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/01 20:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions
[2010/03/11 19:58:11 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/09/10 21:14:16 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2012/07/01 21:05:29 | 000,000,000 | ---D | M] (SearchBox Companion) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{305cdad7-3fd0-c3df-5947-68e5318f5a1c}
[2010/10/20 20:02:27 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2009/01/22 20:31:47 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/07/23 19:11:16 | 000,000,000 | ---D | M] (Activate Autocomplete) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{5CB1C342-C68F-4af7-BC21-17D5C2E0C5BF}
[2011/05/19 20:58:02 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/07/01 20:45:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/09/17 21:03:54 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2011/06/29 22:40:54 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\extensions\custombuttons@xsms.org
[2009/01/22 20:42:36 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\amazon-mp3-.xml
[2011/12/28 22:17:12 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\appcelerator-developer-qa.xml
[2010/06/11 21:18:50 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\firefox-add-ons.xml
[2010/06/11 21:18:55 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\thunderbird-add-ons.xml
[2011/12/28 22:17:18 | 000,002,066 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\titanium-mobile-all-tickets-open-by-keywords.xml
[2011/12/28 22:17:16 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\ry682y8k.default\searchplugins\titanium-mobile-api.xml
[2011/05/04 19:17:30 | 000,002,052 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHAWN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RY682Y8K.DEFAULT\EXTENSIONS\{F284FBE4-1683-461A-BF0E-F1BC2EF28CBF}.XPI
[2012/02/22 23:22:24 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHAWN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RY682Y8K.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012/07/01 20:45:46 | 000,195,036 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHAWN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RY682Y8K.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2011/12/13 23:55:54 | 000,083,578 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHAWN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RY682Y8K.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2012/07/01 20:45:46 | 000,159,870 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHAWN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RY682Y8K.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

O1 HOSTS File: ([2012/07/01 15:03:26 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] c:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-603003810-3578206407-1438391354-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-603003810-3578206407-1438391354-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} http://lakehousecamera.dyndns.org:8081/XNC600NetCam.cab (XNC600NetCam Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BC1A3D-4A52-40CF-862E-3E55E3C3DA6C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/26 13:02:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 19:20:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/02 19:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/02 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Desktop\Malware Fight
[2012/07/01 20:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/01 20:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/01 19:18:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/01 14:24:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shawn\Start Menu\Programs\Administrative Tools
[2012/07/01 13:02:27 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/01 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/01 12:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/30 14:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/30 14:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/30 14:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/06/30 14:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/25 18:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/25 18:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/25 18:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/14 21:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CA Internet Security Suite
[2012/06/14 21:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2012/06/14 21:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 17:24:09 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 17:23:17 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/10 17:23:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 17:22:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[2012/07/10 17:22:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/10 17:22:45 | 1072,615,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/09 21:34:41 | 000,065,260 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/07/09 21:34:41 | 000,048,169 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2012/07/09 21:34:41 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/07/09 21:34:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/07/02 22:01:15 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\Microsoft Word.lnk
[2012/07/01 17:42:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/01 15:03:26 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/01 14:57:59 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.av.bak
[2012/07/01 14:18:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Shawn\defogger_reenable
[2012/07/01 10:04:10 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/06/30 16:55:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/28 20:47:16 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\Microsoft Excel.lnk
[2012/06/22 23:06:01 | 000,012,037 | ---- | M] () -- C:\SupraChronicle.par
[2012/06/18 13:24:30 | 000,382,926 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\ShawnHeadshot.bmp
[2012/06/14 21:41:50 | 000,130,096 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2012/06/14 21:41:50 | 000,097,328 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2012/06/13 18:12:59 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/12 23:44:56 | 000,398,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 23:44:56 | 000,060,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 23:39:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/11 19:07:34 | 000,113,282 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox3.jpg
[2012/06/11 19:07:23 | 000,122,273 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox2.jpg
[2012/06/11 19:07:11 | 000,102,143 | ---- | M] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox1.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 14:18:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Shawn\defogger_reenable
[2012/07/01 12:13:40 | 1072,615,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/01 10:04:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/06/30 17:06:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/21 19:11:15 | 000,012,037 | ---- | C] () -- C:\SupraChronicle.par
[2012/06/18 13:24:30 | 000,382,926 | ---- | C] () -- C:\Documents and Settings\Shawn\Desktop\ShawnHeadshot.bmp
[2012/06/14 23:13:36 | 000,048,169 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2012/06/14 23:13:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/06/14 23:13:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/06/14 21:01:52 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job
[2012/06/11 19:07:34 | 000,113,282 | ---- | C] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox3.jpg
[2012/06/11 19:07:22 | 000,122,273 | ---- | C] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox2.jpg
[2012/06/11 19:07:09 | 000,102,143 | ---- | C] () -- C:\Documents and Settings\Shawn\Desktop\SupraSubBox1.jpg
[2012/02/16 18:33:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/17 18:40:15 | 000,012,538 | ---- | C] () -- C:\Documents and Settings\Shawn\DVArchive.xml~
[2011/12/17 18:40:15 | 000,012,538 | ---- | C] () -- C:\Documents and Settings\Shawn\DVArchive.xml
[2011/12/17 18:40:15 | 000,011,966 | ---- | C] () -- C:\Documents and Settings\Shawn\DVArchive.xml_2
[2011/12/17 18:40:15 | 000,011,966 | ---- | C] () -- C:\Documents and Settings\Shawn\DVArchive.xml_1
[2010/11/03 17:55:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\BDSShellRes150.dll
[2010/11/03 17:55:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\BDSShellRes.dll
[2009/04/17 21:57:41 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Shawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/24 12:41:59 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Shawn\.plugin141_02.trace
[1980/01/01 04:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Shawn\Local Settings\Application Data\{17d1ab88-d7e2-6ba8-a830-2bbed311a317}\@

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users