Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RE DIRECT ZERO ACCESS ROOTKIT


  • This topic is locked This topic is locked
34 replies to this topic

#1 autocon

autocon

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 August 2012 - 03:42 PM

Problems:
1. infection isusing bandwidth (.01-.02%.)
a. traced to process 1636 running under generic host process for win32 services
1. It seems to be using Remote Address: 192.168.1.1 Port: 5000 Remote Zone: local
Local Address: 192.168.1.4 Port: 3319 Local Zone: local
Local Address: 192.168.1.4 Port: 3320 Local Zone: local
Local Address: 192.168.1.4 Port: 3321 Local Zone: local
keeps changing the port by using the next one.

2. have seen it running under svchost.exe befor GMER.exe caused a hard reboot after running for 3 hours.

3. Using Netlimiter 3 Pro I can stop the bandwith usage by Set Firewall Action deny to process 1636
A. The infection still keeps trying to open the next ports however data is not sent or recived
Example Local Address: 192.168.1.4 Port: 3185 Local Zone: local
Local Address: 192.168.1.4 Port: 3186 Local Zone: local
Local Address: 192.168.1.4 Port: 3187 Local Zone: local
ect.


2. Running combox gives message that the tcp/ip is infected with rootkit zero access

3. serveal files with zero byte showing up in C:\Documents and Settings\Steve Gold\Local Settings\temp
a.Example REG2.tmp, REG3.tmp ~DF334E.tmp ect.

4. Double clicking on files with .zip extentions give this warning
>>>>>


5. I have been working on this for a week now, using the tools at http://www.bleepingcomputer.com


6. things I noticed in log files


Result mini toolbox.txt
========================= Users: =======================================
SUPPORT_388945a0 <<< This is not a user account listed on the win log in screen.



gmer.exe cause a hard reboot after running aprox 3 hours

The system has recovered from a serious error.
>>>insert >>system recover from GMER.exe causing crash.jpg<<<


BCCode : 100000d1 BCP1 : 0000000C BCP2 : 00000005 BCP3 : 00000001
BCP4 : F74A25F7 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\WER75ac.dir00\Mini081312-01.dmp
C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\WER75ac.dir00\sysdata.xm

Both dump files are gone

I attached a partial file from gmer that was cancled after run for an hour.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Steve Gold at 15:37:25 on 2012-08-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1249 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
svchost.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
uRun: [NetLimiter] c:\program files\netlimiter 3\NLClientApp.exe /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
mRun: [\\vpr\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p36 "\\vpr\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [EPSON Stylus Photo R300 Series at //PS-731CA9/U1] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P48 "EPSON Stylus Photo R300 Series at //PS-731CA9/U1" /O2 "U1" /M "Stylus Photo R300"
mRun: [\\PS-731CA9\U1] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p14 "\\ps-731ca9\u1" /o14 "\\ps-731ca9\U1" /M "Stylus Photo R300"
mRun: [DPAgnt] c:\program files\digitalpersona\bin\DPAgnt.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [USB Optical Mouse] "c:\program files\usb optical mouse\usb optical mouse\MouseHid.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
IE: Capture video with Stream-Cloner - c:\program files\stream-cloner\SC_IEOBJ.htm
IE: Download video with Stream-Cloner - c:\program files\stream-cloner\SC_IEOBJ2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: centurylink.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343068159307
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhembma04.mail.gm.com/dwa8W.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0A1AC5D6-899E-4077-B244-6337B8F4D937} : NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{B8A4012F-D08C-4C80-8AA4-19F07FCDD182} : NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{B8A4012F-D08C-4C80-8AA4-19F07FCDD182} : DhcpNameServer = 192.168.1.1
Notify: DPWLN - c:\windows\system32\DPWLEvHd.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli DPPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-8-6 26872]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-10-12 7040]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2011-3-21 5281672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-28 655944]
R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [2009-11-3 2752]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-1-10 44784]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2004-8-4 35584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-28 22344]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2004-8-4 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2009-4-7 140416]
S3 cpuz135;cpuz135;c:\software\pc-wizard_2012.2.1\pcwiz_x32.sys [2012-2-7 24328]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-11 136176]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [2009-10-2 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [2009-10-2 50900]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2009-12-9 15271]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2012-7-4 9472]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-21 14336]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2009-4-20 65664]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-13 16:15:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa3eea04-bafc-4697-9459-db761b03ea62}\offreg.dll
2012-08-13 16:07:12 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa3eea04-bafc-4697-9459-db761b03ea62}\mpengine.dll
2012-08-13 11:52:30 -------- d-----w- c:\documents and settings\steve gold\local settings\application data\Locktime
2012-08-13 11:49:26 -------- d-----w- c:\program files\NetLimiter 3
2012-08-13 11:34:42 -------- d-----w- c:\documents and settings\steve gold\application data\Locktime
2012-08-13 11:33:00 -------- d-----w- c:\documents and settings\all users\application data\Locktime
2012-08-12 16:02:25 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-10 10:08:30 -------- d-----w- c:\documents and settings\steve gold\local settings\application data\Sun
2012-08-10 08:04:47 -------- d-----w- c:\program files\Oracle
2012-08-10 08:04:14 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-10 08:04:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-10 07:46:04 -------- d-----w- c:\program files\VS Revo Group
2012-08-10 07:01:31 -------- d-----w- C:\_OTL
2012-08-09 12:01:07 -------- d-----w- c:\program files\ESET
2012-08-07 02:43:43 256000 ----a-w- c:\windows\PEV.exe
2012-08-07 02:36:56 -------- d-----w- C:\FRST
2012-08-06 04:05:34 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-08-06 04:05:34 -------- d-----w- c:\documents and settings\steve gold\application data\FixTDSS
2012-08-05 11:07:41 -------- d-----w- c:\documents and settings\all users\application data\Windows Home Server
2012-08-04 00:36:28 -------- d-----w- c:\documents and settings\steve gold\application data\Roompa
2012-08-04 00:36:28 -------- d-----w- c:\documents and settings\steve gold\application data\Qiefc
2012-07-30 04:11:17 -------- d-----w- C:\catalog.wci
2012-07-23 21:05:49 -------- d-----w- c:\documents and settings\steve gold\application data\Windows Home Server
2012-07-23 20:57:27 -------- d-----w- c:\program files\Windows Home Server
2012-07-23 20:56:55 15460352 ------w- c:\documents and settings\all users\application data\microsoft\windows home server\WHSConnector.msi
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 15:38:49.64 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-13 10:43:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BD-75LRA0 rev.09.01D09
Running: gmer.exe; Driver: C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\kfkdrpod.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xF79C3380]
? C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1328] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1492] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2280] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040210900063D11C8EF10054038389C\Usage@HandWritingFiles 1091429300

---- EOF - GMER 1.0.15 ----






Attached Files



BC AdBot (Login to Remove)

 


#2 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 August 2012 - 10:00 PM


GMER finished running with out crashing - Took about 4 hours to run.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-13 22:50:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BD-75LRA0 rev.09.01D09
Running: gfgfd1u9.exe; Driver: C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\kfkdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xF79B3380]
? C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[540] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[776] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3096] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...

---- EOF - GMER 1.0.15 ----




#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 18 August 2012 - 03:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465069 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 20 August 2012 - 12:28 AM

2012-08-19

The infection that was is using bandwidth (.01-.02%.) has been eliminated.
pages are nolonger being redirected.

There is still much wrong with the compute.

1: Biggest problem is Microsoft Security Essentials
1. Last week it would fail when updating the virus & spyware defintions for about 2 days,

2. One of the definition was old, I remember a number like 1969)

3. On the 18th It finaly did update it has been slowing the machine down.
a) MsMpEng.exe seems to be using about 90% of the 2nd core and yet the first core is running at 10%.
B) With with real time protection turned off MsMpEng.exe seems to act like it is doing a full scan of all the files.
1. Killing MsMpEng.exe Make the machine respond 10x faster.
2. In fact I have to Kill MsMpEng.exe inorder to get anything to work right.

4. Now updating the virus & spyware defintions take about 10min (befor maybe 2 min)
a) definition created on 2012-08-18 @ 12:56
definition last updated 2012-08-18 @ 10:30
Virus definition version 1.131.233.0
spyware definition version 1.131.233.0
5. on 2012-08-17 @07:15 Microsoft Security Essentials Quarantined TrojanDownloader:ASX/Wimad.DY

2: esetsmartinstaller_enu.exe has been run many time
a. Nothing found


3. mbam.exe has been run many time
a. Nothing found


4. Since the first post
a) I have uninstalled many programs using the Revo uninstaller.
B) ran ComboFix many times
A. ComboFix-quarantined-files 2012-08-14
B. ComboFix Indicates rootkit

5. GMER Locked up computer first run. (took about 5 hours to run 2nd time.. did not create log on own, I had to manualy save it)

I know its stated "do not run any tools unless instructed to do so" however your response time is 5days at bestand for the most part I know what I am doing.

To save time I also ran and posted the following logs

DDS logs
DDS 2012-08-18.txt
DDS attach 2012-08-18.zip
GMER logs
gmer 2012-08-18.log


ziped logs 2012-08-19
SecurityCheck.exe 2012-08-19.txt
SecurityCheck.2012-08-19.txt

TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17 24 05
TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17 24 05.txt

aswMBR.exe version 0.9.9.1665 2012-08-19 19 59 48
aswMBR version 0.9.9.1665 2012-08-19 19 59 48.txt

OTL.exe Version 3.2.58.1 created on 2012-08-19 09 33 33 PM - Run 3
OTL 2012-08-19 09 33 33 PM - Run 3.Txt

ComboFix.exe 2012-08-19 22 15 42.12.2 log.txt
ComboFix.exe 2012-08-15 22 20 21 11 2 log.txt
ComboFix-quarantined-files 2012-08-14 05 26 38.txt


Let me know your thoughts.
Thanks

*`~~~~~~~~~~~~~

DDS 2012-08-18.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Steve Gold at 22:34:57 on 2012-08-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1181 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
svchost.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [NetLimiter] c:\program files\netlimiter 3\NLClientApp.exe /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
mRun: [\\vpr\EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p36 "\\vpr\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [EPSON Stylus Photo R300 Series at //PS-731CA9/U1] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P48 "EPSON Stylus Photo R300 Series at //PS-731CA9/U1" /O2 "U1" /M "Stylus Photo R300"
mRun: [\\PS-731CA9\U1] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2f1.exe /p14 "\\ps-731ca9\u1" /o14 "\\ps-731ca9\U1" /M "Stylus Photo R300"
mRun: [DPAgnt] c:\program files\digitalpersona\bin\DPAgnt.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [USB Optical Mouse] "c:\program files\usb optical mouse\usb optical mouse\MouseHid.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-AL6RF.exe" /REG /REGSVRMODE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Capture video with Stream-Cloner - c:\program files\stream-cloner\SC_IEOBJ.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download video with Stream-Cloner - c:\program files\stream-cloner\SC_IEOBJ2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: centurylink.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343068159307
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhembma04.mail.gm.com/dwa8W.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: Interfaces\{0A1AC5D6-899E-4077-B244-6337B8F4D937} : NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{B8A4012F-D08C-4C80-8AA4-19F07FCDD182} : NameServer = 192.168.1.1,192.168.1.2
Notify: DPWLN - c:\windows\system32\DPWLEvHd.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli DPPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-8-6 26872]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-10-12 7040]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2011-3-21 5281672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-28 655944]
R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [2009-11-3 2752]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-1-10 44784]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2004-8-4 35584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-28 22344]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2004-8-4 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2009-4-7 140416]
S3 cpuz135;cpuz135;c:\software\pc-wizard_2012.2.1\pcwiz_x32.sys [2012-2-7 24328]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-11 136176]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [2009-10-2 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [2009-10-2 50900]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2009-12-9 15271]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2012-7-4 9472]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-21 14336]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2009-4-20 65664]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-19 02:28:31 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72d534b9-f1f1-49fb-82fa-8c9bdd4b5a7c}\mpengine.dll
2012-08-18 04:38:10 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a79f2d0-f632-4778-892c-ea070cdefb95}\mpengine.dll
2012-08-18 04:38:10 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-18 04:02:03 54016 ----a-w- c:\windows\system32\drivers\hrhhcv.sys
2012-08-17 06:45:08 711240 ----a-w- c:\windows\is-AL6RF.exe
2012-08-14 09:14:13 -------- d-----w- c:\documents and settings\steve gold\application data\Silicondust
2012-08-14 09:13:55 -------- d-----w- c:\documents and settings\steve gold\HDHomeRun XBMC TV
2012-08-14 09:13:54 -------- d-----w- c:\documents and settings\all users\application data\Silicondust
2012-08-14 09:08:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-08-14 09:08:14 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2012-08-14 09:07:53 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-08-14 09:07:53 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2012-08-14 09:07:50 56832 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-14 09:07:45 33280 ----a-w- c:\windows\system32\PsisRndr.ax
2012-08-14 09:07:45 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2012-08-14 09:07:45 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2012-08-14 09:07:44 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2012-08-14 08:38:58 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-08-14 08:38:58 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2012-08-14 08:38:56 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-08-14 08:38:55 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2012-08-14 08:38:52 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2012-08-14 08:38:47 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2012-08-14 08:38:41 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2012-08-14 08:38:41 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2012-08-14 08:38:21 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2012-08-14 08:36:43 -------- d-----w- c:\windows\Logs
2012-08-13 20:24:25 -------- d-----w- c:\program files\ieSpell
2012-08-13 11:52:30 -------- d-----w- c:\documents and settings\steve gold\local settings\application data\Locktime
2012-08-13 11:49:26 -------- d-----w- c:\program files\NetLimiter 3
2012-08-13 11:34:42 -------- d-----w- c:\documents and settings\steve gold\application data\Locktime
2012-08-13 11:33:00 -------- d-----w- c:\documents and settings\all users\application data\Locktime
2012-08-10 10:08:30 -------- d-----w- c:\documents and settings\steve gold\local settings\application data\Sun
2012-08-10 08:04:47 -------- d-----w- c:\program files\Oracle
2012-08-10 08:04:14 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-10 08:04:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-10 07:46:04 -------- d-----w- c:\program files\VS Revo Group
2012-08-10 07:01:31 -------- d-----w- C:\_OTL
2012-08-09 12:01:07 -------- d-----w- c:\program files\ESET
2012-08-07 02:43:43 256000 ----a-w- c:\windows\PEV.exe
2012-08-07 02:36:56 -------- d-----w- C:\FRST
2012-08-06 04:05:34 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-08-06 04:05:34 -------- d-----w- c:\documents and settings\steve gold\application data\FixTDSS
2012-08-05 11:07:41 -------- d-----w- c:\documents and settings\all users\application data\Windows Home Server
2012-08-04 00:36:28 -------- d-----w- c:\documents and settings\steve gold\application data\Roompa
2012-08-04 00:36:28 -------- d-----w- c:\documents and settings\steve gold\application data\Qiefc
2012-07-30 04:11:17 -------- d-----w- C:\catalog.wci
2012-07-23 21:05:49 -------- d-----w- c:\documents and settings\steve gold\application data\Windows Home Server
2012-07-23 20:57:27 -------- d-----w- c:\program files\Windows Home Server
2012-07-23 20:56:55 15460352 ------w- c:\documents and settings\all users\application data\microsoft\windows home server\WHSConnector.msi
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 22:43:28.68 ===============



*`~~~~~~~~~~~~~
gmer 2012-08-18.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-19 18:51:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BD-75LRA0 rev.09.01D09
Running: gmer.exe; Driver: C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\kfkdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? hrhhcv.sys The system cannot find the file specified. !
init C:\WINDOWS\System32\drivers\FNETURPX.SYS entry point in "init" section [0xF79E3380]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter 3 TDI driver/Locktime Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed8a9d@0022a9ce2c4a 0xB7 0x3A 0x71 0x99 ...

---- EOF - GMER 1.0.15 ----

See zipped logs 2012-08-19



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:45 PM

Posted 21 August 2012 - 07:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

I know its stated "do not run any tools unless instructed to do so" however your response time is 5days at bestand for the most part I know what I am doing.


5 days is just an indicator and it's actually 6 days at the moment. What may have happened is they read your above statement and decided that as you know what you are doing then you could fix the problem.


How many times have you run Combofix? (Why did you keep running Combofix?)

Can you post the first log that you got from Combofix?

Can you post the first aswMBR log too? I am not going to open a zip file.
Posted Image
m0le is a proud member of UNITE

#6 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 22 August 2012 - 10:42 AM

m0le

>>>"for the most part" This seems to be the exception to the rule.

>>>How many times have you run Combofix?
If you are asking how many times on this machine for the this problem I think about 10 times.
It looks like I ran combofix times on this machine back in 2010-01-25.
Since 2002-06-10 Im guessing my answer to the total number of times I have run combofix as a tool to repair infected conputers would be the same as you, Lost count.

>>>(Why did you keep running Combofix?)
Between Bleeping Computer Forum and Combofix I am usualy able to clean up a infected machine.
Look for changes made to the operating system, somtimes I can tell its going to be faster to just backup and reinstall if there is not many programs on the computer.
In this case experimenting, trying to learn, ect.
Combofix is updated often so there is that too.

>>>Can you post the first log that you got from Combofix?
If you are asking for the first log for this issue along with the Qoobox log. Yes, I have all the logs.
I tried to include them in the post (Seems I knew You would want them) however It said the post was to long... Hence the zip file.

>>>Can you post the first aswMBR log too? Yes

If possible Please inclued some insite as to how you determin the corrective action.

Regards
Steve


ComboFix 12-08-07.02 - Steve Gold 2012-08-07 8:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1349 [GMT -4:00]
Running from: \\Wsm1\Software\google redirect\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 11:35 . 2012-08-07 11:36 -------- d-----w- C:\Windows Home Server Drivers for Restore
2012-08-07 11:19 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22FFA807-8C8F-400C-89AF-B5D192287508}\mpengine.dll
2012-08-07 02:36 . 2012-08-07 02:37 -------- d-----w- C:\FRST
2012-08-06 09:59 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-06 04:05 . 2012-08-06 04:05 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-08-06 04:05 . 2012-08-06 04:05 -------- d-----w- c:\documents and settings\Steve Gold\Application Data\FixTDSS
2012-08-05 11:07 . 2012-08-05 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Windows Home Server
2012-08-04 00:36 . 2012-08-06 22:24 -------- d-----w- c:\documents and settings\Steve Gold\Application Data\Roompa
2012-08-04 00:36 . 2012-08-04 00:39 -------- d-----w- c:\documents and settings\Steve Gold\Application Data\Qiefc
2012-07-30 04:11 . 2012-08-07 02:51 -------- d-----w- C:\catalog.wci
2012-07-23 21:05 . 2012-07-23 21:47 -------- d-----w- c:\documents and settings\Steve Gold\Application Data\Windows Home Server
2012-07-23 20:57 . 2012-07-23 21:28 -------- d-----w- c:\program files\Windows Home Server
2012-07-23 20:56 . 2011-01-10 20:42 15460352 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Home Server\WHSConnector.msi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 07:50 . 2012-07-04 07:50 53248 ----a-r- c:\documents and settings\Steve Gold\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-03 17:46 . 2010-12-28 20:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-08-21 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-21 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-08-21 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-08-21 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-03-10 22:14 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-03-10 22:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-03-10 22:14 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-03-10 22:14 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-03-10 22:14 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-08-21 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-03-10 22:14 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-03-10 22:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-11-13 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-11-13 13:18 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-08-21 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-08-21 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-08-21 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-08-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-08-21 12:00 385024 ----a-w- c:\windows\system32\html.iec
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-07_03.46.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-07 12:00 . 2012-08-07 12:00 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\vpr\EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
"AirFun"="c:\program files\AirFun\DirectConnect.exe" [2012-02-24 2267648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"\\vpr\EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"\\PS-731CA9\U1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2012-07-30 807440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-08-21 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"VirtualCloneDrive"="f:\virtualclonedrive\VCDDaemon.exe" [2009-06-17 85160]
"USB Optical Mouse"="c:\program files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe" [2009-07-06 245248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Steve Gold\Start Menu\Programs\Startup\
ERUNT.lnk - c:\program files\ERUNT\ERUNT.EXE [2005-10-20 157696]
SysRestorePoint.lnk - c:\documents and settings\Steve Gold\Desktop\SysRestorePoint.exe [2011-1-17 21504]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-7-23 603504]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Steve Gold\Desktop\1147611549.jpg
FriendlyName=
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Steve Gold\Desktop\NSA.jpg
FriendlyName=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 21:27 99856 ----a-w- c:\windows\system32\DPWLEvHd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-08-21 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"Belkin 54g Wireless USB Network Adapter Service"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-08-06 26872]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-10-12 7040]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-11-21 38504]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-28 655944]
R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [2009-11-03 2752]
R2 SDHookService;System wide process monitoring to protect your computer and detect malware in real time.;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-11-21 130976]
R2 SDUpdateService;System service responsible for downloading and installing updates in the background.;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-11-21 955816]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-01-10 44784]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 35584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-28 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009-11-10 47360]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2004-08-04 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2009-04-07 140416]
S3 cpuz135;cpuz135;c:\software\pc-wizard_2012.2.1\pcwiz_x32.sys [2012-02-07 24328]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [2009-10-02 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [2009-10-02 50900]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2009-12-09 15271]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2012-07-04 9472]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2008-08-21 14336]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Steve Gold\Desktop\Sysinternals Suite - Mark Russinovich\PORTMSYS.SYS --> c:\documents and settings\Steve Gold\Desktop\Sysinternals Suite - Mark Russinovich\PORTMSYS.SYS [?]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2009-04-20 65664]
S3 SDScannerService;System service responsible for scanning single files during on-access or custom demand scans, as well as internet connections.;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-11-21 892336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2010-10-11 62184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-DELL-DD22F55359-Steve Gold.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-02 08:44]
.
2012-08-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-07-30 19:18]
.
2012-08-07 c:\windows\Tasks\Defraggler Volume F Task.job
- c:\program files\Defraggler\df.exe [2010-07-30 19:18]
.
2012-08-06 c:\windows\Tasks\Defraggler Volume T Task.job
- c:\program files\Defraggler\df.exe [2010-07-30 19:18]
.
2012-08-05 c:\windows\Tasks\ExpressZipReminder.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2012-08-05 07:54]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 00:08]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 00:08]
.
2012-08-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-07-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-07-15 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-07-05 02:16]
.
2012-08-07 c:\windows\Tasks\User_Feed_Synchronization-{E1E18E7E-CB46-4AF2-B670-155AEBC19CDE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-07-15 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-05 02:15]
.
.
------- Supplementary Scan -------
.
IE: Capture video with Stream-Cloner - c:\program files\Stream-Cloner\SC_IEOBJ.htm
IE: Download video with Stream-Cloner - c:\program files\Stream-Cloner\SC_IEOBJ2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: centurylink.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0A1AC5D6-899E-4077-B244-6337B8F4D937}: NameServer = 192.168.1.1,192.168.1.2
TCP: Interfaces\{B8A4012F-D08C-4C80-8AA4-19F07FCDD182}: NameServer = 192.168.1.1,192.168.1.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 08:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R300 Series at //PS-731CA9/U1 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "EPSON Stylus Photo R300 Series at //PS-731CA9/U1" /M "Stylus Photo R300" /EF "HKCU"?B~????????????????p????????????????????JB~????p???????????8?????????????C~????p?????????C~p??????????????|???????
\\vpr\EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P36 "\\vpr\EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"????????????IB~<???????????????p????????????????????JB~????p???????????8?????????????C~????p?????????C~p??????????????|???????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2245681954-755710587-2062766257-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\DPWLEvHd.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\DPPWDFLT.dll
.
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-07 08:27:04
ComboFix-quarantined-files.txt 2012-08-07 12:27
ComboFix2.txt 2012-08-07 03:51
ComboFix3.txt 2010-01-25 23:47
.
Pre-Run: 3,428,413,440 bytes free
Post-Run: 3,422,236,672 bytes free
.
- - End Of File - - 6BDB2F2EFA83DB7B6DAAD3122BCF2464


2012-08-14 05:26:38 . 2012-08-14 05:26:38 49,152 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Application Data\Microsoft\Windows\User.dat.vir
2012-08-08 11:44:00 . 2012-08-10 01:44:59 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-08-07 03:49:56 . 2012-08-07 03:49:56 1,946 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}.reg.dat
2012-08-07 03:49:56 . 2012-08-07 03:49:56 968 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}.reg.dat
2012-08-07 03:49:56 . 2012-08-07 03:49:56 852 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{40C03514-89C3-41BA-0090-3B440256DB87}.reg.dat
2012-08-07 03:49:08 . 2012-08-07 03:49:08 618 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-SDWinLogon.reg.dat
2012-08-07 03:48:49 . 2012-08-07 03:48:49 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CmPCIaudio.reg.dat
2012-08-07 03:48:48 . 2012-08-07 03:48:48 148 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NetStat Live.reg.dat
2012-08-07 03:48:42 . 2012-08-07 03:48:42 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-08-07 02:47:02 . 2012-08-07 02:47:02 120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\_2473471298_.zip
2011-11-28 03:04:26 . 2003-02-21 18:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\msvcr71.dll.vir
2011-10-31 09:29:42 . 2011-10-31 09:29:42 923 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Start Menu\Programs\System Restore\Uninstall System Restore.lnk.vir
2011-10-31 09:29:40 . 2011-11-02 07:27:11 712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Start Menu\Programs\System Restore\System Restore.lnk.vir
2011-10-31 09:27:19 . 2011-10-31 09:27:21 208,896 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\kwrd.dll.vir
2011-10-31 09:27:14 . 2011-10-31 09:37:52 1,039 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\bckfg.tmp.vir
2011-10-31 09:25:53 . 2011-10-31 09:25:56 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\@.vir
2011-10-31 09:25:52 . 2011-10-31 09:37:48 343 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\cfg.ini.vir
2011-10-31 09:25:51 . 2011-10-31 09:25:51 162,816 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\L\xpanilcw.vir
2011-10-31 09:25:50 . 2011-10-31 09:25:51 4,608 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\Desktop.ini.vir
2011-10-30 09:29:18 . 2011-10-31 09:26:48 12,800 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\80000004.@.vir
2011-10-29 20:32:13 . 2011-10-31 09:26:54 75,264 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\80000032.@.vir
2011-10-29 20:11:02 . 2011-10-31 09:26:45 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\00000001.@.vir
2011-10-24 07:38:49 . 2011-10-31 09:26:45 1,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\00000004.@.vir
2011-10-05 18:18:45 . 2011-10-31 09:26:56 209,920 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\00000002.@.vir
2011-09-23 16:33:05 . 2011-10-31 09:26:45 1,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB65111$\462349785\U\80000000.@.vir
2010-08-22 03:35:26 . 2010-08-22 03:35:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Application Data\Ecurif\haal.qaf.vir
2010-01-25 23:45:30 . 2010-01-25 23:45:30 276 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
2010-01-25 23:45:19 . 2010-01-25 23:45:19 171 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}.reg.dat
2010-01-25 23:37:35 . 2012-08-20 02:47:33 12,177 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-25 23:28:50 . 2012-08-20 02:12:41 1,502 -c--a-w- C:\Qoobox\Quarantine\catchme.log
2010-01-08 18:29:52 . 2010-01-08 18:29:52 16,337,326 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat.vir
2010-01-08 18:29:45 . 2010-01-08 18:29:45 28,846 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.dat.vir
2010-01-08 18:29:44 . 2010-01-08 18:29:44 9,204 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.idx.vir
2010-01-08 18:29:39 . 2010-01-08 18:29:42 13,525,620 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.dat.vir
2010-01-08 18:29:23 . 2010-01-08 18:29:23 798,974 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.idx.vir
2010-01-08 18:29:16 . 2010-01-08 18:29:16 3,877 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.res.vir
2010-01-08 18:29:15 . 2010-01-08 18:29:15 1,464 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xml.vir
2010-01-08 18:29:15 . 2010-01-08 18:29:15 4,583 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.res.vir
2010-01-08 18:29:14 . 2010-01-08 18:29:14 2,743 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.res.vir
2010-01-08 18:29:13 . 2010-01-08 18:29:13 9,073 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.res.vir
2010-01-08 18:29:13 . 2010-01-08 18:29:13 20,677 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.res.vir
2010-01-08 18:29:12 . 2010-01-08 18:29:12 7,535 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.res.vir
2010-01-08 18:29:12 . 2010-01-08 18:29:12 62 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.res.vir
2010-01-08 18:29:11 . 2010-01-08 18:29:11 378 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.htm.vir
2010-01-08 18:29:11 . 2010-01-08 18:29:11 492 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.htm.vir
2010-01-08 18:29:10 . 2010-01-08 18:29:10 865,915 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.res.vir
2010-01-08 18:29:09 . 2010-01-08 18:29:09 12,151 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.res.vir
2010-01-08 18:29:09 . 2010-01-08 18:29:09 2,585 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.res.vir
2010-01-08 18:29:09 . 2010-01-08 18:29:09 32,934 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.res.vir
2010-01-08 18:29:09 . 2010-01-08 18:29:09 9,807 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.res.vir
2010-01-08 18:29:09 . 2010-01-08 18:29:09 6,281 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.res.vir
2010-01-08 18:29:08 . 2010-01-08 18:29:08 35,442 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.res.vir
2010-01-08 18:29:08 . 2010-01-08 18:29:08 62 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.res.vir
2010-01-08 18:29:08 . 2010-01-08 18:29:08 62 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.res.vir
2010-01-08 18:29:07 . 2010-01-08 18:29:07 95,919 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.res.vir
2010-01-08 18:29:07 . 2010-01-08 18:29:07 209,637 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.res.vir
2010-01-08 18:29:06 . 2010-01-08 18:29:06 164,777 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.res.vir
2010-01-08 18:29:03 . 2010-01-08 18:29:03 14,578 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.cdf.vir
2010-01-08 18:29:02 . 2010-01-08 18:29:02 328 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.txt.vir
2010-01-08 18:29:01 . 2010-01-08 18:29:01 1,381 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt.vir
2010-01-08 18:29:01 . 2010-01-08 18:29:01 5,673 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.txt.vir
2010-01-08 18:26:19 . 2010-01-08 18:26:19 80,942 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat.vir
2010-01-08 18:26:18 . 2010-01-08 18:37:49 7 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\history.vir
2010-01-08 18:26:18 . 2010-01-09 02:07:55 16,541 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display.vir
2010-01-08 18:26:18 . 2010-01-09 02:07:53 3,040 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\Weather_XML\Default.vir
2010-01-08 18:26:18 . 2010-01-08 18:37:47 22,584 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2.vir
2010-01-08 18:26:18 . 2010-01-09 02:07:55 648 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\Links.vir
2010-01-08 18:26:18 . 2010-01-09 02:07:55 56,480 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg.vir
2010-01-08 18:26:17 . 2010-01-09 02:07:54 20,599 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\satellite-small.vir
2010-01-08 18:26:16 . 2010-01-09 02:07:54 46,562 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg.vir
2010-01-08 18:26:15 . 2010-01-09 02:07:53 13,393 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\radar-small.vir
2010-01-08 18:26:14 . 2010-01-09 01:37:53 3,040 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\Weather_XML\Genera1.vir
2010-01-08 18:26:12 . 2010-01-08 18:37:17 3,113 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading.vir
2010-01-08 18:26:11 . 2010-01-08 18:37:48 135 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences.vir
2010-01-08 18:26:09 . 2010-01-09 02:07:55 3,040 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\Weather_XML\General.vir
2010-01-08 18:26:07 . 2010-01-08 18:36:39 2,192 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat.vir
2010-01-08 18:26:06 . 2010-01-08 18:37:13 78 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\Weather\WeatherStartup.xml.vir
2010-01-08 18:24:00 . 2010-01-08 18:24:00 1,579 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip.vir
2010-01-08 18:24:00 . 2010-01-08 18:24:00 3,470 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip.vir
2010-01-08 18:24:00 . 2010-01-08 18:24:00 50,472 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip.vir
2010-01-01 05:57:38 . 2010-01-03 21:19:15 88 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CA59ADB2F3.sys.vir
2009-12-22 19:15:46 . 2009-12-22 19:15:46 201 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\mi1859647969v7.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 3 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\mi1859647969v6.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 221 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\mu1859647969v5.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 135 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\mi1859647969v4.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 142 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v3.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 230 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v2.kwd.vir
2009-12-22 19:15:45 . 2009-12-22 19:15:45 198 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v1.kwd.vir
2009-12-22 19:15:44 . 2009-12-22 19:15:44 226 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v0.kwd.vir
2009-12-22 19:15:40 . 2009-12-18 13:58:43 5,368,996 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\mu1859647969v5.vir
2009-12-22 19:15:33 . 2010-02-25 13:57:00 2,609 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v2.vir
2009-12-22 19:15:22 . 2010-02-24 13:57:10 2,589 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v1.vir
2009-12-22 19:15:19 . 2010-02-25 13:56:59 2,350 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysWoW32\wu1859647969v0.vir
2009-12-13 21:29:52 . 2012-06-24 17:26:21 670 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Application Data\vso_ts_preview.xml.vir
2009-11-10 08:25:53 . 2009-11-10 08:25:53 87,608 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Steve Gold\Application Data\inst.exe.vir
2009-10-19 01:25:54 . 2009-10-19 01:26:02 628 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir
2009-09-15 18:28:18 . 2009-09-15 18:28:18 11,823 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht.vir
2009-09-15 18:28:18 . 2009-09-15 18:28:18 40,649 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht.vir
2009-06-16 18:06:28 . 2009-06-16 18:06:28 2,951 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip.vir
2009-04-10 05:36:14 . 2009-04-10 05:39:54 375 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.ics.vir
2009-04-10 04:33:22 . 2009-11-09 22:41:00 174,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AnalogX\NetStat Live\nsl.exe.vir
2008-12-07 14:36:50 . 2008-12-07 14:36:50 8,396 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip.vir
2008-12-07 14:36:48 . 2008-12-07 14:36:48 2,468 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip.vir
2008-12-03 13:17:06 . 2008-12-03 13:17:06 194 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip.vir
2008-11-06 11:59:44 . 2008-11-06 11:59:44 556 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip.vir
2008-08-21 12:00:00 . 2008-08-21 12:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon_D.exe.vir
2008-05-07 12:03:14 . 2008-05-07 12:03:14 801,976 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip.vir
2008-05-07 12:03:08 . 2008-05-07 12:03:08 190,291 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip.vir
2008-01-17 11:39:40 . 2008-01-17 11:39:40 280 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip.vir
2007-11-22 15:50:54 . 2007-11-22 15:50:54 1,735 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip.vir
2007-11-22 12:49:48 . 2007-11-22 12:49:48 2,025 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip.vir
2007-11-22 12:22:20 . 2007-11-22 12:22:20 1,734 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip.vir
2007-10-30 11:48:12 . 2007-10-30 11:48:12 1,425 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip.vir
2007-07-01 15:25:52 . 2007-07-01 15:25:52 1,136 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip.vir
2007-06-27 14:00:04 . 2007-06-27 14:00:04 1,126 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip.vir
2005-08-09 15:30:28 . 2005-08-09 15:30:28 7,406 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip.vir
2005-07-11 15:26:52 . 2005-07-11 15:26:52 23,444 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip.vir
2005-07-11 15:26:36 . 2005-07-11 15:26:36 83,545 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip.vir
2005-07-11 15:26:20 . 2005-07-11 15:26:20 61,095 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip.vir
2005-03-09 15:12:52 . 2005-03-09 15:12:52 229 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip.vir
2004-07-15 21:47:48 . 2004-07-15 21:47:48 5,528 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\PowerToyReadme.htm.vir
2003-09-17 16:37:34 . 2003-09-17 16:37:34 1,232 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip.vir
2003-09-14 13:17:50 . 2003-09-14 13:17:50 188 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip.vir
2003-07-17 16:46:46 . 2003-07-17 16:46:46 3,432 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip.vir
2003-02-21 09:16:08 . 2003-02-21 09:16:08 49,152 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTEMP\regtlib.exe.vir
2002-10-24 15:56:24 . 2002-10-24 15:56:24 51 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip.vir
2002-10-24 15:56:06 . 2002-10-24 15:56:06 51 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip.vir
2002-10-24 15:55:42 . 2002-10-24 15:55:42 51 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip.vir
2002-06-10 15:13:40 . 2002-06-10 15:13:40 269 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Autumn\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip.vir

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 06:11:35
-----------------------------
06:11:35.343 OS Version: Windows 5.1.2600 Service Pack 3
06:11:35.343 Number of processors: 2 586 0x403
06:11:35.343 ComputerName: DELL-DD22F55359 UserName: Steve Gold
06:11:52.562 Initialize success
06:14:04.140 AVAST engine defs: 12080600
18:22:47.906 The log file has been saved successfully to "\\Wsm1\Software\google redirect\aswMBR.txt"


--------End







#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:45 PM

Posted 22 August 2012 - 06:28 PM

If possible Please inclued some insite as to how you determin the corrective action.


I will keep you informed of what I am doing. If you want a bit more background then PM me after the topic is completed.


The aswMBR log looks a bit short. Can you run it again for me and post the log.

Are you still getting Combofix messages about the TCP/IP stack?


Please run TDSSKiller now

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then run OTL and post the logs

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#8 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 22 August 2012 - 09:17 PM

m0le


>>>I will keep you informed of what I am doing.
>>>If you want a bit more background then PM me after the topic is completed.

Outstanding!


>>>The aswMBR log looks a bit short. Can you run it again for me and post the log.

You asked for the first log, It looks like it It crashed or locked up.
Thinking this because of the run time.
I have a log from 2 days ago, which is posted below, as you will see it take about 1.5 hours to run.
I will run aswMBR tonight and post it's log in the following post as soon as its done.

>>>Are you still getting Combofix messages about the TCP/IP stack?
Honestly I think once I the problems with the bandwidth bandwith usage was solved, Combofix
just indicated "rootkit activity detected" and that it is hard to get rid of.
If You need to know exactly what it says, I would have to run it again.

The computer is slow. Slow = 15sec to open I.E.
MsMPEng.exe is eating up allmost 100% of the 2nd core and 25% of the first core, thats with
Real-time protection turned off.
I am thinking that Microsoft Security Essentials is infected or damaged


>>>aswMBR Run date: 2012-08-19 19:59:48
>>>>> Look for the new log in the next post <<<<<
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 19:59:48
-----------------------------
19:59:48.625 OS Version: Windows 5.1.2600 Service Pack 3
19:59:48.625 Number of processors: 2 586 0x403
19:59:48.625 ComputerName: DELL-DD22F55359 UserName: Steve Gold
19:59:50.140 Initialize success
20:02:33.734 AVAST engine defs: 12081900
20:02:49.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:02:49.078 Disk 0 Vendor: WDC_WD400BD-75LRA0 09.01D09 Size: 38146MB BusType: 3
20:02:49.125 Disk 0 MBR read successfully
20:02:49.125 Disk 0 MBR scan
20:02:49.187 Disk 0 Windows XP default MBR code
20:02:49.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
20:02:49.406 Disk 0 scanning sectors +78124095
20:02:49.703 Disk 0 scanning C:\WINDOWS\system32\drivers
20:03:51.796 Service scanning
20:05:02.125 Modules scanning
20:06:22.687 Disk 0 trace - called modules:
20:06:22.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
20:06:22.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9d0ab8]
20:06:22.750 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a9d8f18]
20:06:22.750 5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a9ef940]
20:06:24.031 AVAST engine scan C:\WINDOWS
20:07:14.796 AVAST engine scan C:\WINDOWS\system32
20:22:15.281 AVAST engine scan C:\WINDOWS\system32\drivers
20:23:00.812 AVAST engine scan C:\Documents and Settings\Steve Gold
20:46:20.281 AVAST engine scan C:\Documents and Settings\All Users
20:56:05.359 Scan finished successfully
21:31:41.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\MBR.dat"
21:31:41.734 The log file has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\aswMBR.txt"

>>> TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
20:50:53.0250 3844 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
20:50:53.0906 3844 ============================================================
20:50:53.0906 3844 Current date / time: 2012/08/22 20:50:53.0906
20:50:53.0906 3844 SystemInfo:
20:50:53.0906 3844
20:50:53.0906 3844 OS Version: 5.1.2600 ServicePack: 3.0
20:50:53.0906 3844 Product type: Workstation
20:50:53.0921 3844 ComputerName: DELL-DD22F55359
20:50:53.0921 3844 UserName: Steve Gold
20:50:53.0921 3844 Windows directory: C:\WINDOWS
20:50:53.0921 3844 System windows directory: C:\WINDOWS
20:50:53.0921 3844 Processor architecture: Intel x86
20:50:53.0921 3844 Number of processors: 2
20:50:53.0921 3844 Page size: 0x1000
20:50:53.0921 3844 Boot type: Normal boot
20:50:53.0921 3844 ============================================================
20:51:05.0921 3844 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:51:05.0968 3844 Drive \Device\Harddisk1\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B24B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'W'
20:51:06.0000 3844 ============================================================
20:51:06.0000 3844 \Device\Harddisk0\DR0:
20:51:06.0000 3844 MBR partitions:
20:51:06.0000 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
20:51:06.0000 3844 \Device\Harddisk1\DR2:
20:51:06.0000 3844 MBR partitions:
20:51:06.0000 3844 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
20:51:06.0000 3844 ============================================================
20:51:06.0140 3844 C: <-> \Device\Harddisk0\DR0\Partition1
20:51:06.0250 3844 F: <-> \Device\Harddisk1\DR2\Partition1
20:51:06.0250 3844 ============================================================
20:51:06.0250 3844 Initialize success
20:51:06.0250 3844 ============================================================
20:51:12.0515 2980 ============================================================
20:51:12.0515 2980 Scan started
20:51:12.0515 2980 Mode: Manual;
20:51:12.0515 2980 ============================================================
20:51:17.0546 2980 ================ Scan system memory ========================
20:51:17.0546 2980 Scan interrupted by user!
20:51:17.0546 2980 ================ Scan services =============================
20:51:17.0546 2980 Scan interrupted by user!
20:51:17.0546 2980 ================ Scan global ===============================
20:51:17.0546 2980 Scan interrupted by user!
20:51:17.0546 2980 ================ Scan MBR ==================================
20:51:17.0546 2980 Scan interrupted by user!
20:51:17.0546 2980 ================ Scan VBR ==================================
20:51:17.0546 2980 Scan interrupted by user!
20:51:17.0546 2980 ============================================================
20:51:17.0546 2980 Scan finished
20:51:17.0546 2980 ============================================================
20:51:17.0562 2692 Detected object count: 0
20:51:17.0562 2692 Actual detected object count: 0
20:51:39.0937 0728 ============================================================
20:51:39.0937 0728 Scan started
20:51:39.0937 0728 Mode: Manual;
20:51:39.0937 0728 ============================================================
20:51:42.0625 0728 ================ Scan system memory ========================
20:51:42.0625 0728 System memory - ok
20:51:42.0625 0728 ================ Scan services =============================
20:51:44.0281 0728 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
20:51:44.0328 0728 6to4 - ok
20:51:44.0375 0728 Abiosdsk - ok
20:51:44.0390 0728 abp480n5 - ok
20:51:44.0531 0728 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:51:44.0593 0728 ACPI - ok
20:51:44.0656 0728 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:51:44.0671 0728 ACPIEC - ok
20:51:44.0671 0728 adpu160m - ok
20:51:44.0812 0728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:51:44.0875 0728 aec - ok
20:51:45.0000 0728 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:51:45.0046 0728 AFD - ok
20:51:45.0062 0728 Aha154x - ok
20:51:45.0078 0728 aic78u2 - ok
20:51:45.0078 0728 aic78xx - ok
20:51:45.0140 0728 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:51:45.0234 0728 Alerter - ok
20:51:45.0343 0728 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:51:45.0406 0728 ALG - ok
20:51:45.0437 0728 AliIde - ok
20:51:45.0484 0728 amsint - ok
20:51:45.0671 0728 [ 99B278C7206221B1F2A4743EB76CA049 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
20:51:45.0671 0728 AnyDVD - ok
20:51:46.0453 0728 [ 557F35D1CA42AEA14A6690E21887A31F ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:51:46.0562 0728 Apple Mobile Device - ok
20:51:46.0734 0728 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:51:46.0812 0728 AppMgmt - ok
20:51:46.0859 0728 asc - ok
20:51:46.0921 0728 asc3350p - ok
20:51:46.0953 0728 asc3550 - ok
20:51:47.0078 0728 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
20:51:47.0078 0728 ASPI32 - ok
20:51:47.0281 0728 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:51:47.0359 0728 aspnet_state - ok
20:51:47.0406 0728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:51:47.0421 0728 AsyncMac - ok
20:51:47.0515 0728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:51:47.0515 0728 atapi - ok
20:51:47.0515 0728 Atdisk - ok
20:51:47.0578 0728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:51:47.0609 0728 Atmarpc - ok
20:51:47.0687 0728 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:51:47.0703 0728 AudioSrv - ok
20:51:47.0765 0728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:51:47.0781 0728 audstub - ok
20:51:48.0015 0728 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:51:48.0015 0728 b57w2k - ok
20:51:48.0109 0728 [ 3163AA026FE36BAD874250AE93187F9D ] BackupReader C:\WINDOWS\system32\DRIVERS\BackupReader.sys
20:51:48.0109 0728 BackupReader - ok
20:51:48.0296 0728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:51:48.0312 0728 Beep - ok
20:51:48.0656 0728 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:51:49.0765 0728 BITS - ok
20:51:50.0031 0728 [ 6D39682A1051A5BE7437EC99F1BF9921 ] bkn50USB C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
20:51:50.0171 0728 bkn50USB - ok
20:51:50.0421 0728 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:51:50.0531 0728 Bonjour Service - ok
20:51:50.0625 0728 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:51:50.0671 0728 Bridge - ok
20:51:50.0734 0728 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
20:51:50.0734 0728 BridgeMP - ok
20:51:50.0843 0728 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:51:50.0875 0728 Browser - ok
20:51:50.0937 0728 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:51:50.0937 0728 BthEnum - ok
20:51:51.0046 0728 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
20:51:51.0093 0728 BTHMODEM - ok
20:51:51.0171 0728 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:51:51.0296 0728 BthPan - ok
20:51:51.0531 0728 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
20:51:51.0781 0728 BTHPORT - ok
20:51:51.0921 0728 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
20:51:51.0953 0728 BthServ - ok
20:51:52.0078 0728 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:51:52.0125 0728 BTHUSB - ok
20:51:52.0671 0728 catchme - ok
20:51:52.0796 0728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:51:52.0828 0728 cbidf2k - ok
20:51:52.0953 0728 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:51:52.0953 0728 CCDECODE - ok
20:51:52.0968 0728 cd20xrnt - ok
20:51:53.0093 0728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:51:53.0125 0728 Cdaudio - ok
20:51:53.0265 0728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:51:53.0281 0728 Cdfs - ok
20:51:53.0375 0728 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:51:53.0406 0728 Cdrom - ok
20:51:53.0421 0728 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:51:53.0437 0728 CiSvc - ok
20:51:53.0468 0728 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:51:53.0484 0728 ClipSrv - ok
20:51:53.0593 0728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:53.0765 0728 clr_optimization_v2.0.50727_32 - ok
20:51:53.0890 0728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:54.0031 0728 clr_optimization_v4.0.30319_32 - ok
20:51:54.0046 0728 CmdIde - ok
20:51:54.0265 0728 [ E5842CCF0953D3D46D5E26427B67E901 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
20:51:54.0515 0728 cmpci - ok
20:51:55.0609 0728 [ A0F7D6B070F15EAD9F4231B51B246E4C ] cmuda3 C:\WINDOWS\system32\drivers\cmudax3.sys
20:51:56.0593 0728 cmuda3 - ok
20:51:56.0609 0728 COMSysApp - ok
20:51:56.0687 0728 Cpqarray - ok
20:51:57.0046 0728 [ 0283B43C6BC965175A1C92B255D39556 ] cpuz135 C:\Software\pc-wizard_2012.2.1\pcwiz_x32.sys
20:51:57.0125 0728 cpuz135 - ok
20:51:57.0250 0728 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:51:57.0265 0728 CryptSvc - ok
20:51:57.0281 0728 dac2w2k - ok
20:51:57.0296 0728 dac960nt - ok
20:51:57.0515 0728 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:51:57.0671 0728 DcomLaunch - ok
20:51:57.0781 0728 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:51:57.0828 0728 Dhcp - ok
20:51:57.0921 0728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:51:57.0937 0728 Disk - ok
20:51:57.0953 0728 dmadmin - ok
20:51:58.0375 0728 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:51:58.0734 0728 dmboot - ok
20:51:58.0906 0728 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:51:59.0031 0728 dmio - ok
20:51:59.0140 0728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:51:59.0156 0728 dmload - ok
20:51:59.0296 0728 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:51:59.0312 0728 dmserver - ok
20:51:59.0437 0728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:51:59.0484 0728 DMusic - ok
20:51:59.0640 0728 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:51:59.0781 0728 Dnscache - ok
20:52:00.0000 0728 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:52:00.0093 0728 Dot3svc - ok
20:52:00.0406 0728 [ F059897A794E7FFD32012B4293381032 ] DPFUSMgr C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
20:52:00.0515 0728 DPFUSMgr - ok
20:52:00.0703 0728 [ CA999CBE2213B3452F48E781A52AB2AD ] DpHost C:\Program Files\DigitalPersona\Bin\DpHost.exe
20:52:00.0968 0728 DpHost - ok
20:52:01.0171 0728 [ AA586B977F26720193E76C6CE4975F0E ] dpK0Bx01 C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
20:52:01.0187 0728 dpK0Bx01 - ok
20:52:01.0203 0728 dpti2o - ok
20:52:01.0281 0728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:52:01.0281 0728 drmkaud - ok
20:52:01.0359 0728 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:52:01.0375 0728 EapHost - ok
20:52:01.0453 0728 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:52:01.0453 0728 ElbyCDIO - ok
20:52:01.0515 0728 [ 9B3ECBF38CC2B378373B7278D36432C6 ] EPSON_PM_RPCV2_01 C:\WINDOWS\system32\E_S00RP1.EXE
20:52:01.0531 0728 EPSON_PM_RPCV2_01 - ok
20:52:01.0578 0728 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:52:01.0578 0728 ERSvc - ok
20:52:01.0656 0728 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:52:01.0703 0728 Eventlog - ok
20:52:01.0875 0728 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:52:01.0968 0728 EventSystem - ok
20:52:02.0093 0728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:52:02.0156 0728 Fastfat - ok
20:52:02.0328 0728 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:52:02.0468 0728 FastUserSwitchingCompatibility - ok
20:52:02.0578 0728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:52:02.0609 0728 Fdc - ok
20:52:02.0718 0728 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:52:02.0718 0728 Fips - ok
20:52:02.0828 0728 [ 77D6FFAA3010B66FB4692532D75A585F ] FixTDSS C:\WINDOWS\system32\drivers\FixTDSS.sys
20:52:02.0906 0728 FixTDSS - ok
20:52:03.0062 0728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:52:03.0078 0728 Flpydisk - ok
20:52:03.0265 0728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:52:03.0359 0728 FltMgr - ok
20:52:03.0468 0728 [ 0A79334FB069C6B38DF7AD56A109EA01 ] FNETURPX C:\WINDOWS\system32\drivers\FNETURPX.SYS
20:52:03.0500 0728 FNETURPX - ok
20:52:03.0703 0728 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:03.0921 0728 FontCache3.0.0.0 - ok
20:52:04.0000 0728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:52:04.0015 0728 Fs_Rec - ok
20:52:04.0062 0728 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:52:04.0156 0728 Ftdisk - ok
20:52:04.0265 0728 [ 199062D35B8789238A11E9980479336B ] FVNETusb C:\WINDOWS\system32\DRIVERS\vnet58lx.sys
20:52:04.0359 0728 FVNETusb - ok
20:52:04.0468 0728 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:52:04.0484 0728 gameenum - ok
20:52:04.0578 0728 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:52:04.0593 0728 GEARAspiWDM - ok
20:52:04.0796 0728 [ EA0E4AF8B6A11B2BE17758D371DDF67B ] GhostStartService C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
20:52:04.0890 0728 GhostStartService - ok
20:52:04.0921 0728 [ 3A7C94ED99FE7FE05D88B26F97614626 ] GhPciScan C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
20:52:04.0937 0728 GhPciScan - ok
20:52:04.0953 0728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:52:04.0968 0728 Gpc - ok
20:52:05.0203 0728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:52:05.0265 0728 gupdate - ok
20:52:05.0328 0728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:52:05.0328 0728 gupdatem - ok
20:52:05.0515 0728 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:52:05.0546 0728 helpsvc - ok
20:52:05.0671 0728 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:52:05.0703 0728 HidServ - ok
20:52:05.0968 0728 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:52:05.0984 0728 hidusb - ok
20:52:06.0125 0728 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:52:06.0156 0728 hkmsvc - ok
20:52:06.0203 0728 hpn - ok
20:52:06.0484 0728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:52:06.0703 0728 HTTP - ok
20:52:06.0828 0728 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:52:06.0875 0728 HTTPFilter - ok
20:52:06.0890 0728 i2omp - ok
20:52:07.0031 0728 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:52:07.0062 0728 i8042prt - ok
20:52:07.0593 0728 [ 16F8DE7A7F9023AAC04DEC6A8A264441 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:52:08.0093 0728 ialm - ok
20:52:08.0515 0728 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:09.0078 0728 idsvc - ok
20:52:09.0109 0728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:52:09.0125 0728 Imapi - ok
20:52:09.0250 0728 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:52:09.0296 0728 ImapiService - ok
20:52:09.0312 0728 ini910u - ok
20:52:09.0328 0728 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:52:09.0328 0728 IntelIde - ok
20:52:09.0406 0728 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:52:09.0421 0728 intelppm - ok
20:52:09.0453 0728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:52:09.0468 0728 Ip6Fw - ok
20:52:09.0562 0728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:52:09.0640 0728 IpFilterDriver - ok
20:52:09.0765 0728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:52:09.0796 0728 IpInIp - ok
20:52:09.0937 0728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:52:10.0031 0728 IpNat - ok
20:52:10.0453 0728 [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:52:10.0875 0728 iPod Service - ok
20:52:11.0015 0728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:52:11.0093 0728 IPSec - ok
20:52:11.0187 0728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:52:11.0234 0728 IRENUM - ok
20:52:11.0328 0728 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:52:11.0359 0728 isapnp - ok
20:52:11.0515 0728 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:52:11.0562 0728 IviRegMgr - ok
20:52:12.0125 0728 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
20:52:12.0203 0728 JavaQuickStarterService - ok
20:52:12.0281 0728 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:52:12.0281 0728 Kbdclass - ok
20:52:12.0312 0728 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:52:12.0312 0728 kbdhid - ok
20:52:12.0437 0728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:52:12.0515 0728 kmixer - ok
20:52:12.0593 0728 [ 72C55C745D804D62162144EBFD6390B8 ] KMWDFilter C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
20:52:12.0609 0728 KMWDFilter - ok
20:52:12.0703 0728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:52:12.0750 0728 KSecDD - ok
20:52:12.0843 0728 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:52:12.0953 0728 LanmanServer - ok
20:52:13.0125 0728 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:52:13.0203 0728 lanmanworkstation - ok
20:52:13.0359 0728 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:52:13.0390 0728 LmHosts - ok
20:52:13.0515 0728 [ B51E7EAB4BAF13B492AA3299BCF52A35 ] MaRdPnp C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
20:52:13.0578 0728 MaRdPnp - ok
20:52:13.0687 0728 [ 1B467FB39D6EE0E7F1970EEE5FC07121 ] MaVctrl C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
20:52:13.0718 0728 MaVctrl - ok
20:52:14.0109 0728 [ B2434B4F7827798ABECD2103FB8F64A5 ] maz500m C:\WINDOWS\system32\Drivers\maz500m.sys
20:52:14.0140 0728 maz500m - ok
20:52:14.0281 0728 [ 1780E95913319766954F78FAAA57C860 ] maz500u C:\WINDOWS\system32\Drivers\maz500u.sys
20:52:14.0312 0728 maz500u - ok
20:52:14.0437 0728 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:52:14.0437 0728 MBAMProtector - ok
20:52:15.0156 0728 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:52:15.0531 0728 MBAMService - ok
20:52:15.0765 0728 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:52:15.0890 0728 MDM - ok
20:52:15.0968 0728 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:52:15.0984 0728 Messenger - ok
20:52:16.0046 0728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:52:16.0046 0728 mnmdd - ok
20:52:16.0109 0728 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:52:16.0125 0728 mnmsrvc - ok
20:52:16.0156 0728 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:52:16.0171 0728 Modem - ok
20:52:16.0218 0728 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:52:16.0218 0728 Mouclass - ok
20:52:16.0234 0728 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:52:16.0250 0728 mouhid - ok
20:52:16.0328 0728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:52:16.0343 0728 MountMgr - ok
20:52:16.0406 0728 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
20:52:16.0437 0728 MPE - ok
20:52:16.0593 0728 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:52:16.0718 0728 MpFilter - ok
20:52:16.0734 0728 mraid35x - ok
20:52:17.0171 0728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:52:17.0296 0728 MRxDAV - ok
20:52:18.0140 0728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:52:18.0406 0728 MRxSmb - ok
20:52:18.0531 0728 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:52:18.0562 0728 MSDTC - ok
20:52:18.0703 0728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:52:18.0703 0728 Msfs - ok
20:52:18.0734 0728 MSIServer - ok
20:52:18.0890 0728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:52:18.0890 0728 MSKSSRV - ok
20:52:18.0984 0728 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:52:18.0984 0728 MsMpSvc - ok
20:52:19.0031 0728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:52:19.0031 0728 MSPCLOCK - ok
20:52:19.0046 0728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:52:19.0046 0728 MSPQM - ok
20:52:19.0125 0728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:52:19.0140 0728 mssmbios - ok
20:52:19.0187 0728 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:52:19.0187 0728 MSTEE - ok
20:52:19.0250 0728 [ 7BA76ED9C7EF33B4C8C6041CE6C91A6E ] MTK C:\WINDOWS\system32\Drivers\fide.sys
20:52:19.0265 0728 MTK - ok
20:52:19.0359 0728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:52:19.0406 0728 Mup - ok
20:52:19.0484 0728 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:52:19.0515 0728 NABTSFEC - ok
20:52:19.0859 0728 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:52:20.0125 0728 napagent - ok
20:52:20.0250 0728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:52:20.0328 0728 NDIS - ok
20:52:20.0437 0728 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:52:20.0468 0728 NdisIP - ok
20:52:20.0546 0728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:52:20.0562 0728 NdisTapi - ok
20:52:20.0718 0728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:52:20.0750 0728 Ndisuio - ok
20:52:20.0953 0728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:52:21.0015 0728 NdisWan - ok
20:52:21.0125 0728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:52:21.0156 0728 NDProxy - ok
20:52:21.0296 0728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:52:21.0328 0728 NetBIOS - ok
20:52:21.0515 0728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:52:21.0609 0728 NetBT - ok
20:52:21.0765 0728 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:52:22.0015 0728 NetDDE - ok
20:52:22.0062 0728 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:52:22.0078 0728 NetDDEdsdm - ok
20:52:22.0140 0728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:52:22.0140 0728 Netlogon - ok
20:52:22.0281 0728 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:52:22.0359 0728 Netman - ok
20:52:22.0453 0728 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:22.0515 0728 NetTcpPortSharing - ok
20:52:22.0640 0728 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:52:22.0750 0728 Nla - ok
20:52:24.0921 0728 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisMP C:\WINDOWS\system32\DRIVERS\nlndis.sys
20:52:24.0953 0728 NLNdisMP - ok
20:52:28.0015 0728 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisPT C:\WINDOWS\system32\DRIVERS\nlndis.sys
20:52:28.0062 0728 NLNdisPT - ok
20:52:28.0828 0728 [ A021DDEDD9912BCE022C4CDA410D3374 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
20:52:29.0359 0728 nlsvc - ok
20:52:31.0625 0728 [ 6FE26694C94F1A63AF066D7A557F69D3 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
20:52:31.0656 0728 nltdi - ok
20:52:31.0734 0728 [ DD0216110AE219F333D0F99079A4BE42 ] NMgamingmsFltr C:\WINDOWS\system32\drivers\NMgamingms.sys
20:52:31.0890 0728 NMgamingmsFltr - ok
20:52:32.0140 0728 [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
20:52:32.0265 0728 nosGetPlusHelper - ok
20:52:32.0328 0728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:52:32.0359 0728 Npfs - ok
20:52:32.0812 0728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:52:33.0296 0728 Ntfs - ok
20:52:33.0390 0728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:52:33.0390 0728 NtLmSsp - ok
20:52:33.0718 0728 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:52:34.0062 0728 NtmsSvc - ok
20:52:34.0093 0728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:52:34.0125 0728 Null - ok
20:52:34.0265 0728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:52:34.0328 0728 NwlnkFlt - ok
20:52:34.0406 0728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:52:34.0437 0728 NwlnkFwd - ok
20:52:34.0625 0728 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:34.0687 0728 ose - ok
20:52:34.0921 0728 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:52:34.0953 0728 Parport - ok
20:52:34.0984 0728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:52:35.0000 0728 PartMgr - ok
20:52:35.0078 0728 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:52:35.0078 0728 ParVdm - ok
20:52:35.0140 0728 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:52:35.0171 0728 PCI - ok
20:52:35.0187 0728 PCIDump - ok
20:52:35.0218 0728 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
20:52:35.0218 0728 PCIIde - ok
20:52:35.0265 0728 [ 5E8871C8AA5AE8CC7834831211DE72C1 ] pciinfo C:\WINDOWS\System32\drivers\PCIINFO.SYS
20:52:35.0265 0728 pciinfo - ok
20:52:35.0359 0728 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:52:35.0406 0728 Pcmcia - ok
20:52:35.0484 0728 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:52:35.0515 0728 pcouffin - ok
20:52:35.0515 0728 perc2 - ok
20:52:35.0531 0728 perc2hib - ok
20:52:35.0687 0728 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:52:35.0687 0728 PlugPlay - ok
20:52:35.0984 0728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:52:35.0984 0728 PolicyAgent - ok
20:52:36.0093 0728 [ 78BDC34B7EC96A7D8B14B2D2D95C388A ] portio C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
20:52:36.0140 0728 portio - ok
20:52:36.0218 0728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:52:36.0250 0728 PptpMiniport - ok
20:52:36.0296 0728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:52:36.0312 0728 ProtectedStorage - ok
20:52:36.0390 0728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:52:36.0453 0728 PSched - ok
20:52:36.0500 0728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:52:36.0531 0728 Ptilink - ok
20:52:36.0562 0728 ql1080 - ok
20:52:36.0562 0728 Ql10wnt - ok
20:52:36.0593 0728 ql12160 - ok
20:52:36.0640 0728 ql1240 - ok
20:52:36.0687 0728 ql1280 - ok
20:52:36.0812 0728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:52:36.0828 0728 RasAcd - ok
20:52:36.0984 0728 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:52:37.0078 0728 RasAuto - ok
20:52:37.0125 0728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:52:37.0171 0728 Rasl2tp - ok
20:52:37.0296 0728 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:52:37.0421 0728 RasMan - ok
20:52:37.0468 0728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:52:37.0515 0728 RasPppoe - ok
20:52:37.0562 0728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:52:37.0578 0728 Raspti - ok
20:52:37.0656 0728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:52:37.0718 0728 Rdbss - ok
20:52:37.0750 0728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:52:37.0750 0728 RDPCDD - ok
20:52:37.0890 0728 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:52:37.0968 0728 rdpdr - ok
20:52:38.0093 0728 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:52:38.0140 0728 RDPWD - ok
20:52:38.0234 0728 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:52:38.0281 0728 RDSessMgr - ok
20:52:38.0343 0728 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:52:38.0359 0728 redbook - ok
20:52:38.0437 0728 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:52:38.0468 0728 RemoteAccess - ok
20:52:38.0515 0728 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:52:38.0531 0728 RemoteRegistry - ok
20:52:38.0609 0728 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:52:38.0640 0728 RFCOMM - ok
20:52:38.0718 0728 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:52:38.0734 0728 RimVSerPort - ok
20:52:38.0828 0728 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:52:38.0859 0728 ROOTMODEM - ok
20:52:39.0000 0728 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:52:39.0093 0728 RpcLocator - ok
20:52:39.0359 0728 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:52:39.0375 0728 RpcSs - ok
20:52:39.0562 0728 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:52:39.0656 0728 RSVP - ok
20:52:40.0062 0728 [ 6EA04A4370609E5E1EAEEE898A2AB6AC ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
20:52:40.0265 0728 RT73 - ok
20:52:40.0406 0728 [ 4294FDF954125CE9E39E68F826415C29 ] s3legacy C:\WINDOWS\system32\DRIVERS\s3legacy.sys
20:52:40.0484 0728 s3legacy - ok
20:52:40.0578 0728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:52:40.0578 0728 SamSs - ok
20:52:40.0703 0728 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:52:40.0781 0728 SCardSvr - ok
20:52:41.0031 0728 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:52:41.0140 0728 Schedule - ok
20:52:41.0187 0728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:52:41.0203 0728 Secdrv - ok
20:52:41.0265 0728 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:52:41.0281 0728 seclogon - ok
20:52:41.0296 0728 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:52:41.0312 0728 SENS - ok
20:52:41.0343 0728 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:52:41.0343 0728 serenum - ok
20:52:41.0375 0728 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:52:41.0406 0728 Serial - ok
20:52:41.0453 0728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:52:41.0453 0728 Sfloppy - ok
20:52:41.0593 0728 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:52:41.0718 0728 SharedAccess - ok
20:52:41.0781 0728 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:52:41.0781 0728 ShellHWDetection - ok
20:52:41.0828 0728 Simbad - ok
20:52:41.0968 0728 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:52:41.0968 0728 SLIP - ok
20:52:42.0109 0728 [ 1319EA66A96250D59665D133C0FF7CD0 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:52:42.0187 0728 smwdm - ok
20:52:42.0203 0728 Sparrow - ok
20:52:42.0265 0728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:52:42.0265 0728 splitter - ok
20:52:42.0343 0728 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:52:42.0375 0728 Spooler - ok
20:52:42.0468 0728 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:52:42.0515 0728 SQLWriter - ok
20:52:42.0593 0728 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:52:42.0656 0728 sr - ok
20:52:42.0796 0728 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:52:42.0921 0728 srservice - ok
20:52:43.0187 0728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:52:43.0421 0728 Srv - ok
20:52:43.0562 0728 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:52:43.0625 0728 SSDPSRV - ok
20:52:43.0796 0728 [ AA09FD16363E4232C68AF854E8A26F21 ] StatusAgent4 C:\WINDOWS\system32\SAgent4.exe
20:52:43.0875 0728 StatusAgent4 - ok
20:52:44.0156 0728 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:52:44.0515 0728 stisvc - ok
20:52:44.0687 0728 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:52:44.0750 0728 streamip - ok
20:52:45.0312 0728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:52:45.0328 0728 swenum - ok
20:52:45.0828 0728 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:52:46.0031 0728 SwitchBoard - ok
20:52:46.0093 0728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:52:46.0109 0728 swmidi - ok
20:52:46.0125 0728 SwPrv - ok
20:52:46.0125 0728 symc810 - ok
20:52:46.0140 0728 symc8xx - ok
20:52:46.0156 0728 sym_hi - ok
20:52:46.0156 0728 sym_u3 - ok
20:52:46.0250 0728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:52:46.0281 0728 sysaudio - ok
20:52:46.0359 0728 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:52:46.0406 0728 SysmonLog - ok
20:52:46.0515 0728 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:52:46.0609 0728 TapiSrv - ok
20:52:46.0796 0728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:52:46.0937 0728 Tcpip - ok
20:52:47.0078 0728 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:52:47.0171 0728 Tcpip6 - ok
20:52:47.0250 0728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:52:47.0250 0728 TDPIPE - ok
20:52:47.0296 0728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:52:47.0296 0728 TDTCP - ok
20:52:47.0343 0728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:52:47.0359 0728 TermDD - ok
20:52:47.0500 0728 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:52:47.0625 0728 TermService - ok
20:52:47.0703 0728 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:52:47.0703 0728 Themes - ok
20:52:47.0781 0728 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:52:47.0828 0728 TlntSvr - ok
20:52:47.0828 0728 TosIde - ok
20:52:47.0890 0728 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
20:52:47.0921 0728 TPM - ok
20:52:48.0000 0728 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:52:48.0031 0728 TrkWks - ok
20:52:48.0093 0728 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:52:48.0093 0728 tunmp - ok
20:52:48.0156 0728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:52:48.0171 0728 Udfs - ok
20:52:48.0187 0728 ultra - ok
20:52:48.0406 0728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:52:48.0578 0728 Update - ok
20:52:48.0718 0728 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:52:48.0921 0728 upnphost - ok
20:52:48.0953 0728 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:52:48.0968 0728 UPS - ok
20:52:49.0046 0728 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:52:49.0062 0728 USBAAPL - ok
20:52:49.0140 0728 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:52:49.0171 0728 usbaudio - ok
20:52:49.0218 0728 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:52:49.0265 0728 usbccgp - ok
20:52:50.0703 0728 [ 334FD1ED28CF35113522D86733AB576C ] UsbdpFP C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
20:52:50.0750 0728 UsbdpFP - ok
20:52:50.0921 0728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:52:50.0984 0728 usbehci - ok
20:52:51.0140 0728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:52:51.0187 0728 usbhub - ok
20:52:51.0328 0728 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:52:51.0421 0728 usbscan - ok
20:52:51.0593 0728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:52:51.0687 0728 USBSTOR - ok
20:52:53.0078 0728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:52:53.0203 0728 usbuhci - ok
20:52:53.0406 0728 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:52:53.0593 0728 usbvideo - ok
20:52:53.0734 0728 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
20:52:53.0906 0728 VClone - ok
20:52:53.0968 0728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:52:54.0031 0728 VgaSave - ok
20:52:54.0078 0728 ViaIde - ok
20:52:54.0500 0728 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:52:54.0546 0728 VolSnap - ok
20:52:55.0093 0728 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:52:55.0375 0728 VSS - ok
20:52:55.0593 0728 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:52:55.0718 0728 W32Time - ok
20:52:56.0140 0728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:52:56.0203 0728 Wanarp - ok
20:52:56.0640 0728 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:52:57.0078 0728 Wdf01000 - ok
20:52:57.0203 0728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:52:57.0265 0728 wdmaud - ok
20:52:57.0390 0728 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:52:57.0421 0728 WebClient - ok
20:52:58.0312 0728 [ 9CBB79BF4786D141096FCDFB2B831690 ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe
20:52:58.0609 0728 WHSConnector - ok
20:52:59.0421 0728 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:52:59.0531 0728 winmgmt - ok
20:53:01.0000 0728 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:53:02.0187 0728 wlidsvc - ok
20:53:02.0328 0728 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:53:02.0390 0728 WmdmPmSN - ok
20:53:03.0093 0728 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:53:03.0640 0728 Wmi - ok
20:53:04.0109 0728 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:53:04.0281 0728 WmiApSrv - ok
20:53:05.0328 0728 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:53:06.0218 0728 WMPNetworkSvc - ok
20:53:07.0437 0728 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:53:08.0328 0728 WPFFontCache_v0400 - ok
20:53:08.0453 0728 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:53:08.0468 0728 WS2IFSL - ok
20:53:08.0625 0728 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:53:08.0687 0728 wscsvc - ok
20:53:08.0796 0728 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:53:08.0937 0728 WSTCODEC - ok
20:53:09.0281 0728 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:53:09.0390 0728 wuauserv - ok
20:53:09.0687 0728 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:53:09.0781 0728 WudfPf - ok
20:53:10.0000 0728 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:53:10.0171 0728 WudfRd - ok
20:53:10.0312 0728 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:53:10.0343 0728 WudfSvc - ok
20:53:11.0218 0728 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:53:11.0656 0728 WZCSVC - ok
20:53:11.0984 0728 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:53:13.0156 0728 xmlprov - ok
20:53:13.0328 0728 ================ Scan global ===============================
20:53:13.0468 0728 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:53:14.0000 0728 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:53:14.0750 0728 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:53:15.0031 0728 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:53:15.0171 0728 [Global] - ok
20:53:15.0171 0728 ================ Scan MBR ==================================
20:53:15.0250 0728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:53:34.0187 0728 \Device\Harddisk0\DR0 - ok
20:53:34.0250 0728 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
20:53:34.0296 0728 \Device\Harddisk1\DR2 - ok
20:53:34.0296 0728 ================ Scan VBR ==================================
20:53:34.0406 0728 [ A05958F90F03D8C816C74E51E950F65D ] \Device\Harddisk0\DR0\Partition1
20:53:34.0578 0728 \Device\Harddisk0\DR0\Partition1 - ok
20:53:34.0656 0728 [ 18E1CE3759D9559F4F2C7DE5A497CFE7 ] \Device\Harddisk1\DR2\Partition1
20:53:34.0671 0728 \Device\Harddisk1\DR2\Partition1 - ok
20:53:34.0671 0728 ============================================================
20:53:34.0671 0728 Scan finished
20:53:34.0671 0728 ============================================================
20:53:34.0718 3520 Detected object count: 0
20:53:34.0781 3520 Actual detected object count: 0


OTL logfile created on: 2012-08-22 08:59:18 PM - Run 4
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Steve Gold\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.06% Memory free
2.58 Gb Paging File | 2.14 Gb Available in Paging File | 82.85% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 2.41 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 38.40 Gb Free Space | 2.06% Space Free | Partition Type: NTFS

Computer Name: DELL-DD22F55359 | User Name: Steve Gold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-22 20:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Gold\Desktop\OTL.exe
PRC - [2012-07-29 23:31:54 | 000,807,440 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
PRC - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011-03-21 16:14:38 | 001,126,400 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe
PRC - [2011-01-10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011-01-10 12:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2009-07-06 17:36:36 | 000,245,248 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
PRC - [2009-07-06 17:35:48 | 000,131,072 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\Tra.exe
PRC - [2008-08-21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006-10-09 17:28:06 | 000,230,928 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe
PRC - [2006-10-09 17:27:58 | 000,534,032 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
PRC - [2006-10-09 17:27:56 | 000,155,664 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
PRC - [2004-04-30 01:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2004-02-19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE
PRC - [2003-06-04 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
PRC - [2002-10-15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2012-02-17 20:55:35 | 000,166,912 | ---- | M] () -- C:\WinRAR\RarExt.dll
MOD - [2009-07-06 17:36:36 | 000,245,248 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
MOD - [2009-07-06 17:35:48 | 000,131,072 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\Tra.exe
MOD - [2002-07-04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-03-21 16:14:38 | 001,126,400 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2011-02-02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011-01-10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-10-09 17:28:06 | 000,230,928 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost)
SRV - [2006-10-09 17:27:56 | 000,155,664 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe -- (DPFUSMgr)
SRV - [2004-04-30 01:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4)
SRV - [2004-02-19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01)
SRV - [2003-12-17 16:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEVEG~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-08-06 00:05:34 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-03-26 19:42:10 | 000,121,080 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012-02-07 17:46:04 | 000,024,328 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Software\pc-wizard_2012.2.1\pcwiz_x32.sys -- (cpuz135)
DRV - [2011-03-21 16:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisPT)
DRV - [2011-03-21 16:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisMP)
DRV - [2011-03-21 16:44:24 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2011-01-10 12:29:18 | 000,044,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010-10-12 01:44:50 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2010-02-11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-12-09 00:16:14 | 000,015,271 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK)
DRV - [2009-07-24 16:56:16 | 000,009,472 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV - [2009-03-18 11:34:44 | 001,512,960 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008-04-14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-03-22 11:31:58 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007-08-02 07:00:26 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006-09-16 18:25:38 | 000,035,584 | ---- | M] (DigitalPersona®, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dpK0Bx01.sys -- (dpK0Bx01)
DRV - [2006-09-16 18:23:06 | 000,047,360 | ---- | M] (DigitalPersona®, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbdpfp.sys -- (UsbdpFP)
DRV - [2006-05-10 19:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-01-03 02:54:46 | 000,050,900 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maz500u.sys -- (maz500u)
DRV - [2005-10-09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2005-08-17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005-08-17 23:44:44 | 000,011,473 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005-06-16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maz500m.sys -- (maz500m)
DRV - [2004-09-22 17:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2004-07-15 23:14:00 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2004-03-26 13:08:54 | 000,122,112 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet58lx.sys -- (FVNETusb)
DRV - [2003-12-17 16:41:38 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003-12-17 16:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002-11-18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2001-08-17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2000-03-15 18:37:44 | 000,002,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCIINFO.SYS -- (pciinfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 79 59 4B 91 7E CD 01 [binary data]
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes,DefaultScope = {F407CF65-9D7A-405A-8464-A53AC64EE2C0}
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{0B3BF571-6D78-43B1-AAC7-DC2E0C4D3315}: "URL" = http://www.bidtopia.com/search.aspx?searchtxt={searchTerms}&srchOrig=4&searchtype=0
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{573B2871-9063-4C40-85C4-D8DD2351C66E}: "URL" = http://www.timeanddate.com/worldclock/results.html?query={searchTerms}
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{70B1325B-93F8-400C-9B71-F2EA6098A0AE}: "URL" = http://www.oneriot.com/search?q={searchTerms}&format=html&p=OneRiotIEaddonSearchBox/1.0.0.0
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{A094CFB3-5EE9-4626-92B4-10BADA6D8F7D}: "URL" = http://www.truveo.com/search.php?query={searchTerms}
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{A0E5EE9C-D4AD-4FEF-A897-E2A4F86D4FAA}: "URL" = http://www.geotruc.net/?q={searchTerms}
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{B255E1AA-CB34-400E-99BA-2BD25FB5B368}: "URL" = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{B3D863A4-CA81-4DDA-9AC7-E6854B1EFE9F}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\SearchScopes\{F407CF65-9D7A-405A-8464-A53AC64EE2C0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve Gold\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2009-11-11 22:34:00 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve Gold\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Steve Gold\Application Data\Move Networks [2010-02-10 19:24:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012-08-15 22:56:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..\Toolbar\WebBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [\\PS-731CA9\U1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\\vpr\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series at //PS-731CA9/U1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [USB Optical Mouse] C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Capture video with Stream-Cloner - C:\Program Files\Stream-Cloner\SC_IEOBJ.htm ()
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Download video with Stream-Cloner - C:\Program Files\Stream-Cloner\SC_IEOBJ2.htm ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..Trusted Domains: centurylink.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..Trusted Domains: centurylink.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..Trusted Domains: microsoft.com ([answers] http in Local intranet)
O15 - HKU\S-1-5-21-2245681954-755710587-2062766257-1010\..Trusted Ranges: Range37 ([https] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343068159307 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://mygmgw.gm.com/http://usabhembma04.mail.gm.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1AC5D6-899E-4077-B244-6337B8F4D937}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A4012F-D08C-4C80-8AA4-19F07FCDD182}: NameServer = 192.168.1.1,192.168.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DPWLN : DllName - (C:\WINDOWS\system32\DPWLEvHd.dll) - C:\WINDOWS\system32\DPWLEvHd.dll (DigitalPersona, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\Steve Gold\Desktop\1147611549.jpg
O24 - Desktop Components:1 () - C:\Documents and Settings\Steve Gold\Desktop\NSA.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Steve Gold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve Gold\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-10 18:16:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 20:42:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Gold\Desktop\OTL.exe
[2012-08-22 07:25:27 | 000,000,000 | ---D | C] -- C:\Windows Home Server Drivers for Restore
[2012-08-20 00:30:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-08-19 19:49:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steve Gold\Desktop\aswMBR.exe
[2012-08-19 19:48:59 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve Gold\Desktop\tdsskiller.exe
[2012-08-18 22:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER
[2012-08-15 06:40:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-08-14 05:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\Silicondust
[2012-08-14 05:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\HDHomeRun XBMC TV
[2012-08-14 05:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Silicondust
[2012-08-14 05:08:14 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2012-08-14 05:08:14 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012-08-14 05:07:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2012-08-14 05:07:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012-08-14 05:07:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012-08-14 05:07:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2012-08-14 04:39:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2012-08-14 04:39:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2012-08-14 04:39:49 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2012-08-14 04:39:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012-08-14 04:39:47 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012-08-14 04:39:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012-08-14 04:39:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012-08-14 04:39:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012-08-14 04:39:43 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2012-08-14 04:39:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2012-08-14 04:39:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2012-08-14 04:39:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2012-08-14 04:39:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2012-08-14 04:39:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2012-08-14 04:39:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012-08-14 04:39:33 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012-08-14 04:39:33 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2012-08-14 04:39:32 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2012-08-14 04:39:30 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012-08-14 04:39:26 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2012-08-14 04:39:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2012-08-14 04:39:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2012-08-14 04:39:23 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2012-08-14 04:39:23 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2012-08-14 04:39:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2012-08-14 04:39:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2012-08-14 04:39:17 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2012-08-14 04:39:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2012-08-14 04:39:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012-08-14 04:39:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2012-08-14 04:39:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2012-08-14 04:39:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2012-08-14 04:39:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2012-08-14 04:39:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2012-08-14 04:39:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2012-08-14 04:39:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2012-08-14 04:39:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2012-08-14 04:39:06 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2012-08-14 04:39:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2012-08-14 04:39:05 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2012-08-14 04:39:05 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2012-08-14 04:39:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2012-08-14 04:39:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2012-08-14 04:38:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2012-08-14 04:38:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2012-08-14 04:38:56 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2012-08-14 04:38:55 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2012-08-14 04:38:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2012-08-14 04:38:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2012-08-14 04:38:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2012-08-14 04:38:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2012-08-14 04:38:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2012-08-14 04:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012-08-13 16:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2012-08-13 08:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Desktop\fix drive
[2012-08-13 07:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\Locktime
[2012-08-13 07:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Start Menu\Programs\NetLimiter 3
[2012-08-13 07:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
[2012-08-13 07:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\Locktime
[2012-08-13 07:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2012-08-10 06:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\Sun
[2012-08-10 04:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-08-10 04:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012-08-10 04:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\Oracle
[2012-08-10 04:04:14 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-08-10 04:04:14 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-08-10 04:04:14 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-08-10 04:03:46 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-08-10 04:03:46 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-08-10 03:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012-08-10 03:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Start Menu\Programs\Revo Uninstaller
[2012-08-10 03:01:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-09 08:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-08-07 20:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012-08-06 23:04:59 | 004,731,145 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve Gold\Desktop\ComboFix.exe
[2012-08-06 22:36:56 | 000,000,000 | ---D | C] -- C:\FRST
[2012-08-06 05:46:57 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Steve Gold\Desktop\esetsmartinstaller_enu.exe
[2012-08-06 00:05:34 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012-08-06 00:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\FixTDSS
[2012-08-05 07:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Home Server
[2012-08-03 20:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\Roompa
[2012-08-03 20:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\Application Data\Qiefc
[2012-07-30 00:11:17 | 000,000,000 | ---D | C] -- C:\catalog.wci
[2012-07-25 04:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Gold\My Documents\New Folder (4)
[2009-11-10 04:25:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Steve Gold\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-22 20:58:37 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-08-22 20:49:31 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2012-08-22 20:48:50 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-22 20:46:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-22 20:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Gold\Desktop\OTL.exe
[2012-08-22 19:21:04 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012-08-22 18:00:18 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume T Task.job
[2012-08-22 13:53:26 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1E18E7E-CB46-4AF2-B670-155AEBC19CDE}.job
[2012-08-20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve Gold\Desktop\tdsskiller.exe
[2012-08-20 00:27:08 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to Software on Wsm1.lnk
[2012-08-19 19:49:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steve Gold\Desktop\aswMBR.exe
[2012-08-18 22:34:18 | 000,001,965 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\NetStat Live.lnk
[2012-08-17 02:45:08 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-08-17 02:45:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-16 03:43:38 | 003,617,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-16 03:15:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-08-15 22:56:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-15 21:30:23 | 004,731,145 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve Gold\Desktop\ComboFix.exe
[2012-08-15 21:23:15 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Windows Firewall.lnk
[2012-08-15 04:11:21 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to Windows 8 Media Center™.lnk
[2012-08-14 04:32:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2012-08-13 16:27:03 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2012-08-13 07:59:26 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to 2012-08-13.lnk
[2012-08-10 04:03:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-08-10 04:03:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-08-10 03:46:04 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Revo Uninstaller.lnk
[2012-08-07 20:13:41 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-08-07 20:13:41 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Steve Gold\Desktop\Spybot - Search & Destroy.lnk
[2012-08-07 20:11:08 | 000,000,314 | -HS- | M] () -- C:\boot.ini
[2012-08-06 23:45:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120807-202412.backup
[2012-08-06 22:37:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\md5
[2012-08-06 05:28:08 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Steve Gold\Desktop\esetsmartinstaller_enu.exe
[2012-08-06 00:05:34 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012-08-06 00:02:40 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012-08-03 22:05:05 | 013,066,483 | ---- | M] () -- C:\Documents and Settings\Steve Gold\My Documents\IBM Lenovo Thinkcentre S51 series 8172-form factor small Desktop 19r0486.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-17 02:45:08 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-08-15 21:23:15 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Windows Firewall.lnk
[2012-08-15 04:11:21 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to Windows 8 Media Center™.lnk
[2012-08-14 05:07:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012-08-14 05:07:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012-08-14 05:07:50 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2012-08-14 05:07:50 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012-08-14 05:07:45 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2012-08-14 05:07:45 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012-08-13 08:00:02 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to Software on Wsm1.lnk
[2012-08-13 07:59:26 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Shortcut to 2012-08-13.lnk
[2012-08-10 03:46:04 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Revo Uninstaller.lnk
[2012-08-07 20:05:56 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-08-07 20:05:56 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Desktop\Spybot - Search & Destroy.lnk
[2012-08-06 22:43:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-08-06 22:37:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\md5
[2012-08-06 06:00:01 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-08-06 05:50:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-06 00:02:40 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012-08-03 22:05:05 | 013,066,483 | ---- | C] () -- C:\Documents and Settings\Steve Gold\My Documents\IBM Lenovo Thinkcentre S51 series 8172-form factor small Desktop 19r0486.pdf
[2012-05-22 05:54:42 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2012-04-11 22:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2012-04-11 22:10:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2012-03-26 06:02:41 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\FixVTS.ini
[2012-03-16 09:59:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012-02-15 02:26:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-16 12:06:43 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-27 20:24:13 | 000,012,972 | -HS- | C] () -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\5fih708oasgfqyjr7svih276ko8r6
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Hip Hop
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Helper Scripts
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Help
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\HAL
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\Guitars
[2011-11-14 16:14:12 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\Guitar
[2011-11-14 16:14:12 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011-11-14 16:14:12 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011-11-14 16:14:12 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011-11-14 16:14:12 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\InkjetPrinter
[2011-11-14 16:14:12 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Images
[2011-11-14 16:14:12 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Image Manipulation
[2011-07-06 19:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2011-06-12 19:33:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011-06-12 18:52:13 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011-06-12 18:52:13 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011-06-12 18:52:13 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011-06-12 18:52:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011-06-12 18:30:43 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2011-06-12 18:30:43 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2011-06-12 18:30:43 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2011-06-12 18:28:14 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2011-05-23 01:42:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011-05-23 01:42:56 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011-05-16 04:54:07 | 000,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-05-16 04:54:07 | 000,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2011-05-16 04:54:07 | 000,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011-05-16 04:54:07 | 000,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011-05-16 04:54:05 | 000,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011-05-16 04:54:05 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011-05-16 04:54:05 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011-05-16 04:54:05 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2011-05-16 04:54:05 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011-05-16 04:54:04 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011-05-16 04:54:04 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011-05-16 04:54:02 | 000,695,901 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011-05-16 04:54:02 | 000,034,479 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2011-01-18 00:29:50 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
[2011-01-18 00:24:35 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2011-01-01 04:43:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve Gold\defogger_reenable
[2010-12-30 22:02:13 | 023,592,960 | ---- | C] () -- C:\Documents and Settings\Steve Gold\ntuser.bak
[2010-04-05 00:33:34 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Steve Gold\persistent_state
[2010-01-22 23:53:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\housecall.guid.cache
[2010-01-18 08:38:35 | 006,438,912 | ---- | C] () -- C:\Documents and Settings\Steve Gold\s-1-5-21-2245681954-755710587-2062766257-1010.rrr
[2010-01-01 01:57:37 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009-11-10 04:25:53 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\pcouffin.cat
[2009-11-10 04:25:53 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Application Data\pcouffin.inf
[2009-11-10 03:36:51 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009-11-04 22:10:55 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\fusioncache.dat
[2009-04-10 14:37:11 | 000,002,464 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009-04-10 02:03:00 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >


--------End.

Please advise
Steve




#9 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 22 August 2012 - 11:59 PM

m0le

READ PREVIOUS POST FIRST
^^^^^^^^^^^^^^^^^^^^^^^^^^


>>>aswMBR Run date: 2012-08-22 22:23:13

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 22:23:13
-----------------------------
22:23:13.203 OS Version: Windows 5.1.2600 Service Pack 3
22:23:13.203 Number of processors: 2 586 0x403
22:23:13.203 ComputerName: DELL-DD22F55359 UserName: Steve Gold
22:23:17.140 Initialize success
22:25:27.937 AVAST engine defs: 12082201
22:26:23.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:26:23.046 Disk 0 Vendor: WDC_WD400BD-75LRA0 09.01D09 Size: 38146MB BusType: 3
22:26:23.078 Disk 0 MBR read successfully
22:26:23.078 Disk 0 MBR scan
22:26:23.375 Disk 0 Windows XP default MBR code
22:26:23.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
22:26:23.421 Disk 0 scanning sectors +78124095
22:26:23.640 Disk 0 scanning C:\WINDOWS\system32\drivers
22:27:11.312 Service scanning
22:29:33.234 Modules scanning
22:30:48.234 Disk 0 trace - called modules:
22:30:48.250
22:30:54.687 AVAST engine scan C:\WINDOWS
22:31:54.312 AVAST engine scan C:\WINDOWS\system32
22:52:02.265 AVAST engine scan C:\WINDOWS\system32\drivers
22:53:32.781 AVAST engine scan C:\Documents and Settings\Steve Gold
23:32:41.750 AVAST engine scan C:\Documents and Settings\All Users
23:48:36.484 Scan finished successfully
23:50:38.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\2012-08-20\MBR.dat"
23:50:38.703 The log file has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\2012-08-20\aswMBR 2012-08-22-.txt"

>>>IPCONFIG

This seem right to you?
The DNS Servers entry Looks odd to me.

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Steve Gold>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dell-dd22f55359
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-10-C6-A2-91-97
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::210:c6ff:fea2:9197%4
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.2
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-04
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.4%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled


>>>See Attached picture MSMpEng.exe.jpg




m0le

READ PREVIOUS POST FIRST
^^^^^^^^^^^^^^^^^^^^^^^^^^


>>>aswMBR Run date: 2012-08-22 22:23:13

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 22:23:13
-----------------------------
22:23:13.203 OS Version: Windows 5.1.2600 Service Pack 3
22:23:13.203 Number of processors: 2 586 0x403
22:23:13.203 ComputerName: DELL-DD22F55359 UserName: Steve Gold
22:23:17.140 Initialize success
22:25:27.937 AVAST engine defs: 12082201
22:26:23.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:26:23.046 Disk 0 Vendor: WDC_WD400BD-75LRA0 09.01D09 Size: 38146MB BusType: 3
22:26:23.078 Disk 0 MBR read successfully
22:26:23.078 Disk 0 MBR scan
22:26:23.375 Disk 0 Windows XP default MBR code
22:26:23.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
22:26:23.421 Disk 0 scanning sectors +78124095
22:26:23.640 Disk 0 scanning C:\WINDOWS\system32\drivers
22:27:11.312 Service scanning
22:29:33.234 Modules scanning
22:30:48.234 Disk 0 trace - called modules:
22:30:48.250
22:30:54.687 AVAST engine scan C:\WINDOWS
22:31:54.312 AVAST engine scan C:\WINDOWS\system32
22:52:02.265 AVAST engine scan C:\WINDOWS\system32\drivers
22:53:32.781 AVAST engine scan C:\Documents and Settings\Steve Gold
23:32:41.750 AVAST engine scan C:\Documents and Settings\All Users
23:48:36.484 Scan finished successfully
23:50:38.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\2012-08-20\MBR.dat"
23:50:38.703 The log file has been saved successfully to "C:\Documents and Settings\Steve Gold\Desktop\20112-08-18 BLEPING COMPUTER\2012-08-20\aswMBR 2012-08-22-.txt"

>>>IPCONFIG

This seem right to you?
The DNS Servers entry Looks odd to me.

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Steve Gold>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dell-dd22f55359
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-10-C6-A2-91-97
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::210:c6ff:fea2:9197%4
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.2
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-04
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.4%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled


>>>See Attached picture MSMpEng.exe.jpg



Please advise

Steve

Please advise

Steve

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:45 PM

Posted 23 August 2012 - 02:32 PM

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    [2012-01-16 12:06:43 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-12-27 20:24:13 | 000,012,972 | -HS- | C] () -- C:\Documents and Settings\Steve Gold\Local Settings\Application Data\5fih708oasgfqyjr7svih276ko8r6
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\drivers\FNETURPX.SYS

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal
Posted Image
m0le is a proud member of UNITE

#11 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 23 August 2012 - 10:38 PM


m0le

>>>OTL file fix log 08 23 2012_232203.log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Steve Gold\Local Settings\Application Data\5fih708oasgfqyjr7svih276ko8r6 moved successfully.

OTL by OldTimer - Version 3.2.58.1 log created on 08232012_232203

>>>C:\WINDOWS\System32\drivers\FNETURPX.SYS Scan @ http://virusscan.jotti.org/en

Jotti's malware scan
Filename: FNETURPX.SYS
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 24 Aug 2012 05:27:53 (CET) Permalink

Additional info
File size: 7040 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 0a79334fb069c6b38df7ad56a109ea01
SHA1: 247b33c456a4ee1c2f5032404d926f4c29689910


>>>C:\WINDOWS\System32\drivers\FNETURPX.SYS Scan @ http://www.virustotal.com/


This file was already analysed by VirusTotal on 2012-08-24 03:30:07.

Detection ratio: 0/42

SHA256: 811fb229d2f5ac6eabecf3510bda3247e6aa775847ecfef42e3c17ffb8d4cb12
SHA1: 247b33c456a4ee1c2f5032404d926f4c29689910
MD5: 0a79334fb069c6b38df7ad56a109ea01
File size: 6.9 KB ( 7040 bytes )
File name: file-4410220_SYS
File type: Win32 EXE
Tags: peexe
Detection ratio: 0 / 42
Analysis date: 2012-08-24 03:30:07 UTC ( 4 minutes ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120823
AntiVir - 20120824
Antiy-AVL - 20120824
Avast - 20120824
AVG - 20120823
BitDefender - 20120824
ByteHero - 20120814
CAT-QuickHeal - 20120824
ClamAV - 20120824
Commtouch - 20120824
Comodo - 20120824
DrWeb - 20120824
Emsisoft - 20120824
eSafe - 20120823
ESET-NOD32 - 20120823
F-Prot - 20120824
F-Secure - 20120824
Fortinet - 20120824
GData - 20120824
Ikarus - 20120818
Jiangmin - 20120824
K7AntiVirus - 20120823
Kaspersky - 20120824
McAfee - 20120824
McAfee-GW-Edition - 20120823
Microsoft - 20120824
Norman - 20120823
nProtect - 20120823
Panda - 20120823
PCTools - 20120824
Rising - 20120824
Sophos - 20120824
SUPERAntiSpyware - 20120824
Symantec - 20120824
TheHacker - 20120822
TotalDefense - 20120823
TrendMicro - 20120824
TrendMicro-HouseCall - 20120824
VBA32 - 20120823
VIPRE - 20120823
ViRobot - 20120824
VirusBuster - 20120823


Please advise

Steve




#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:45 PM

Posted 24 August 2012 - 02:40 PM

Okay, so far, not much. The FNETURPX.SYS file is saying clean but it's basing that on recognising the file and isn't re-scanning it. I suspect that this may be an infected file as Gmer shows entry point in "init" section which potentially points to a modified file. We will look for a replacement and swap the suspect file for a clean back-up

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    FNETURPX.SYS
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#13 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 24 August 2012 - 05:58 PM

m0le

If a file has been infected, then it has been changed, if it has been changed, the hash encrytion number would change.
I know some rootkits will present a copy of an uninfected version when a query is made, so as the hash numbers would match.
So my question is if http://www.virustotal.com/ validated the hash why would it need to resacan re-scan the file?
Is it your thinking that if it was re-scaned that it would see the hash # has changed?
If not how is it possible to change the file and not the hash?

SystemLook 30.07.11 by jpshortstuff
Log created at 18:42 on 24/08/2012 by Steve Gold
Administrator - Elevation successful

========== filefind ==========

Searching for "FNETURPX.SYS"
C:\Documents and Settings\Steve Gold\Application Data\FixTDSS\Archive\FNETURPX.SYS --a---- 7040 bytes [04:05 06/08/2012] [05:44 12/10/2010] 0A79334FB069C6B38DF7AD56A109EA01
C:\WINDOWS\system32\drivers\FNETURPX.SYS --a---- 7040 bytes [05:44 12/10/2010] [05:44 12/10/2010] 0A79334FB069C6B38DF7AD56A109EA01

-= EOF =-

Please Advise

Steve





#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:45 PM

Posted 24 August 2012 - 07:43 PM

Is it your thinking that if it was re-scaned that it would see the hash # has changed?


Yes. We can't assume that the stored scan details will be the same as our file.

If not how is it possible to change the file and not the hash?


As you know, it isn't.


It seems that FixTDSS has already been here.

C:\Documents and Settings\Steve Gold\Application Data\FixTDSS\Archive\FNETURPX.SYS


The m5base program has this hash as being fake. So, what did FixTDSS report when you ran it?
Posted Image
m0le is a proud member of UNITE

#15 autocon

autocon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 24 August 2012 - 10:10 PM

m0le

>>>As you know, it isn't.
With the Rootkit tech nothing suprizes me anymore.
Im sure you know is has been theoretically possible for over 6 years now.
The computational power required is on an order of magnitude thats virtually non existent.
Its not that far feched to envision an infection (rootkit) that combines the computing power of other infected machines to exploit the weakness for the purpose of stealth.


>>>C:\Documents and Settings\Steve Gold\Application Data\FixTDSS\Archive\FNETURPX.SYS
Like I said I have been working on this befor you started.


>>>The m5base program has this hash as being fake. So, what did FixTDSS report when you ran it?

If i am reading this right it looks like the Archive created at 4:05 on 2012-08-06 "Archive\FNETURPX.SYS --a---- 7040 bytes [04:05 06/08/2012]"

I have 2 FixTDSS report for that day.
TDSSKiller.2.7.48.0_06.08.2012_00.03.41_log.txt
TDSSKiller.2.7.48.0_06.08.2012_05.32.36_log.txt
Im confused as to why it archive the file,


Ref: 05:33:19.0531 1992 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
Ref: 05:33:19.0562 1992 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
Ref: 05:33:19.0562 1992 FNETURPX - detected UnsignedFile.Multi.Generic (1)05:33:19.0531 1992 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
Ref: 05:33:19.0562 1992 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
Ref: 05:33:19.0562 1992 FNETURPX - detected UnsignedFile.Multi.Generic (1)

Possibly related log
mbam-log-2012-08-06 (05-52-37).txt posted at the end.
Ref: C:\Documents and Settings\Steve Gold\Application Data\Roompa\ryago.exe (Trojan.Cridex) -> Quarantined and deleted successfully.

Also on 2012-08-17 @07:15 Microsoft Security Essential detected and quarantined TrojanDowloader:ASX/Wimad.DY



>>>>TDSSKiller.2.7.48.0_06.08.2012_00.03.41_log.txt

00:03:41.0234 0972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:03:41.0828 0972 ============================================================
00:03:41.0828 0972 Current date / time: 2012/08/06 00:03:41.0828
00:03:41.0828 0972 SystemInfo:
00:03:41.0828 0972
00:03:41.0828 0972 OS Version: 5.1.2600 ServicePack: 3.0
00:03:41.0828 0972 Product type: Workstation
00:03:41.0828 0972 ComputerName: DELL-DD22F55359
00:03:41.0828 0972 UserName: Steve Gold
00:03:41.0828 0972 Windows directory: C:\WINDOWS
00:03:41.0828 0972 System windows directory: C:\WINDOWS
00:03:41.0828 0972 Processor architecture: Intel x86
00:03:41.0828 0972 Number of processors: 2
00:03:41.0828 0972 Page size: 0x1000
00:03:41.0828 0972 Boot type: Normal boot
00:03:41.0828 0972 ============================================================
00:03:44.0531 0972 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:44.0531 0972 Drive \Device\Harddisk1\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B24B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'W'
00:03:44.0546 0972 Drive \Device\Harddisk2\DR4 - Size: 0x39C2A0000 (14.44 Gb), SectorSize: 0x200, Cylinders: 0x75D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:03:44.0546 0972 ============================================================
00:03:44.0546 0972 \Device\Harddisk0\DR0:
00:03:44.0546 0972 MBR partitions:
00:03:44.0546 0972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
00:03:44.0546 0972 \Device\Harddisk1\DR2:
00:03:44.0562 0972 MBR partitions:
00:03:44.0562 0972 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
00:03:44.0562 0972 \Device\Harddisk2\DR4:
00:03:44.0562 0972 MBR partitions:
00:03:44.0562 0972 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x2B, BlocksNum 0x1CE147F
00:03:44.0562 0972 ============================================================
00:03:44.0593 0972 C: <-> \Device\Harddisk0\DR0\Partition0
00:03:44.0640 0972 F: <-> \Device\Harddisk1\DR2\Partition0
00:03:44.0640 0972 ============================================================
00:03:44.0640 0972 Initialize success
00:03:44.0640 0972 ============================================================
00:03:47.0765 2360 ============================================================
00:03:47.0765 2360 Scan started
00:03:47.0765 2360 Mode: Manual;
00:03:47.0765 2360 ============================================================
00:03:48.0984 2360 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
00:03:49.0000 2360 6to4 - ok
00:03:49.0015 2360 Abiosdsk - ok
00:03:49.0015 2360 abp480n5 - ok
00:03:49.0093 2360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:03:49.0140 2360 ACPI - ok
00:03:49.0203 2360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:03:49.0203 2360 ACPIEC - ok
00:03:49.0203 2360 adpu160m - ok
00:03:49.0265 2360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:03:49.0281 2360 aec - ok
00:03:49.0328 2360 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:03:49.0343 2360 AFD - ok
00:03:49.0343 2360 Aha154x - ok
00:03:49.0343 2360 aic78u2 - ok
00:03:49.0359 2360 aic78xx - ok
00:03:49.0421 2360 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:03:49.0421 2360 Alerter - ok
00:03:49.0484 2360 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:03:49.0484 2360 ALG - ok
00:03:49.0500 2360 AliIde - ok
00:03:49.0500 2360 amsint - ok
00:03:49.0562 2360 AnyDVD (99b278c7206221b1f2a4743eb76ca049) C:\WINDOWS\system32\Drivers\AnyDVD.sys
00:03:49.0562 2360 AnyDVD - ok
00:03:49.0796 2360 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
00:03:49.0796 2360 Apple Mobile Device - ok
00:03:49.0843 2360 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:03:49.0859 2360 AppMgmt - ok
00:03:49.0859 2360 asc - ok
00:03:49.0859 2360 asc3350p - ok
00:03:49.0875 2360 asc3550 - ok
00:03:49.0953 2360 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys
00:03:49.0953 2360 ASPI32 - ok
00:03:50.0109 2360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:03:50.0109 2360 aspnet_state - ok
00:03:50.0156 2360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:03:50.0156 2360 AsyncMac - ok
00:03:50.0218 2360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:03:50.0218 2360 atapi - ok
00:03:50.0218 2360 Atdisk - ok
00:03:50.0250 2360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:03:50.0250 2360 Atmarpc - ok
00:03:50.0312 2360 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:03:50.0312 2360 AudioSrv - ok
00:03:50.0375 2360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:03:50.0375 2360 audstub - ok
00:03:50.0437 2360 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:03:50.0437 2360 b57w2k - ok
00:03:50.0500 2360 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\WINDOWS\system32\DRIVERS\BackupReader.sys
00:03:50.0500 2360 BackupReader - ok
00:03:50.0562 2360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:03:50.0562 2360 Beep - ok
00:03:50.0640 2360 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:03:50.0734 2360 BITS - ok
00:03:50.0828 2360 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
00:03:50.0875 2360 bkn50USB - ok
00:03:51.0156 2360 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
00:03:51.0171 2360 Bonjour Service - ok
00:03:51.0265 2360 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:03:51.0265 2360 Bridge - ok
00:03:51.0265 2360 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:03:51.0265 2360 BridgeMP - ok
00:03:51.0328 2360 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:03:51.0328 2360 Browser - ok
00:03:51.0390 2360 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:03:51.0390 2360 BthEnum - ok
00:03:51.0453 2360 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
00:03:51.0453 2360 BTHMODEM - ok
00:03:51.0515 2360 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:03:51.0531 2360 BthPan - ok
00:03:51.0625 2360 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
00:03:51.0625 2360 BTHPORT - ok
00:03:51.0734 2360 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
00:03:51.0734 2360 BthServ - ok
00:03:51.0843 2360 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:03:51.0843 2360 BTHUSB - ok
00:03:52.0046 2360 catchme - ok
00:03:52.0156 2360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:03:52.0171 2360 cbidf2k - ok
00:03:52.0218 2360 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:03:52.0218 2360 CCDECODE - ok
00:03:52.0234 2360 cd20xrnt - ok
00:03:52.0296 2360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:03:52.0296 2360 Cdaudio - ok
00:03:52.0359 2360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:03:52.0359 2360 Cdfs - ok
00:03:52.0421 2360 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:03:52.0437 2360 Cdrom - ok
00:03:52.0437 2360 Changer - ok
00:03:52.0453 2360 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:03:52.0453 2360 CiSvc - ok
00:03:52.0468 2360 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:03:52.0468 2360 ClipSrv - ok
00:03:52.0625 2360 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:03:52.0625 2360 clr_optimization_v2.0.50727_32 - ok
00:03:52.0765 2360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:03:52.0765 2360 clr_optimization_v4.0.30319_32 - ok
00:03:52.0765 2360 CmdIde - ok
00:03:52.0890 2360 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
00:03:52.0921 2360 cmpci - ok
00:03:53.0031 2360 cmuda3 (a0f7d6b070f15ead9f4231b51b246e4c) C:\WINDOWS\system32\drivers\cmudax3.sys
00:03:53.0093 2360 cmuda3 - ok
00:03:53.0156 2360 COMSysApp - ok
00:03:53.0171 2360 Cpqarray - ok
00:03:53.0515 2360 cpuz135 (0283b43c6bc965175a1c92b255d39556) C:\Software\pc-wizard_2012.2.1\pcwiz_x32.sys
00:03:53.0515 2360 cpuz135 - ok
00:03:53.0593 2360 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:03:53.0593 2360 CryptSvc - ok
00:03:53.0593 2360 dac2w2k - ok
00:03:53.0593 2360 dac960nt - ok
00:03:53.0703 2360 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:03:53.0750 2360 DcomLaunch - ok
00:03:53.0921 2360 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:03:53.0921 2360 Dhcp - ok
00:03:54.0109 2360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:03:54.0109 2360 Disk - ok
00:03:54.0109 2360 dmadmin - ok
00:03:54.0359 2360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:03:54.0703 2360 dmboot - ok
00:03:54.0828 2360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:03:54.0843 2360 dmio - ok
00:03:54.0906 2360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:03:54.0921 2360 dmload - ok
00:03:54.0984 2360 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:03:54.0984 2360 dmserver - ok
00:03:55.0125 2360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:03:55.0125 2360 DMusic - ok
00:03:55.0187 2360 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:03:55.0187 2360 Dnscache - ok
00:03:55.0296 2360 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:03:55.0296 2360 Dot3svc - ok
00:03:55.0578 2360 DPFUSMgr (f059897a794e7ffd32012b4293381032) C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
00:03:55.0593 2360 DPFUSMgr - ok
00:03:55.0750 2360 DpHost (ca999cbe2213b3452f48e781a52ab2ad) C:\Program Files\DigitalPersona\Bin\DpHost.exe
00:03:55.0812 2360 DpHost - ok
00:03:55.0921 2360 dpK0Bx01 (aa586b977f26720193e76c6ce4975f0e) C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
00:03:55.0921 2360 dpK0Bx01 - ok
00:03:55.0937 2360 dpti2o - ok
00:03:56.0015 2360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:03:56.0031 2360 drmkaud - ok
00:03:56.0078 2360 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:03:56.0078 2360 EapHost - ok
00:03:56.0140 2360 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
00:03:56.0140 2360 ElbyCDIO - ok
00:03:56.0203 2360 EPSON_PM_RPCV2_01 (9b3ecbf38cc2b378373b7278d36432c6) C:\WINDOWS\system32\E_S00RP1.EXE
00:03:56.0203 2360 EPSON_PM_RPCV2_01 - ok
00:03:56.0234 2360 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:03:56.0234 2360 ERSvc - ok
00:03:56.0296 2360 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:03:56.0296 2360 Eventlog - ok
00:03:56.0359 2360 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:03:56.0375 2360 EventSystem - ok
00:03:56.0437 2360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:03:56.0437 2360 Fastfat - ok
00:03:56.0734 2360 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:03:56.0750 2360 FastUserSwitchingCompatibility - ok
00:03:56.0796 2360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:03:56.0796 2360 Fdc - ok
00:03:56.0812 2360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:03:56.0812 2360 Fips - ok
00:03:56.0828 2360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:03:56.0828 2360 Flpydisk - ok
00:03:56.0906 2360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:03:56.0906 2360 FltMgr - ok
00:03:56.0937 2360 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
00:03:56.0937 2360 FNETURPX - ok
00:03:57.0109 2360 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:03:57.0109 2360 FontCache3.0.0.0 - ok
00:03:57.0125 2360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:03:57.0125 2360 Fs_Rec - ok
00:03:57.0187 2360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:03:57.0187 2360 Ftdisk - ok
00:03:57.0250 2360 FVNETusb (199062d35b8789238a11e9980479336b) C:\WINDOWS\system32\DRIVERS\vnet58lx.sys
00:03:57.0265 2360 FVNETusb - ok
00:03:57.0312 2360 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:03:57.0312 2360 gameenum - ok
00:03:57.0375 2360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:03:57.0375 2360 GEARAspiWDM - ok
00:03:57.0703 2360 GhostStartService (ea0e4af8b6a11b2be17758d371ddf67b) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
00:03:57.0703 2360 GhostStartService - ok
00:03:57.0765 2360 GhPciScan (3a7c94ed99fe7fe05d88b26f97614626) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
00:03:57.0765 2360 GhPciScan - ok
00:03:57.0781 2360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:03:57.0781 2360 Gpc - ok
00:03:57.0781 2360 GTNDIS5 - ok
00:03:57.0937 2360 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:03:57.0953 2360 gupdate - ok
00:03:57.0953 2360 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:03:57.0953 2360 gupdatem - ok
00:03:58.0078 2360 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:03:58.0078 2360 helpsvc - ok
00:03:58.0125 2360 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:03:58.0140 2360 HidServ - ok
00:03:58.0187 2360 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:03:58.0187 2360 hidusb - ok
00:03:58.0250 2360 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:03:58.0265 2360 hkmsvc - ok
00:03:58.0265 2360 hpn - ok
00:03:59.0125 2360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:03:59.0156 2360 HTTP - ok
00:03:59.0250 2360 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:03:59.0250 2360 HTTPFilter - ok
00:03:59.0250 2360 i2omgmt - ok
00:03:59.0265 2360 i2omp - ok
00:03:59.0375 2360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:03:59.0375 2360 i8042prt - ok
00:03:59.0890 2360 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:03:59.0953 2360 ialm - ok
00:04:00.0156 2360 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:04:00.0187 2360 idsvc - ok
00:04:00.0281 2360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:04:00.0281 2360 Imapi - ok
00:04:00.0343 2360 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:04:00.0359 2360 ImapiService - ok
00:04:00.0359 2360 ini910u - ok
00:04:00.0421 2360 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:04:00.0421 2360 IntelIde - ok
00:04:00.0484 2360 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:04:00.0484 2360 intelppm - ok
00:04:00.0484 2360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:04:00.0500 2360 Ip6Fw - ok
00:04:00.0546 2360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:04:00.0546 2360 IpFilterDriver - ok
00:04:00.0562 2360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:04:00.0562 2360 IpInIp - ok
00:04:00.0593 2360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:04:00.0593 2360 IpNat - ok
00:04:00.0718 2360 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
00:04:00.0734 2360 iPod Service - ok
00:04:00.0781 2360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:04:00.0781 2360 IPSec - ok
00:04:00.0843 2360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:04:00.0843 2360 IRENUM - ok
00:04:00.0906 2360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:04:00.0906 2360 isapnp - ok
00:04:00.0984 2360 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
00:04:00.0984 2360 IviRegMgr - ok
00:04:01.0125 2360 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
00:04:01.0140 2360 JavaQuickStarterService - ok
00:04:01.0187 2360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:04:01.0203 2360 Kbdclass - ok
00:04:01.0218 2360 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:04:01.0218 2360 kbdhid - ok
00:04:01.0281 2360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:04:01.0328 2360 kmixer - ok
00:04:01.0375 2360 KMWDFilter (72c55c745d804d62162144ebfd6390b8) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
00:04:01.0390 2360 KMWDFilter - ok
00:04:01.0437 2360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:04:01.0437 2360 KSecDD - ok
00:04:01.0515 2360 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:04:01.0515 2360 LanmanServer - ok
00:04:01.0578 2360 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:04:01.0593 2360 lanmanworkstation - ok
00:04:01.0625 2360 Lavasoft Ad-Aware Service - ok
00:04:01.0640 2360 Lbd - ok
00:04:01.0640 2360 lbrtfdc - ok
00:04:01.0687 2360 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:04:01.0687 2360 LmHosts - ok
00:04:01.0750 2360 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
00:04:01.0750 2360 MaRdPnp - ok
00:04:01.0812 2360 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
00:04:01.0812 2360 MaVctrl - ok
00:04:01.0859 2360 maz500m (b2434b4f7827798abecd2103fb8f64a5) C:\WINDOWS\system32\Drivers\maz500m.sys
00:04:01.0875 2360 maz500m - ok
00:04:01.0921 2360 maz500u (1780e95913319766954f78faaa57c860) C:\WINDOWS\system32\Drivers\maz500u.sys
00:04:01.0921 2360 maz500u - ok
00:04:01.0968 2360 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
00:04:01.0968 2360 MBAMProtector - ok
00:04:02.0093 2360 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:04:02.0109 2360 MBAMService - ok
00:04:02.0218 2360 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:04:02.0234 2360 MDM - ok
00:04:02.0281 2360 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:04:02.0281 2360 Messenger - ok
00:04:02.0343 2360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:04:02.0343 2360 mnmdd - ok
00:04:02.0390 2360 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:04:02.0390 2360 mnmsrvc - ok
00:04:02.0453 2360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:04:02.0453 2360 Modem - ok
00:04:02.0515 2360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:04:02.0515 2360 Mouclass - ok
00:04:02.0578 2360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:04:02.0578 2360 mouhid - ok
00:04:02.0593 2360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:04:02.0593 2360 MountMgr - ok
00:04:02.0656 2360 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:04:02.0656 2360 MpFilter - ok
00:04:02.0671 2360 mraid35x - ok
00:04:02.0687 2360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:04:02.0687 2360 MRxDAV - ok
00:04:02.0765 2360 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:04:02.0781 2360 MRxSmb - ok
00:04:02.0843 2360 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:04:02.0843 2360 MSDTC - ok
00:04:02.0906 2360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:04:02.0906 2360 Msfs - ok
00:04:02.0906 2360 MSIServer - ok
00:04:02.0968 2360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:04:02.0968 2360 MSKSSRV - ok
00:04:03.0125 2360 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:04:03.0125 2360 MsMpSvc - ok
00:04:03.0171 2360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:04:03.0171 2360 MSPCLOCK - ok
00:04:03.0171 2360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:04:03.0171 2360 MSPQM - ok
00:04:03.0203 2360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:04:03.0218 2360 mssmbios - ok
00:04:03.0265 2360 MSSQL$MSSMLBIZ - ok
00:04:03.0281 2360 MSSQLServerADHelper - ok
00:04:03.0343 2360 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:04:03.0343 2360 MSTEE - ok
00:04:03.0406 2360 MTK (7ba76ed9c7ef33b4c8c6041ce6c91a6e) C:\WINDOWS\system32\Drivers\fide.sys
00:04:03.0406 2360 MTK - ok
00:04:03.0468 2360 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:04:03.0468 2360 Mup - ok
00:04:03.0718 2360 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:04:03.0734 2360 NABTSFEC - ok
00:04:03.0796 2360 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:04:03.0812 2360 napagent - ok
00:04:03.0843 2360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:04:03.0859 2360 NDIS - ok
00:04:03.0906 2360 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:04:03.0906 2360 NdisIP - ok
00:04:03.0968 2360 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:04:03.0968 2360 NdisTapi - ok
00:04:04.0031 2360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:04:04.0031 2360 Ndisuio - ok
00:04:04.0062 2360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:04:04.0062 2360 NdisWan - ok
00:04:04.0093 2360 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:04:04.0109 2360 NDProxy - ok
00:04:04.0156 2360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:04:04.0156 2360 NetBIOS - ok
00:04:04.0234 2360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:04:04.0234 2360 NetBT - ok
00:04:04.0343 2360 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:04:04.0375 2360 NetDDE - ok
00:04:04.0406 2360 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:04:04.0406 2360 NetDDEdsdm - ok
00:04:04.0500 2360 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:04.0500 2360 Netlogon - ok
00:04:04.0578 2360 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:04:04.0656 2360 Netman - ok
00:04:04.0984 2360 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:04:05.0031 2360 NetTcpPortSharing - ok
00:04:05.0078 2360 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:04:05.0093 2360 Nla - ok
00:04:05.0171 2360 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\WINDOWS\system32\drivers\NMgamingms.sys
00:04:05.0171 2360 NMgamingmsFltr - ok
00:04:05.0296 2360 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
00:04:05.0296 2360 nosGetPlusHelper - ok
00:04:05.0328 2360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:04:05.0328 2360 Npfs - ok
00:04:05.0406 2360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:04:05.0421 2360 Ntfs - ok
00:04:05.0421 2360 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:05.0437 2360 NtLmSsp - ok
00:04:05.0515 2360 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:04:05.0531 2360 NtmsSvc - ok
00:04:05.0546 2360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:04:05.0562 2360 Null - ok
00:04:05.0609 2360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:04:05.0609 2360 NwlnkFlt - ok
00:04:05.0640 2360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:04:05.0640 2360 NwlnkFwd - ok
00:04:05.0734 2360 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:04:05.0734 2360 ose - ok
00:04:05.0796 2360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:04:05.0796 2360 Parport - ok
00:04:05.0859 2360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:04:05.0859 2360 PartMgr - ok
00:04:05.0906 2360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:04:05.0906 2360 ParVdm - ok
00:04:05.0921 2360 PcdrNdisuio - ok
00:04:05.0984 2360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:04:05.0984 2360 PCI - ok
00:04:05.0984 2360 PCIDump - ok
00:04:06.0046 2360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:04:06.0046 2360 PCIIde - ok
00:04:06.0093 2360 pciinfo (5e8871c8aa5ae8cc7834831211de72c1) C:\WINDOWS\System32\drivers\PCIINFO.SYS
00:04:06.0093 2360 pciinfo - ok
00:04:06.0156 2360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:04:06.0171 2360 Pcmcia - ok
00:04:06.0218 2360 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
00:04:06.0218 2360 pcouffin - ok
00:04:06.0234 2360 PDCOMP - ok
00:04:06.0234 2360 PDFRAME - ok
00:04:06.0234 2360 PDRELI - ok
00:04:06.0250 2360 PDRFRAME - ok
00:04:06.0250 2360 perc2 - ok
00:04:06.0265 2360 perc2hib - ok
00:04:06.0343 2360 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:04:06.0343 2360 PlugPlay - ok
00:04:06.0343 2360 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:06.0359 2360 PolicyAgent - ok
00:04:06.0406 2360 portio (78bdc34b7ec96a7d8b14b2d2d95c388a) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
00:04:06.0406 2360 portio - ok
00:04:06.0593 2360 PORTMON - ok
00:04:06.0640 2360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:04:06.0640 2360 PptpMiniport - ok
00:04:06.0640 2360 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:06.0640 2360 ProtectedStorage - ok
00:04:06.0656 2360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:04:06.0656 2360 PSched - ok
00:04:06.0656 2360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:04:06.0656 2360 Ptilink - ok
00:04:06.0671 2360 ql1080 - ok
00:04:06.0671 2360 Ql10wnt - ok
00:04:06.0687 2360 ql12160 - ok
00:04:06.0687 2360 ql1240 - ok
00:04:06.0687 2360 ql1280 - ok
00:04:06.0781 2360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:04:06.0781 2360 RasAcd - ok
00:04:06.0828 2360 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:04:06.0843 2360 RasAuto - ok
00:04:06.0875 2360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:04:06.0875 2360 Rasl2tp - ok
00:04:06.0921 2360 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:04:06.0937 2360 RasMan - ok
00:04:06.0968 2360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:04:06.0968 2360 RasPppoe - ok
00:04:06.0984 2360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:04:06.0984 2360 Raspti - ok
00:04:07.0015 2360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:04:07.0015 2360 Rdbss - ok
00:04:07.0031 2360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:04:07.0031 2360 RDPCDD - ok
00:04:07.0078 2360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:04:07.0093 2360 rdpdr - ok
00:04:07.0171 2360 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:04:07.0171 2360 RDPWD - ok
00:04:07.0234 2360 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:04:07.0250 2360 RDSessMgr - ok
00:04:07.0296 2360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:04:07.0296 2360 redbook - ok
00:04:07.0359 2360 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:04:07.0359 2360 RemoteAccess - ok
00:04:07.0421 2360 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:04:07.0421 2360 RemoteRegistry - ok
00:04:07.0484 2360 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:04:07.0484 2360 RFCOMM - ok
00:04:07.0484 2360 RimUsb - ok
00:04:07.0546 2360 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:04:07.0562 2360 RimVSerPort - ok
00:04:07.0609 2360 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:04:07.0609 2360 ROOTMODEM - ok
00:04:07.0656 2360 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:04:07.0671 2360 RpcLocator - ok
00:04:07.0718 2360 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:04:07.0734 2360 RpcSs - ok
00:04:07.0750 2360 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:04:07.0765 2360 RSVP - ok
00:04:07.0843 2360 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
00:04:07.0859 2360 RT73 - ok
00:04:07.0906 2360 s3legacy (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys
00:04:07.0921 2360 s3legacy - ok
00:04:07.0968 2360 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:07.0968 2360 SamSs - ok
00:04:08.0015 2360 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:04:08.0031 2360 SCardSvr - ok
00:04:08.0078 2360 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:04:08.0093 2360 Schedule - ok
00:04:08.0250 2360 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
00:04:08.0265 2360 SDHookDriver - ok
00:04:08.0281 2360 SDHookService (5c31070d5a528d637322562e2a30e0e5) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
00:04:08.0281 2360 SDHookService - ok
00:04:08.0375 2360 SDScannerService (d466f51e3ad125621c13abdaf0c5b2ed) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
00:04:08.0390 2360 SDScannerService - ok
00:04:08.0453 2360 SDUpdateService (2dc25b4940bbdd9aeee516adcaebd3c9) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:04:08.0484 2360 SDUpdateService - ok
00:04:08.0609 2360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:04:08.0609 2360 Secdrv - ok
00:04:08.0656 2360 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:04:08.0671 2360 seclogon - ok
00:04:08.0687 2360 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:04:08.0687 2360 SENS - ok
00:04:08.0718 2360 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:04:08.0718 2360 serenum - ok
00:04:08.0734 2360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:04:08.0734 2360 Serial - ok
00:04:08.0781 2360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:04:08.0781 2360 Sfloppy - ok
00:04:08.0859 2360 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:04:08.0906 2360 SharedAccess - ok
00:04:08.0984 2360 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:04:08.0984 2360 ShellHWDetection - ok
00:04:08.0984 2360 Simbad - ok
00:04:09.0062 2360 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:04:09.0062 2360 SLIP - ok
00:04:09.0125 2360 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
00:04:09.0140 2360 smwdm - ok
00:04:09.0140 2360 Sparrow - ok
00:04:09.0171 2360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:04:09.0171 2360 splitter - ok
00:04:09.0250 2360 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:04:09.0250 2360 Spooler - ok
00:04:09.0375 2360 SQLBrowser - ok
00:04:09.0406 2360 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:04:09.0406 2360 SQLWriter - ok
00:04:09.0453 2360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:04:09.0468 2360 sr - ok
00:04:09.0484 2360 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:04:09.0500 2360 srservice - ok
00:04:09.0625 2360 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:04:09.0625 2360 Srv - ok
00:04:09.0687 2360 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:04:09.0687 2360 SSDPSRV - ok
00:04:09.0765 2360 StatusAgent4 (aa09fd16363e4232c68af854e8a26f21) C:\WINDOWS\system32\SAgent4.exe
00:04:09.0765 2360 StatusAgent4 - ok
00:04:09.0843 2360 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:04:09.0875 2360 stisvc - ok
00:04:09.0937 2360 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:04:09.0937 2360 streamip - ok
00:04:09.0968 2360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:04:09.0968 2360 swenum - ok
00:04:10.0140 2360 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:04:10.0156 2360 SwitchBoard - ok
00:04:10.0218 2360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:04:10.0218 2360 swmidi - ok
00:04:10.0234 2360 SwPrv - ok
00:04:10.0234 2360 symc810 - ok
00:04:10.0250 2360 symc8xx - ok
00:04:10.0265 2360 sym_hi - ok
00:04:10.0265 2360 sym_u3 - ok
00:04:10.0343 2360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:04:10.0359 2360 sysaudio - ok
00:04:10.0406 2360 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:04:10.0421 2360 SysmonLog - ok
00:04:10.0468 2360 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:04:10.0484 2360 TapiSrv - ok
00:04:10.0546 2360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:04:10.0562 2360 Tcpip - ok
00:04:10.0640 2360 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
00:04:10.0656 2360 Tcpip6 - ok
00:04:10.0703 2360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:04:10.0718 2360 TDPIPE - ok
00:04:10.0750 2360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:04:10.0750 2360 TDTCP - ok
00:04:10.0812 2360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:04:10.0812 2360 TermDD - ok
00:04:10.0890 2360 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:04:10.0906 2360 TermService - ok
00:04:11.0000 2360 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:04:11.0000 2360 Themes - ok
00:04:11.0265 2360 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:04:11.0265 2360 TlntSvr - ok
00:04:11.0281 2360 TMPassthruMP - ok
00:04:11.0281 2360 TosIde - ok
00:04:11.0515 2360 TPM (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
00:04:11.0515 2360 TPM - ok
00:04:11.0546 2360 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:04:11.0546 2360 TrkWks - ok
00:04:11.0609 2360 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
00:04:11.0609 2360 tunmp - ok
00:04:11.0625 2360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:04:11.0625 2360 Udfs - ok
00:04:11.0640 2360 ultra - ok
00:04:11.0718 2360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:04:11.0718 2360 Update - ok
00:04:11.0781 2360 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:04:11.0843 2360 upnphost - ok
00:04:11.0859 2360 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:04:11.0859 2360 UPS - ok
00:04:11.0921 2360 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:04:11.0921 2360 USBAAPL - ok
00:04:11.0984 2360 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:04:11.0984 2360 usbaudio - ok
00:04:12.0046 2360 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:04:12.0062 2360 usbccgp - ok
00:04:12.0109 2360 UsbdpFP (334fd1ed28cf35113522d86733ab576c) C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
00:04:12.0109 2360 UsbdpFP - ok
00:04:12.0171 2360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:04:12.0171 2360 usbehci - ok
00:04:12.0234 2360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:04:12.0234 2360 usbhub - ok
00:04:12.0296 2360 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:04:12.0296 2360 usbscan - ok
00:04:12.0359 2360 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:04:12.0359 2360 USBSTOR - ok
00:04:12.0359 2360 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:04:12.0359 2360 usbuhci - ok
00:04:12.0421 2360 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:04:12.0437 2360 usbvideo - ok
00:04:12.0500 2360 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
00:04:12.0500 2360 VClone - ok
00:04:12.0546 2360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:04:12.0562 2360 VgaSave - ok
00:04:12.0562 2360 ViaIde - ok
00:04:12.0625 2360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:04:12.0625 2360 VolSnap - ok
00:04:12.0703 2360 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:04:12.0734 2360 VSS - ok
00:04:12.0781 2360 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:04:12.0796 2360 W32Time - ok
00:04:12.0859 2360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:04:12.0859 2360 Wanarp - ok
00:04:12.0937 2360 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:04:12.0953 2360 Wdf01000 - ok
00:04:12.0968 2360 WDICA - ok
00:04:13.0015 2360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:04:13.0015 2360 wdmaud - ok
00:04:13.0078 2360 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:04:13.0078 2360 WebClient - ok
00:04:13.0250 2360 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe
00:04:13.0265 2360 WHSConnector - ok
00:04:13.0453 2360 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:04:13.0468 2360 winmgmt - ok
00:04:13.0609 2360 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:04:13.0640 2360 wlidsvc - ok
00:04:13.0796 2360 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
00:04:13.0796 2360 WmdmPmSN - ok
00:04:13.0875 2360 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:04:13.0890 2360 Wmi - ok
00:04:14.0000 2360 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:04:14.0000 2360 WmiApSrv - ok
00:04:14.0187 2360 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:04:14.0218 2360 WMPNetworkSvc - ok
00:04:14.0718 2360 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:04:14.0734 2360 WPFFontCache_v0400 - ok
00:04:14.0828 2360 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:04:14.0828 2360 WS2IFSL - ok
00:04:14.0906 2360 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:04:14.0906 2360 wscsvc - ok
00:04:14.0968 2360 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:04:14.0968 2360 WSTCODEC - ok
00:04:15.0015 2360 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:04:15.0031 2360 wuauserv - ok
00:04:15.0078 2360 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:04:15.0093 2360 WudfPf - ok
00:04:15.0109 2360 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:04:15.0125 2360 WudfRd - ok
00:04:15.0171 2360 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:04:15.0187 2360 WudfSvc - ok
00:04:15.0250 2360 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:04:15.0265 2360 WZCSVC - ok
00:04:15.0500 2360 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:04:15.0515 2360 xmlprov - ok
00:04:15.0687 2360 XobniService (cfffa72de54c56ae26400753f5f6a482) C:\Program Files\Xobni\XobniService.exe
00:04:15.0687 2360 XobniService - ok
00:04:15.0687 2360 zumbus - ok
00:04:15.0734 2360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:04:16.0250 2360 \Device\Harddisk0\DR0 - ok
00:04:16.0265 2360 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:04:16.0265 2360 \Device\Harddisk1\DR2 - ok
00:04:16.0281 2360 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
00:04:16.0328 2360 \Device\Harddisk2\DR4 - ok
00:04:16.0359 2360 Boot (0x1200) (a05958f90f03d8c816c74e51e950f65d) \Device\Harddisk0\DR0\Partition0
00:04:16.0359 2360 \Device\Harddisk0\DR0\Partition0 - ok
00:04:16.0359 2360 Boot (0x1200) (18e1ce3759d9559f4f2c7de5a497cfe7) \Device\Harddisk1\DR2\Partition0
00:04:16.0359 2360 \Device\Harddisk1\DR2\Partition0 - ok
00:04:16.0359 2360 Boot (0x1200) (51ba0b33e395fb026df58da40922d240) \Device\Harddisk2\DR4\Partition0
00:04:16.0375 2360 \Device\Harddisk2\DR4\Partition0 - ok
00:04:16.0375 2360 ============================================================
00:04:16.0375 2360 Scan finished
00:04:16.0375 2360 ============================================================
00:04:16.0390 3596 Detected object count: 0
00:04:16.0390 3596 Actual detected object count: 0
00:04:46.0265 0528 ============================================================
00:04:46.0265 0528 Scan started
00:04:46.0265 0528 Mode: Manual;
00:04:46.0265 0528 ============================================================
00:04:46.0890 0528 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
00:04:46.0890 0528 6to4 - ok
00:04:46.0906 0528 Abiosdsk - ok
00:04:46.0906 0528 abp480n5 - ok
00:04:46.0984 0528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:04:46.0984 0528 ACPI - ok
00:04:47.0031 0528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:04:47.0031 0528 ACPIEC - ok
00:04:47.0046 0528 adpu160m - ok
00:04:47.0109 0528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:04:47.0109 0528 aec - ok
00:04:47.0171 0528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:04:47.0171 0528 AFD - ok
00:04:47.0187 0528 Aha154x - ok
00:04:47.0187 0528 aic78u2 - ok
00:04:47.0187 0528 aic78xx - ok
00:04:47.0250 0528 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:04:47.0250 0528 Alerter - ok
00:04:47.0312 0528 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:04:47.0312 0528 ALG - ok
00:04:47.0328 0528 AliIde - ok
00:04:47.0328 0528 amsint - ok
00:04:47.0390 0528 AnyDVD (99b278c7206221b1f2a4743eb76ca049) C:\WINDOWS\system32\Drivers\AnyDVD.sys
00:04:47.0390 0528 AnyDVD - ok
00:04:47.0531 0528 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
00:04:47.0531 0528 Apple Mobile Device - ok
00:04:47.0593 0528 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:04:47.0593 0528 AppMgmt - ok
00:04:47.0593 0528 asc - ok
00:04:47.0593 0528 asc3350p - ok
00:04:47.0609 0528 asc3550 - ok
00:04:47.0703 0528 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys
00:04:47.0703 0528 ASPI32 - ok
00:04:47.0843 0528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:04:47.0843 0528 aspnet_state - ok
00:04:47.0890 0528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:04:47.0890 0528 AsyncMac - ok
00:04:47.0953 0528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:04:47.0953 0528 atapi - ok
00:04:47.0953 0528 Atdisk - ok
00:04:47.0984 0528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:04:47.0984 0528 Atmarpc - ok
00:04:48.0046 0528 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:04:48.0046 0528 AudioSrv - ok
00:04:48.0109 0528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:04:48.0109 0528 audstub - ok
00:04:48.0171 0528 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:04:48.0171 0528 b57w2k - ok
00:04:48.0234 0528 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\WINDOWS\system32\DRIVERS\BackupReader.sys
00:04:48.0234 0528 BackupReader - ok
00:04:48.0296 0528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:04:48.0296 0528 Beep - ok
00:04:48.0359 0528 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:04:48.0375 0528 BITS - ok
00:04:48.0437 0528 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
00:04:48.0437 0528 bkn50USB - ok
00:04:48.0546 0528 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
00:04:48.0546 0528 Bonjour Service - ok
00:04:48.0609 0528 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:04:48.0609 0528 Bridge - ok
00:04:48.0609 0528 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:04:48.0609 0528 BridgeMP - ok
00:04:48.0671 0528 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:04:48.0671 0528 Browser - ok
00:04:48.0734 0528 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:04:48.0734 0528 BthEnum - ok
00:04:48.0796 0528 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
00:04:48.0796 0528 BTHMODEM - ok
00:04:48.0828 0528 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:04:48.0828 0528 BthPan - ok
00:04:48.0875 0528 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
00:04:48.0875 0528 BTHPORT - ok
00:04:48.0921 0528 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
00:04:48.0921 0528 BthServ - ok
00:04:48.0968 0528 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:04:48.0968 0528 BTHUSB - ok
00:04:49.0187 0528 catchme - ok
00:04:49.0234 0528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:04:49.0234 0528 cbidf2k - ok
00:04:49.0296 0528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:04:49.0296 0528 CCDECODE - ok
00:04:49.0296 0528 cd20xrnt - ok
00:04:49.0359 0528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:04:49.0359 0528 Cdaudio - ok
00:04:49.0437 0528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:04:49.0437 0528 Cdfs - ok
00:04:49.0500 0528 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:04:49.0500 0528 Cdrom - ok
00:04:49.0500 0528 Changer - ok
00:04:49.0515 0528 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:04:49.0515 0528 CiSvc - ok
00:04:49.0531 0528 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:04:49.0546 0528 ClipSrv - ok
00:04:49.0687 0528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:49.0687 0528 clr_optimization_v2.0.50727_32 - ok
00:04:49.0828 0528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:04:49.0828 0528 clr_optimization_v4.0.30319_32 - ok
00:04:49.0828 0528 CmdIde - ok
00:04:49.0906 0528 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
00:04:49.0906 0528 cmpci - ok
00:04:49.0984 0528 cmuda3 (a0f7d6b070f15ead9f4231b51b246e4c) C:\WINDOWS\system32\drivers\cmudax3.sys
00:04:50.0000 0528 cmuda3 - ok
00:04:50.0046 0528 COMSysApp - ok
00:04:50.0046 0528 Cpqarray - ok
00:04:50.0218 0528 cpuz135 (0283b43c6bc965175a1c92b255d39556) C:\Software\pc-wizard_2012.2.1\pcwiz_x32.sys
00:04:50.0218 0528 cpuz135 - ok
00:04:50.0281 0528 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:04:50.0281 0528 CryptSvc - ok
00:04:50.0296 0528 dac2w2k - ok
00:04:50.0296 0528 dac960nt - ok
00:04:50.0375 0528 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:04:50.0375 0528 DcomLaunch - ok
00:04:50.0437 0528 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:04:50.0437 0528 Dhcp - ok
00:04:50.0500 0528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:04:50.0500 0528 Disk - ok
00:04:50.0515 0528 dmadmin - ok
00:04:50.0593 0528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:04:50.0593 0528 dmboot - ok
00:04:50.0625 0528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:04:50.0625 0528 dmio - ok
00:04:50.0656 0528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:04:50.0656 0528 dmload - ok
00:04:50.0687 0528 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:04:50.0703 0528 dmserver - ok
00:04:50.0765 0528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:04:50.0765 0528 DMusic - ok
00:04:50.0812 0528 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:04:50.0828 0528 Dnscache - ok
00:04:50.0890 0528 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:04:50.0890 0528 Dot3svc - ok
00:04:51.0046 0528 DPFUSMgr (f059897a794e7ffd32012b4293381032) C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
00:04:51.0046 0528 DPFUSMgr - ok
00:04:51.0109 0528 DpHost (ca999cbe2213b3452f48e781a52ab2ad) C:\Program Files\DigitalPersona\Bin\DpHost.exe
00:04:51.0109 0528 DpHost - ok
00:04:51.0187 0528 dpK0Bx01 (aa586b977f26720193e76c6ce4975f0e) C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
00:04:51.0187 0528 dpK0Bx01 - ok
00:04:51.0187 0528 dpti2o - ok
00:04:51.0250 0528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:04:51.0250 0528 drmkaud - ok
00:04:51.0296 0528 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:04:51.0296 0528 EapHost - ok
00:04:51.0359 0528 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
00:04:51.0359 0528 ElbyCDIO - ok
00:04:51.0421 0528 EPSON_PM_RPCV2_01 (9b3ecbf38cc2b378373b7278d36432c6) C:\WINDOWS\system32\E_S00RP1.EXE
00:04:51.0421 0528 EPSON_PM_RPCV2_01 - ok
00:04:51.0437 0528 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:04:51.0437 0528 ERSvc - ok
00:04:51.0500 0528 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:04:51.0515 0528 Eventlog - ok
00:04:51.0578 0528 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:04:51.0578 0528 EventSystem - ok
00:04:51.0640 0528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:04:51.0640 0528 Fastfat - ok
00:04:51.0718 0528 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:04:51.0718 0528 FastUserSwitchingCompatibility - ok
00:04:51.0781 0528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:04:51.0781 0528 Fdc - ok
00:04:51.0796 0528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:04:51.0796 0528 Fips - ok
00:04:51.0812 0528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:04:51.0812 0528 Flpydisk - ok
00:04:51.0875 0528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:04:51.0875 0528 FltMgr - ok
00:04:51.0906 0528 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
00:04:51.0906 0528 FNETURPX - ok
00:04:52.0078 0528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:04:52.0078 0528 FontCache3.0.0.0 - ok
00:04:52.0140 0528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:04:52.0140 0528 Fs_Rec - ok
00:04:52.0203 0528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:04:52.0203 0528 Ftdisk - ok
00:04:52.0265 0528 FVNETusb (199062d35b8789238a11e9980479336b) C:\WINDOWS\system32\DRIVERS\vnet58lx.sys
00:04:52.0265 0528 FVNETusb - ok
00:04:52.0312 0528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:04:52.0312 0528 gameenum - ok
00:04:52.0375 0528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:04:52.0375 0528 GEARAspiWDM - ok
00:04:52.0562 0528 GhostStartService (ea0e4af8b6a11b2be17758d371ddf67b) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
00:04:52.0562 0528 GhostStartService - ok
00:04:52.0593 0528 GhPciScan (3a7c94ed99fe7fe05d88b26f97614626) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
00:04:52.0593 0528 GhPciScan - ok
00:04:52.0609 0528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:04:52.0609 0528 Gpc - ok
00:04:52.0609 0528 GTNDIS5 - ok
00:04:52.0765 0528 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:04:52.0765 0528 gupdate - ok
00:04:52.0781 0528 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:04:52.0781 0528 gupdatem - ok
00:04:52.0890 0528 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:04:52.0890 0528 helpsvc - ok
00:04:52.0953 0528 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:04:52.0953 0528 HidServ - ok
00:04:53.0015 0528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:04:53.0015 0528 hidusb - ok
00:04:53.0078 0528 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:04:53.0078 0528 hkmsvc - ok
00:04:53.0078 0528 hpn - ok
00:04:53.0140 0528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:04:53.0156 0528 HTTP - ok
00:04:53.0203 0528 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:04:53.0203 0528 HTTPFilter - ok
00:04:53.0218 0528 i2omgmt - ok
00:04:53.0218 0528 i2omp - ok
00:04:53.0281 0528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:04:53.0281 0528 i8042prt - ok
00:04:53.0359 0528 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:04:53.0375 0528 ialm - ok
00:04:53.0562 0528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:04:53.0578 0528 idsvc - ok
00:04:53.0671 0528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:04:53.0671 0528 Imapi - ok
00:04:53.0734 0528 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:04:53.0734 0528 ImapiService - ok
00:04:53.0750 0528 ini910u - ok
00:04:53.0812 0528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:04:53.0812 0528 IntelIde - ok
00:04:53.0875 0528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:04:53.0875 0528 intelppm - ok
00:04:53.0890 0528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:04:53.0890 0528 Ip6Fw - ok
00:04:54.0046 0528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:04:54.0046 0528 IpFilterDriver - ok
00:04:54.0218 0528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:04:54.0218 0528 IpInIp - ok
00:04:54.0343 0528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:04:54.0343 0528 IpNat - ok
00:04:54.0468 0528 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
00:04:54.0468 0528 iPod Service - ok
00:04:54.0515 0528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:04:54.0515 0528 IPSec - ok
00:04:54.0578 0528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:04:54.0578 0528 IRENUM - ok
00:04:54.0640 0528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:04:54.0640 0528 isapnp - ok
00:04:54.0703 0528 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
00:04:54.0703 0528 IviRegMgr - ok
00:04:54.0875 0528 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
00:04:54.0890 0528 JavaQuickStarterService - ok
00:04:54.0937 0528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:04:54.0937 0528 Kbdclass - ok
00:04:54.0953 0528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:04:54.0953 0528 kbdhid - ok
00:04:55.0015 0528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:04:55.0015 0528 kmixer - ok
00:04:55.0062 0528 KMWDFilter (72c55c745d804d62162144ebfd6390b8) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
00:04:55.0062 0528 KMWDFilter - ok
00:04:55.0125 0528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:04:55.0125 0528 KSecDD - ok
00:04:55.0187 0528 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:04:55.0187 0528 LanmanServer - ok
00:04:55.0250 0528 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:04:55.0250 0528 lanmanworkstation - ok
00:04:55.0281 0528 Lavasoft Ad-Aware Service - ok
00:04:55.0296 0528 Lbd - ok
00:04:55.0296 0528 lbrtfdc - ok
00:04:55.0390 0528 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:04:55.0390 0528 LmHosts - ok
00:04:55.0437 0528 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
00:04:55.0437 0528 MaRdPnp - ok
00:04:55.0500 0528 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
00:04:55.0500 0528 MaVctrl - ok
00:04:55.0546 0528 maz500m (b2434b4f7827798abecd2103fb8f64a5) C:\WINDOWS\system32\Drivers\maz500m.sys
00:04:55.0546 0528 maz500m - ok
00:04:55.0609 0528 maz500u (1780e95913319766954f78faaa57c860) C:\WINDOWS\system32\Drivers\maz500u.sys
00:04:55.0609 0528 maz500u - ok
00:04:55.0656 0528 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
00:04:55.0656 0528 MBAMProtector - ok
00:04:55.0781 0528 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:04:55.0781 0528 MBAMService - ok
00:04:55.0890 0528 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:04:55.0890 0528 MDM - ok
00:04:55.0953 0528 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:04:55.0953 0528 Messenger - ok
00:04:56.0015 0528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:04:56.0015 0528 mnmdd - ok
00:04:56.0062 0528 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:04:56.0062 0528 mnmsrvc - ok
00:04:56.0109 0528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:04:56.0109 0528 Modem - ok
00:04:56.0171 0528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:04:56.0171 0528 Mouclass - ok
00:04:56.0234 0528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:04:56.0234 0528 mouhid - ok
00:04:56.0250 0528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:04:56.0250 0528 MountMgr - ok
00:04:56.0312 0528 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:04:56.0312 0528 MpFilter - ok
00:04:56.0312 0528 mraid35x - ok
00:04:56.0343 0528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:04:56.0343 0528 MRxDAV - ok
00:04:56.0421 0528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:04:56.0421 0528 MRxSmb - ok
00:04:56.0468 0528 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:04:56.0468 0528 MSDTC - ok
00:04:56.0531 0528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:04:56.0531 0528 Msfs - ok
00:04:56.0531 0528 MSIServer - ok
00:04:56.0593 0528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:04:56.0593 0528 MSKSSRV - ok
00:04:56.0765 0528 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:04:56.0765 0528 MsMpSvc - ok
00:04:56.0796 0528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:04:56.0796 0528 MSPCLOCK - ok
00:04:56.0812 0528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:04:56.0812 0528 MSPQM - ok
00:04:56.0859 0528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:04:56.0859 0528 mssmbios - ok
00:04:56.0906 0528 MSSQL$MSSMLBIZ - ok
00:04:56.0937 0528 MSSQLServerADHelper - ok
00:04:56.0984 0528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:04:56.0984 0528 MSTEE - ok
00:04:57.0046 0528 MTK (7ba76ed9c7ef33b4c8c6041ce6c91a6e) C:\WINDOWS\system32\Drivers\fide.sys
00:04:57.0046 0528 MTK - ok
00:04:57.0109 0528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:04:57.0109 0528 Mup - ok
00:04:57.0171 0528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:04:57.0171 0528 NABTSFEC - ok
00:04:57.0234 0528 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:04:57.0250 0528 napagent - ok
00:04:57.0281 0528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:04:57.0281 0528 NDIS - ok
00:04:57.0328 0528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:04:57.0328 0528 NdisIP - ok
00:04:57.0390 0528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:04:57.0390 0528 NdisTapi - ok
00:04:57.0437 0528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:04:57.0453 0528 Ndisuio - ok
00:04:57.0484 0528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:04:57.0484 0528 NdisWan - ok
00:04:57.0515 0528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:04:57.0515 0528 NDProxy - ok
00:04:57.0578 0528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:04:57.0578 0528 NetBIOS - ok
00:04:57.0640 0528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:04:57.0640 0528 NetBT - ok
00:04:57.0718 0528 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:04:57.0718 0528 NetDDE - ok
00:04:57.0718 0528 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:04:57.0718 0528 NetDDEdsdm - ok
00:04:57.0781 0528 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:57.0781 0528 Netlogon - ok
00:04:57.0843 0528 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:04:57.0859 0528 Netman - ok
00:04:58.0046 0528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:04:58.0046 0528 NetTcpPortSharing - ok
00:04:58.0109 0528 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:04:58.0109 0528 Nla - ok
00:04:58.0171 0528 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\WINDOWS\system32\drivers\NMgamingms.sys
00:04:58.0171 0528 NMgamingmsFltr - ok
00:04:58.0296 0528 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
00:04:58.0312 0528 nosGetPlusHelper - ok
00:04:58.0328 0528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:04:58.0328 0528 Npfs - ok
00:04:58.0406 0528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:04:58.0406 0528 Ntfs - ok
00:04:58.0421 0528 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:58.0421 0528 NtLmSsp - ok
00:04:58.0468 0528 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:04:58.0468 0528 NtmsSvc - ok
00:04:58.0531 0528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:04:58.0531 0528 Null - ok
00:04:58.0578 0528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:04:58.0578 0528 NwlnkFlt - ok
00:04:58.0609 0528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:04:58.0609 0528 NwlnkFwd - ok
00:04:58.0687 0528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:04:58.0687 0528 ose - ok
00:04:58.0750 0528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:04:58.0750 0528 Parport - ok
00:04:58.0812 0528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:04:58.0812 0528 PartMgr - ok
00:04:58.0859 0528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:04:58.0859 0528 ParVdm - ok
00:04:58.0875 0528 PcdrNdisuio - ok
00:04:58.0937 0528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:04:58.0937 0528 PCI - ok
00:04:58.0937 0528 PCIDump - ok
00:04:59.0000 0528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:04:59.0000 0528 PCIIde - ok
00:04:59.0046 0528 pciinfo (5e8871c8aa5ae8cc7834831211de72c1) C:\WINDOWS\System32\drivers\PCIINFO.SYS
00:04:59.0046 0528 pciinfo - ok
00:04:59.0109 0528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:04:59.0109 0528 Pcmcia - ok
00:04:59.0156 0528 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
00:04:59.0156 0528 pcouffin - ok
00:04:59.0171 0528 PDCOMP - ok
00:04:59.0171 0528 PDFRAME - ok
00:04:59.0171 0528 PDRELI - ok
00:04:59.0187 0528 PDRFRAME - ok
00:04:59.0187 0528 perc2 - ok
00:04:59.0203 0528 perc2hib - ok
00:04:59.0265 0528 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:04:59.0281 0528 PlugPlay - ok
00:04:59.0281 0528 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:59.0281 0528 PolicyAgent - ok
00:04:59.0343 0528 portio (78bdc34b7ec96a7d8b14b2d2d95c388a) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
00:04:59.0343 0528 portio - ok
00:04:59.0531 0528 PORTMON - ok
00:04:59.0578 0528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:04:59.0578 0528 PptpMiniport - ok
00:04:59.0593 0528 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:04:59.0593 0528 ProtectedStorage - ok
00:04:59.0593 0528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:04:59.0593 0528 PSched - ok
00:04:59.0671 0528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:04:59.0671 0528 Ptilink - ok
00:04:59.0671 0528 ql1080 - ok
00:04:59.0671 0528 Ql10wnt - ok
00:04:59.0687 0528 ql12160 - ok
00:04:59.0687 0528 ql1240 - ok
00:04:59.0703 0528 ql1280 - ok
00:04:59.0750 0528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:04:59.0750 0528 RasAcd - ok
00:04:59.0812 0528 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:04:59.0812 0528 RasAuto - ok
00:04:59.0843 0528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:04:59.0843 0528 Rasl2tp - ok
00:04:59.0875 0528 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:04:59.0890 0528 RasMan - ok
00:04:59.0921 0528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:04:59.0921 0528 RasPppoe - ok
00:04:59.0968 0528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:04:59.0968 0528 Raspti - ok
00:05:00.0000 0528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:05:00.0000 0528 Rdbss - ok
00:05:00.0046 0528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:05:00.0046 0528 RDPCDD - ok
00:05:00.0109 0528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:05:00.0109 0528 rdpdr - ok
00:05:00.0171 0528 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:05:00.0171 0528 RDPWD - ok
00:05:00.0218 0528 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:05:00.0218 0528 RDSessMgr - ok
00:05:00.0265 0528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:05:00.0265 0528 redbook - ok
00:05:00.0328 0528 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:05:00.0328 0528 RemoteAccess - ok
00:05:00.0390 0528 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:05:00.0390 0528 RemoteRegistry - ok
00:05:00.0453 0528 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:05:00.0453 0528 RFCOMM - ok
00:05:00.0453 0528 RimUsb - ok
00:05:00.0515 0528 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:05:00.0515 0528 RimVSerPort - ok
00:05:00.0578 0528 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:05:00.0578 0528 ROOTMODEM - ok
00:05:00.0625 0528 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:05:00.0625 0528 RpcLocator - ok
00:05:00.0687 0528 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:05:00.0687 0528 RpcSs - ok
00:05:00.0750 0528 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:05:00.0750 0528 RSVP - ok
00:05:00.0812 0528 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
00:05:00.0828 0528 RT73 - ok
00:05:00.0875 0528 s3legacy (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys
00:05:00.0875 0528 s3legacy - ok
00:05:00.0937 0528 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:05:00.0937 0528 SamSs - ok
00:05:00.0984 0528 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:05:00.0984 0528 SCardSvr - ok
00:05:01.0046 0528 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:05:01.0046 0528 Schedule - ok
00:05:01.0218 0528 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
00:05:01.0218 0528 SDHookDriver - ok
00:05:01.0234 0528 SDHookService (5c31070d5a528d637322562e2a30e0e5) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
00:05:01.0234 0528 SDHookService - ok
00:05:01.0328 0528 SDScannerService (d466f51e3ad125621c13abdaf0c5b2ed) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
00:05:01.0328 0528 SDScannerService - ok
00:05:01.0375 0528 SDUpdateService (2dc25b4940bbdd9aeee516adcaebd3c9) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:05:01.0375 0528 SDUpdateService - ok
00:05:01.0500 0528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:05:01.0500 0528 Secdrv - ok
00:05:01.0562 0528 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:05:01.0562 0528 seclogon - ok
00:05:01.0578 0528 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:05:01.0578 0528 SENS - ok
00:05:01.0640 0528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:05:01.0640 0528 serenum - ok
00:05:01.0656 0528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:05:01.0656 0528 Serial - ok
00:05:01.0703 0528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:05:01.0703 0528 Sfloppy - ok
00:05:01.0781 0528 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:05:01.0781 0528 SharedAccess - ok
00:05:01.0843 0528 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:05:01.0843 0528 ShellHWDetection - ok
00:05:01.0843 0528 Simbad - ok
00:05:01.0906 0528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:05:01.0906 0528 SLIP - ok
00:05:02.0000 0528 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
00:05:02.0000 0528 smwdm - ok
00:05:02.0000 0528 Sparrow - ok
00:05:02.0031 0528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:05:02.0031 0528 splitter - ok
00:05:02.0093 0528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:05:02.0093 0528 Spooler - ok
00:05:02.0203 0528 SQLBrowser - ok
00:05:02.0234 0528 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:05:02.0234 0528 SQLWriter - ok
00:05:02.0296 0528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:05:02.0296 0528 sr - ok
00:05:02.0312 0528 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:05:02.0312 0528 srservice - ok
00:05:02.0375 0528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:05:02.0390 0528 Srv - ok
00:05:02.0453 0528 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:05:02.0453 0528 SSDPSRV - ok
00:05:02.0515 0528 StatusAgent4 (aa09fd16363e4232c68af854e8a26f21) C:\WINDOWS\system32\SAgent4.exe
00:05:02.0515 0528 StatusAgent4 - ok
00:05:02.0593 0528 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:05:02.0593 0528 stisvc - ok
00:05:02.0656 0528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:05:02.0656 0528 streamip - ok
00:05:02.0718 0528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:05:02.0718 0528 swenum - ok
00:05:02.0890 0528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:05:02.0890 0528 SwitchBoard - ok
00:05:02.0953 0528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:05:02.0953 0528 swmidi - ok
00:05:02.0968 0528 SwPrv - ok
00:05:02.0968 0528 symc810 - ok
00:05:02.0984 0528 symc8xx - ok
00:05:02.0984 0528 sym_hi - ok
00:05:03.0000 0528 sym_u3 - ok
00:05:03.0046 0528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:05:03.0046 0528 sysaudio - ok
00:05:03.0093 0528 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:05:03.0093 0528 SysmonLog - ok
00:05:03.0140 0528 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:05:03.0140 0528 TapiSrv - ok
00:05:03.0203 0528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:05:03.0203 0528 Tcpip - ok
00:05:03.0281 0528 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
00:05:03.0281 0528 Tcpip6 - ok
00:05:03.0343 0528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:05:03.0343 0528 TDPIPE - ok
00:05:03.0359 0528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:05:03.0359 0528 TDTCP - ok
00:05:03.0421 0528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:05:03.0421 0528 TermDD - ok
00:05:03.0484 0528 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:05:03.0484 0528 TermService - ok
00:05:03.0562 0528 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:05:03.0562 0528 Themes - ok
00:05:03.0609 0528 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:05:03.0609 0528 TlntSvr - ok
00:05:03.0625 0528 TMPassthruMP - ok
00:05:03.0625 0528 TosIde - ok
00:05:03.0703 0528 TPM (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
00:05:03.0703 0528 TPM - ok
00:05:03.0765 0528 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:05:03.0765 0528 TrkWks - ok
00:05:03.0796 0528 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
00:05:03.0796 0528 tunmp - ok
00:05:03.0812 0528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:05:03.0812 0528 Udfs - ok
00:05:03.0812 0528 ultra - ok
00:05:03.0890 0528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:05:03.0890 0528 Update - ok
00:05:03.0953 0528 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:05:03.0968 0528 upnphost - ok
00:05:03.0984 0528 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:05:03.0984 0528 UPS - ok
00:05:04.0125 0528 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:05:04.0125 0528 USBAAPL - ok
00:05:04.0328 0528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:05:04.0343 0528 usbaudio - ok
00:05:04.0468 0528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:05:04.0468 0528 usbccgp - ok
00:05:04.0515 0528 UsbdpFP (334fd1ed28cf35113522d86733ab576c) C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
00:05:04.0515 0528 UsbdpFP - ok
00:05:04.0578 0528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:05:04.0578 0528 usbehci - ok
00:05:04.0640 0528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:05:04.0640 0528 usbhub - ok
00:05:04.0703 0528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:05:04.0703 0528 usbscan - ok
00:05:04.0765 0528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:05:04.0765 0528 USBSTOR - ok
00:05:04.0781 0528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:05:04.0781 0528 usbuhci - ok
00:05:04.0843 0528 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:05:04.0843 0528 usbvideo - ok
00:05:04.0890 0528 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
00:05:04.0890 0528 VClone - ok
00:05:04.0953 0528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:05:04.0953 0528 VgaSave - ok
00:05:04.0968 0528 ViaIde - ok
00:05:05.0031 0528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:05:05.0031 0528 VolSnap - ok
00:05:05.0093 0528 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:05:05.0093 0528 VSS - ok
00:05:05.0156 0528 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:05:05.0156 0528 W32Time - ok
00:05:05.0187 0528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:05:05.0187 0528 Wanarp - ok
00:05:05.0250 0528 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:05:05.0265 0528 Wdf01000 - ok
00:05:05.0265 0528 WDICA - ok
00:05:05.0328 0528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:05:05.0328 0528 wdmaud - ok
00:05:05.0390 0528 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:05:05.0406 0528 WebClient - ok
00:05:05.0562 0528 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe
00:05:05.0578 0528 WHSConnector - ok
00:05:05.0703 0528 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:05:05.0703 0528 winmgmt - ok
00:05:05.0843 0528 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:05:05.0859 0528 wlidsvc - ok
00:05:05.0984 0528 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
00:05:05.0984 0528 WmdmPmSN - ok
00:05:06.0078 0528 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:05:06.0078 0528 Wmi - ok
00:05:06.0171 0528 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:05:06.0171 0528 WmiApSrv - ok
00:05:06.0359 0528 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:05:06.0359 0528 WMPNetworkSvc - ok
00:05:06.0593 0528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:05:06.0609 0528 WPFFontCache_v0400 - ok
00:05:06.0703 0528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:05:06.0703 0528 WS2IFSL - ok
00:05:06.0781 0528 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:05:06.0781 0528 wscsvc - ok
00:05:06.0843 0528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:05:06.0843 0528 WSTCODEC - ok
00:05:06.0906 0528 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:05:06.0906 0528 wuauserv - ok
00:05:06.0968 0528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:05:06.0968 0528 WudfPf - ok
00:05:06.0984 0528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:05:06.0984 0528 WudfRd - ok
00:05:07.0046 0528 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:05:07.0046 0528 WudfSvc - ok
00:05:07.0109 0528 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:05:07.0109 0528 WZCSVC - ok
00:05:07.0140 0528 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:05:07.0140 0528 xmlprov - ok
00:05:07.0312 0528 XobniService (cfffa72de54c56ae26400753f5f6a482) C:\Program Files\Xobni\XobniService.exe
00:05:07.0312 0528 XobniService - ok
00:05:07.0328 0528 zumbus - ok
00:05:07.0390 0528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:05:07.0843 0528 \Device\Harddisk0\DR0 - ok
00:05:07.0843 0528 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:05:07.0859 0528 \Device\Harddisk1\DR2 - ok
00:05:07.0859 0528 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
00:05:07.0921 0528 \Device\Harddisk2\DR4 - ok
00:05:07.0921 0528 Boot (0x1200) (a05958f90f03d8c816c74e51e950f65d) \Device\Harddisk0\DR0\Partition0
00:05:07.0921 0528 \Device\Harddisk0\DR0\Partition0 - ok
00:05:07.0921 0528 Boot (0x1200) (18e1ce3759d9559f4f2c7de5a497cfe7) \Device\Harddisk1\DR2\Partition0
00:05:07.0937 0528 \Device\Harddisk1\DR2\Partition0 - ok
00:05:07.0937 0528 Boot (0x1200) (51ba0b33e395fb026df58da40922d240) \Device\Harddisk2\DR4\Partition0
00:05:07.0937 0528 \Device\Harddisk2\DR4\Partition0 - ok
00:05:07.0937 0528 ============================================================
00:05:07.0937 0528 Scan finished
00:05:07.0937 0528 ============================================================
00:05:07.0953 3148 Detected object count: 0
00:05:07.0953 3148 Actual detected object count: 0
00:05:28.0375 0592 Deinitialize success

>>>>TDSSKiller.2.7.48.0_06.08.2012_05.32.36_log.txt

05:32:36.0093 3528 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
05:32:36.0687 3528 ============================================================
05:32:36.0687 3528 Current date / time: 2012/08/06 05:32:36.0687
05:32:36.0687 3528 SystemInfo:
05:32:36.0687 3528
05:32:36.0687 3528 OS Version: 5.1.2600 ServicePack: 3.0
05:32:36.0687 3528 Product type: Workstation
05:32:36.0687 3528 ComputerName: DELL-DD22F55359
05:32:36.0687 3528 UserName: Steve Gold
05:32:36.0687 3528 Windows directory: C:\WINDOWS
05:32:36.0687 3528 System windows directory: C:\WINDOWS
05:32:36.0687 3528 Processor architecture: Intel x86
05:32:36.0687 3528 Number of processors: 2
05:32:36.0687 3528 Page size: 0x1000
05:32:36.0687 3528 Boot type: Normal boot
05:32:36.0687 3528 ============================================================
05:32:39.0171 3528 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:32:39.0187 3528 Drive \Device\Harddisk1\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B24B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'W'
05:32:39.0187 3528 Drive \Device\Harddisk2\DR4 - Size: 0x39C2A0000 (14.44 Gb), SectorSize: 0x200, Cylinders: 0x75D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:32:39.0203 3528 ============================================================
05:32:39.0203 3528 \Device\Harddisk0\DR0:
05:32:39.0218 3528 MBR partitions:
05:32:39.0218 3528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
05:32:39.0218 3528 \Device\Harddisk1\DR2:
05:32:39.0234 3528 MBR partitions:
05:32:39.0234 3528 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
05:32:39.0234 3528 \Device\Harddisk2\DR4:
05:32:39.0234 3528 MBR partitions:
05:32:39.0234 3528 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x2B, BlocksNum 0x1CE147F
05:32:39.0234 3528 ============================================================
05:32:39.0312 3528 C: <-> \Device\Harddisk0\DR0\Partition0
05:32:39.0343 3528 F: <-> \Device\Harddisk1\DR2\Partition0
05:32:39.0343 3528 ============================================================
05:32:39.0343 3528 Initialize success
05:32:39.0343 3528 ============================================================
05:32:57.0203 1992 ============================================================
05:32:57.0203 1992 Scan started
05:32:57.0203 1992 Mode: Manual; SigCheck; TDLFS;
05:32:57.0203 1992 ============================================================
05:32:57.0859 1992 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
05:32:59.0312 1992 6to4 - ok
05:32:59.0359 1992 Abiosdsk - ok
05:32:59.0375 1992 abp480n5 - ok
05:32:59.0484 1992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:33:00.0375 1992 ACPI - ok
05:33:00.0437 1992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:33:00.0656 1992 ACPIEC - ok
05:33:00.0671 1992 adpu160m - ok
05:33:00.0734 1992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:33:00.0953 1992 aec - ok
05:33:01.0000 1992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:33:01.0171 1992 AFD - ok
05:33:01.0171 1992 Aha154x - ok
05:33:01.0187 1992 aic78u2 - ok
05:33:01.0203 1992 aic78xx - ok
05:33:01.0250 1992 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
05:33:01.0484 1992 Alerter - ok
05:33:01.0562 1992 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
05:33:01.0703 1992 ALG - ok
05:33:01.0703 1992 AliIde - ok
05:33:01.0718 1992 amsint - ok
05:33:01.0796 1992 AnyDVD (99b278c7206221b1f2a4743eb76ca049) C:\WINDOWS\system32\Drivers\AnyDVD.sys
05:33:01.0890 1992 AnyDVD - ok
05:33:02.0140 1992 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
05:33:02.0187 1992 Apple Mobile Device - ok
05:33:02.0250 1992 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
05:33:02.0375 1992 AppMgmt - ok
05:33:02.0406 1992 asc - ok
05:33:02.0406 1992 asc3350p - ok
05:33:02.0421 1992 asc3550 - ok
05:33:02.0500 1992 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys
05:33:02.0562 1992 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
05:33:02.0562 1992 ASPI32 - detected UnsignedFile.Multi.Generic (1)
05:33:02.0734 1992 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
05:33:02.0781 1992 aspnet_state - ok
05:33:02.0812 1992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:33:03.0046 1992 AsyncMac - ok
05:33:03.0109 1992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:33:03.0375 1992 atapi - ok
05:33:03.0375 1992 Atdisk - ok
05:33:03.0406 1992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:33:03.0656 1992 Atmarpc - ok
05:33:03.0687 1992 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
05:33:03.0984 1992 AudioSrv - ok
05:33:04.0046 1992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:33:04.0375 1992 audstub - ok
05:33:04.0453 1992 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:33:04.0562 1992 b57w2k ( UnsignedFile.Multi.Generic ) - warning
05:33:04.0562 1992 b57w2k - detected UnsignedFile.Multi.Generic (1)
05:33:04.0625 1992 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\WINDOWS\system32\DRIVERS\BackupReader.sys
05:33:04.0640 1992 BackupReader - ok
05:33:04.0703 1992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:33:04.0921 1992 Beep - ok
05:33:04.0984 1992 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
05:33:05.0234 1992 BITS - ok
05:33:05.0312 1992 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
05:33:05.0359 1992 bkn50USB ( UnsignedFile.Multi.Generic ) - warning
05:33:05.0359 1992 bkn50USB - detected UnsignedFile.Multi.Generic (1)
05:33:05.0468 1992 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
05:33:05.0515 1992 Bonjour Service - ok
05:33:05.0578 1992 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
05:33:05.0687 1992 Bridge - ok
05:33:05.0687 1992 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
05:33:05.0859 1992 BridgeMP - ok
05:33:05.0921 1992 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
05:33:06.0140 1992 Browser - ok
05:33:06.0187 1992 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
05:33:06.0421 1992 BthEnum - ok
05:33:06.0468 1992 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
05:33:06.0687 1992 BTHMODEM - ok
05:33:06.0718 1992 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
05:33:06.0984 1992 BthPan - ok
05:33:07.0046 1992 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
05:33:07.0125 1992 BTHPORT - ok
05:33:07.0171 1992 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
05:33:07.0375 1992 BthServ - ok
05:33:07.0437 1992 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
05:33:07.0656 1992 BTHUSB - ok
05:33:07.0828 1992 catchme - ok
05:33:07.0906 1992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:33:08.0109 1992 cbidf2k - ok
05:33:08.0156 1992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:33:08.0375 1992 CCDECODE - ok
05:33:08.0375 1992 cd20xrnt - ok
05:33:08.0453 1992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:33:08.0734 1992 Cdaudio - ok
05:33:08.0781 1992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:33:09.0046 1992 Cdfs - ok
05:33:09.0125 1992 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:33:09.0250 1992 Cdrom - ok
05:33:09.0250 1992 Changer - ok
05:33:09.0296 1992 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
05:33:09.0562 1992 CiSvc - ok
05:33:09.0593 1992 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
05:33:09.0890 1992 ClipSrv - ok
05:33:10.0031 1992 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:33:10.0062 1992 clr_optimization_v2.0.50727_32 - ok
05:33:10.0453 1992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:33:10.0562 1992 clr_optimization_v4.0.30319_32 - ok
05:33:10.0562 1992 CmdIde - ok
05:33:10.0687 1992 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
05:33:10.0828 1992 cmpci ( UnsignedFile.Multi.Generic ) - warning
05:33:10.0828 1992 cmpci - detected UnsignedFile.Multi.Generic (1)
05:33:11.0062 1992 cmuda3 (a0f7d6b070f15ead9f4231b51b246e4c) C:\WINDOWS\system32\drivers\cmudax3.sys
05:33:11.0328 1992 cmuda3 - ok
05:33:11.0453 1992 COMSysApp - ok
05:33:11.0484 1992 Cpqarray - ok
05:33:11.0671 1992 cpuz135 (0283b43c6bc965175a1c92b255d39556) C:\Software\pc-wizard_2012.2.1\pcwiz_x32.sys
05:33:11.0734 1992 cpuz135 - ok
05:33:11.0796 1992 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
05:33:12.0078 1992 CryptSvc - ok
05:33:12.0078 1992 dac2w2k - ok
05:33:12.0093 1992 dac960nt - ok
05:33:12.0203 1992 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
05:33:12.0406 1992 DcomLaunch - ok
05:33:12.0484 1992 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
05:33:12.0765 1992 Dhcp - ok
05:33:12.0812 1992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:33:13.0093 1992 Disk - ok
05:33:13.0093 1992 dmadmin - ok
05:33:13.0265 1992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:33:13.0578 1992 dmboot - ok
05:33:13.0625 1992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:33:14.0000 1992 dmio - ok
05:33:14.0062 1992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:33:14.0359 1992 dmload - ok
05:33:14.0421 1992 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
05:33:14.0734 1992 dmserver - ok
05:33:14.0781 1992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:33:15.0093 1992 DMusic - ok
05:33:15.0156 1992 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
05:33:15.0265 1992 Dnscache - ok
05:33:15.0328 1992 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
05:33:15.0546 1992 Dot3svc - ok
05:33:15.0718 1992 DPFUSMgr (f059897a794e7ffd32012b4293381032) C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
05:33:15.0750 1992 DPFUSMgr - ok
05:33:15.0843 1992 DpHost (ca999cbe2213b3452f48e781a52ab2ad) C:\Program Files\DigitalPersona\Bin\DpHost.exe
05:33:15.0890 1992 DpHost - ok
05:33:15.0984 1992 dpK0Bx01 (aa586b977f26720193e76c6ce4975f0e) C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
05:33:16.0078 1992 dpK0Bx01 - ok
05:33:16.0078 1992 dpti2o - ok
05:33:16.0140 1992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:33:16.0328 1992 drmkaud - ok
05:33:16.0406 1992 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
05:33:16.0640 1992 EapHost - ok
05:33:16.0703 1992 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
05:33:16.0765 1992 ElbyCDIO - ok
05:33:16.0828 1992 EPSON_PM_RPCV2_01 (9b3ecbf38cc2b378373b7278d36432c6) C:\WINDOWS\system32\E_S00RP1.EXE
05:33:16.0906 1992 EPSON_PM_RPCV2_01 - ok
05:33:16.0953 1992 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
05:33:17.0156 1992 ERSvc - ok
05:33:17.0234 1992 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:33:17.0343 1992 Eventlog - ok
05:33:17.0453 1992 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
05:33:17.0546 1992 EventSystem - ok
05:33:17.0828 1992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:33:18.0046 1992 Fastfat - ok
05:33:18.0125 1992 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:33:18.0312 1992 FastUserSwitchingCompatibility - ok
05:33:18.0359 1992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:33:18.0656 1992 Fdc - ok
05:33:18.0687 1992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:33:18.0953 1992 Fips - ok
05:33:18.0984 1992 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
05:33:19.0000 1992 FixTDSS - ok
05:33:19.0046 1992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:33:19.0265 1992 Flpydisk - ok
05:33:19.0343 1992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
05:33:19.0515 1992 FltMgr - ok
05:33:19.0531 1992 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
05:33:19.0562 1992 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
05:33:19.0562 1992 FNETURPX - detected UnsignedFile.Multi.Generic (1)
05:33:19.0765 1992 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:33:19.0781 1992 FontCache3.0.0.0 - ok
05:33:19.0859 1992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:33:20.0046 1992 Fs_Rec - ok
05:33:20.0109 1992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:33:20.0531 1992 Ftdisk - ok
05:33:20.0578 1992 FVNETusb (199062d35b8789238a11e9980479336b) C:\WINDOWS\system32\DRIVERS\vnet58lx.sys
05:33:20.0609 1992 FVNETusb ( UnsignedFile.Multi.Generic ) - warning
05:33:20.0609 1992 FVNETusb - detected UnsignedFile.Multi.Generic (1)
05:33:20.0656 1992 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
05:33:20.0875 1992 gameenum - ok
05:33:20.0937 1992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:33:20.0953 1992 GEARAspiWDM - ok
05:33:21.0156 1992 GhostStartService (ea0e4af8b6a11b2be17758d371ddf67b) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
05:33:21.0171 1992 GhostStartService ( UnsignedFile.Multi.Generic ) - warning
05:33:21.0171 1992 GhostStartService - detected UnsignedFile.Multi.Generic (1)
05:33:21.0187 1992 GhPciScan (3a7c94ed99fe7fe05d88b26f97614626) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
05:33:21.0218 1992 GhPciScan ( UnsignedFile.Multi.Generic ) - warning
05:33:21.0218 1992 GhPciScan - detected UnsignedFile.Multi.Generic (1)
05:33:21.0250 1992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:33:21.0453 1992 Gpc - ok
05:33:21.0468 1992 GTNDIS5 - ok
05:33:21.0625 1992 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
05:33:21.0656 1992 gupdate - ok
05:33:21.0671 1992 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
05:33:21.0703 1992 gupdatem - ok
05:33:21.0828 1992 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:33:22.0031 1992 helpsvc - ok
05:33:22.0078 1992 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
05:33:22.0281 1992 HidServ - ok
05:33:22.0359 1992 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:33:22.0578 1992 hidusb - ok
05:33:22.0625 1992 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
05:33:22.0828 1992 hkmsvc - ok
05:33:22.0843 1992 hpn - ok
05:33:22.0921 1992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:33:22.0953 1992 HTTP - ok
05:33:23.0015 1992 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
05:33:23.0218 1992 HTTPFilter - ok
05:33:23.0234 1992 i2omgmt - ok
05:33:23.0234 1992 i2omp - ok
05:33:23.0296 1992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:33:23.0515 1992 i8042prt - ok
05:33:23.0625 1992 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
05:33:23.0765 1992 ialm ( UnsignedFile.Multi.Generic ) - warning
05:33:23.0765 1992 ialm - detected UnsignedFile.Multi.Generic (1)
05:33:24.0015 1992 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:33:24.0125 1992 idsvc - ok
05:33:24.0234 1992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:33:24.0453 1992 Imapi - ok
05:33:24.0531 1992 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
05:33:24.0734 1992 ImapiService - ok
05:33:24.0765 1992 ini910u - ok
05:33:24.0812 1992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:33:25.0031 1992 IntelIde - ok
05:33:25.0093 1992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:33:25.0281 1992 intelppm - ok
05:33:25.0328 1992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
05:33:25.0531 1992 Ip6Fw - ok
05:33:25.0609 1992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:33:25.0843 1992 IpFilterDriver - ok
05:33:25.0906 1992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:33:26.0078 1992 IpInIp - ok
05:33:26.0109 1992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:33:26.0343 1992 IpNat - ok
05:33:26.0500 1992 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
05:33:26.0562 1992 iPod Service - ok
05:33:26.0640 1992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:33:26.0921 1992 IPSec - ok
05:33:26.0968 1992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:33:27.0109 1992 IRENUM - ok
05:33:27.0187 1992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:33:27.0437 1992 isapnp - ok
05:33:27.0515 1992 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
05:33:27.0562 1992 IviRegMgr - ok
05:33:27.0734 1992 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
05:33:27.0765 1992 JavaQuickStarterService - ok
05:33:27.0843 1992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:33:28.0093 1992 Kbdclass - ok
05:33:28.0125 1992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:33:28.0343 1992 kbdhid - ok
05:33:28.0437 1992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:33:28.0718 1992 kmixer - ok
05:33:28.0765 1992 KMWDFilter (72c55c745d804d62162144ebfd6390b8) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
05:33:28.0843 1992 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
05:33:28.0843 1992 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
05:33:28.0906 1992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:33:29.0031 1992 KSecDD - ok
05:33:29.0109 1992 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
05:33:29.0234 1992 LanmanServer - ok
05:33:29.0312 1992 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
05:33:29.0406 1992 lanmanworkstation - ok
05:33:29.0437 1992 Lavasoft Ad-Aware Service - ok
05:33:29.0453 1992 Lbd - ok
05:33:29.0453 1992 lbrtfdc - ok
05:33:29.0515 1992 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
05:33:29.0765 1992 LmHosts - ok
05:33:29.0828 1992 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
05:33:29.0906 1992 MaRdPnp ( UnsignedFile.Multi.Generic ) - warning
05:33:29.0906 1992 MaRdPnp - detected UnsignedFile.Multi.Generic (1)
05:33:29.0984 1992 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
05:33:30.0031 1992 MaVctrl ( UnsignedFile.Multi.Generic ) - warning
05:33:30.0031 1992 MaVctrl - detected UnsignedFile.Multi.Generic (1)
05:33:30.0093 1992 maz500m (b2434b4f7827798abecd2103fb8f64a5) C:\WINDOWS\system32\Drivers\maz500m.sys
05:33:30.0187 1992 maz500m ( UnsignedFile.Multi.Generic ) - warning
05:33:30.0187 1992 maz500m - detected UnsignedFile.Multi.Generic (1)
05:33:30.0250 1992 maz500u (1780e95913319766954f78faaa57c860) C:\WINDOWS\system32\Drivers\maz500u.sys
05:33:30.0343 1992 maz500u ( UnsignedFile.Multi.Generic ) - warning
05:33:30.0343 1992 maz500u - detected UnsignedFile.Multi.Generic (1)
05:33:30.0625 1992 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
05:33:30.0687 1992 MBAMProtector - ok
05:33:30.0828 1992 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
05:33:30.0921 1992 MBAMService - ok
05:33:31.0031 1992 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
05:33:31.0078 1992 MDM - ok
05:33:31.0140 1992 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
05:33:31.0390 1992 Messenger - ok
05:33:31.0468 1992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:33:31.0687 1992 mnmdd - ok
05:33:31.0750 1992 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
05:33:32.0000 1992 mnmsrvc - ok
05:33:32.0062 1992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:33:32.0296 1992 Modem - ok
05:33:32.0359 1992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:33:32.0562 1992 Mouclass - ok
05:33:32.0609 1992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:33:32.0859 1992 mouhid - ok
05:33:32.0890 1992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:33:33.0156 1992 MountMgr - ok
05:33:33.0234 1992 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
05:33:33.0281 1992 MpFilter - ok
05:33:33.0562 1992 MpKsl62139039 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C83E45A-ABF5-4FC4-8127-975F8C97597B}\MpKsl62139039.sys
05:33:33.0578 1992 MpKsl62139039 - ok
05:33:33.0593 1992 mraid35x - ok
05:33:33.0687 1992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:33:34.0015 1992 MRxDAV - ok
05:33:34.0093 1992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:33:34.0203 1992 MRxSmb - ok
05:33:34.0265 1992 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
05:33:34.0625 1992 MSDTC - ok
05:33:34.0687 1992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:33:35.0031 1992 Msfs - ok
05:33:35.0031 1992 MSIServer - ok
05:33:35.0093 1992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:33:35.0375 1992 MSKSSRV - ok
05:33:35.0546 1992 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
05:33:35.0578 1992 MsMpSvc - ok
05:33:35.0625 1992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:33:35.0890 1992 MSPCLOCK - ok
05:33:35.0906 1992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:33:36.0156 1992 MSPQM - ok
05:33:36.0218 1992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:33:36.0468 1992 mssmbios - ok
05:33:36.0531 1992 MSSQL$MSSMLBIZ - ok
05:33:36.0562 1992 MSSQLServerADHelper - ok
05:33:36.0625 1992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:33:36.0890 1992 MSTEE - ok
05:33:36.0921 1992 MTK (7ba76ed9c7ef33b4c8c6041ce6c91a6e) C:\WINDOWS\system32\Drivers\fide.sys
05:33:37.0031 1992 MTK ( UnsignedFile.Multi.Generic ) - warning
05:33:37.0031 1992 MTK - detected UnsignedFile.Multi.Generic (1)
05:33:37.0109 1992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:33:37.0171 1992 Mup - ok
05:33:37.0250 1992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:33:37.0562 1992 NABTSFEC - ok
05:33:37.0640 1992 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
05:33:37.0937 1992 napagent - ok
05:33:38.0000 1992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:33:38.0328 1992 NDIS - ok
05:33:38.0390 1992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:33:38.0671 1992 NdisIP - ok
05:33:38.0734 1992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:33:38.0843 1992 NdisTapi - ok
05:33:38.0968 1992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:33:39.0187 1992 Ndisuio - ok
05:33:39.0250 1992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:33:39.0453 1992 NdisWan - ok
05:33:39.0578 1992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:33:39.0687 1992 NDProxy - ok
05:33:39.0843 1992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:33:40.0046 1992 NetBIOS - ok
05:33:40.0359 1992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:33:40.0875 1992 NetBT - ok
05:33:41.0140 1992 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:33:41.0390 1992 NetDDE - ok
05:33:41.0406 1992 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:33:41.0609 1992 NetDDEdsdm - ok
05:33:41.0671 1992 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:33:41.0906 1992 Netlogon - ok
05:33:41.0968 1992 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
05:33:42.0296 1992 Netman - ok
05:33:42.0687 1992 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:33:42.0734 1992 NetTcpPortSharing - ok
05:33:43.0062 1992 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
05:33:43.0421 1992 Nla - ok
05:33:43.0468 1992 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\WINDOWS\system32\drivers\NMgamingms.sys
05:33:43.0656 1992 NMgamingmsFltr - ok
05:33:43.0937 1992 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
05:33:44.0062 1992 nosGetPlusHelper - ok
05:33:44.0093 1992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:33:44.0531 1992 Npfs - ok
05:33:47.0437 1992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:33:47.0750 1992 Ntfs - ok
05:33:47.0765 1992 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:33:47.0953 1992 NtLmSsp - ok
05:33:48.0171 1992 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
05:33:48.0390 1992 NtmsSvc - ok
05:33:48.0453 1992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:33:48.0640 1992 Null - ok
05:33:48.0687 1992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:33:48.0875 1992 NwlnkFlt - ok
05:33:48.0890 1992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:33:49.0078 1992 NwlnkFwd - ok
05:33:49.0156 1992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:33:49.0187 1992 ose - ok
05:33:49.0250 1992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:33:49.0453 1992 Parport - ok
05:33:49.0515 1992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:33:49.0718 1992 PartMgr - ok
05:33:49.0765 1992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:33:49.0953 1992 ParVdm - ok
05:33:49.0968 1992 PcdrNdisuio - ok
05:33:50.0015 1992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:33:50.0218 1992 PCI - ok
05:33:50.0234 1992 PCIDump - ok
05:33:50.0281 1992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
05:33:50.0437 1992 PCIIde - ok
05:33:50.0484 1992 pciinfo (5e8871c8aa5ae8cc7834831211de72c1) C:\WINDOWS\System32\drivers\PCIINFO.SYS
05:33:50.0500 1992 pciinfo ( UnsignedFile.Multi.Generic ) - warning
05:33:50.0500 1992 pciinfo - detected UnsignedFile.Multi.Generic (1)
05:33:50.0546 1992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:33:50.0750 1992 Pcmcia - ok
05:33:50.0812 1992 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
05:33:50.0906 1992 pcouffin ( UnsignedFile.Multi.Generic ) - warning
05:33:50.0906 1992 pcouffin - detected UnsignedFile.Multi.Generic (1)
05:33:50.0906 1992 PDCOMP - ok
05:33:50.0921 1992 PDFRAME - ok
05:33:50.0921 1992 PDRELI - ok
05:33:50.0937 1992 PDRFRAME - ok
05:33:50.0937 1992 perc2 - ok
05:33:50.0953 1992 perc2hib - ok
05:33:51.0031 1992 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:33:51.0062 1992 PlugPlay - ok
05:33:51.0062 1992 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:33:51.0328 1992 PolicyAgent - ok
05:33:51.0406 1992 portio (78bdc34b7ec96a7d8b14b2d2d95c388a) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
05:33:51.0468 1992 portio ( UnsignedFile.Multi.Generic ) - warning
05:33:51.0468 1992 portio - detected UnsignedFile.Multi.Generic (1)
05:33:51.0781 1992 PORTMON - ok
05:33:51.0843 1992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:33:52.0078 1992 PptpMiniport - ok
05:33:52.0093 1992 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:33:52.0250 1992 ProtectedStorage - ok
05:33:52.0265 1992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:33:52.0453 1992 PSched - ok
05:33:52.0500 1992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:33:52.0687 1992 Ptilink - ok
05:33:52.0703 1992 ql1080 - ok
05:33:52.0703 1992 Ql10wnt - ok
05:33:52.0718 1992 ql12160 - ok
05:33:52.0734 1992 ql1240 - ok
05:33:52.0750 1992 ql1280 - ok
05:33:52.0781 1992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:33:52.0953 1992 RasAcd - ok
05:33:53.0015 1992 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
05:33:53.0234 1992 RasAuto - ok
05:33:53.0281 1992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:33:53.0468 1992 Rasl2tp - ok
05:33:53.0515 1992 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
05:33:53.0687 1992 RasMan - ok
05:33:53.0734 1992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:33:53.0937 1992 RasPppoe - ok
05:33:53.0984 1992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:33:54.0171 1992 Raspti - ok
05:33:54.0234 1992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:33:54.0468 1992 Rdbss - ok
05:33:54.0484 1992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:33:54.0656 1992 RDPCDD - ok
05:33:54.0734 1992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:33:54.0921 1992 rdpdr - ok
05:33:54.0984 1992 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
05:33:55.0046 1992 RDPWD - ok
05:33:55.0093 1992 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
05:33:55.0281 1992 RDSessMgr - ok
05:33:55.0343 1992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:33:55.0531 1992 redbook - ok
05:33:55.0593 1992 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
05:33:56.0156 1992 RemoteAccess - ok
05:33:56.0218 1992 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
05:33:56.0484 1992 RemoteRegistry - ok
05:33:56.0546 1992 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
05:33:56.0734 1992 RFCOMM - ok
05:33:56.0734 1992 RimUsb - ok
05:33:56.0812 1992 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
05:33:56.0843 1992 RimVSerPort - ok
05:33:56.0906 1992 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
05:33:57.0109 1992 ROOTMODEM - ok
05:33:57.0140 1992 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
05:33:57.0312 1992 RpcLocator - ok
05:33:57.0375 1992 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
05:33:57.0437 1992 RpcSs - ok
05:33:57.0500 1992 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
05:33:57.0750 1992 RSVP - ok
05:33:57.0812 1992 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
05:33:57.0859 1992 RT73 ( UnsignedFile.Multi.Generic ) - warning
05:33:57.0859 1992 RT73 - detected UnsignedFile.Multi.Generic (1)
05:33:57.0921 1992 s3legacy (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys
05:33:58.0093 1992 s3legacy - ok
05:33:58.0156 1992 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:33:58.0343 1992 SamSs - ok
05:33:58.0390 1992 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
05:33:58.0593 1992 SCardSvr - ok
05:33:58.0640 1992 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
05:33:58.0890 1992 Schedule - ok
05:33:59.0250 1992 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
05:33:59.0296 1992 SDHookDriver - ok
05:33:59.0687 1992 SDHookService (5c31070d5a528d637322562e2a30e0e5) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
05:33:59.0734 1992 SDHookService - ok
05:34:00.0859 1992 SDScannerService (d466f51e3ad125621c13abdaf0c5b2ed) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
05:34:00.0953 1992 SDScannerService - ok
05:34:01.0062 1992 SDUpdateService (2dc25b4940bbdd9aeee516adcaebd3c9) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
05:34:01.0156 1992 SDUpdateService - ok
05:34:01.0312 1992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:34:01.0390 1992 Secdrv - ok
05:34:01.0453 1992 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
05:34:01.0656 1992 seclogon - ok
05:34:01.0671 1992 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
05:34:01.0828 1992 SENS - ok
05:34:01.0890 1992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:34:02.0046 1992 serenum - ok
05:34:02.0062 1992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:34:02.0265 1992 Serial - ok
05:34:02.0328 1992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:34:02.0515 1992 Sfloppy - ok
05:34:02.0593 1992 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
05:34:02.0843 1992 SharedAccess - ok
05:34:02.0906 1992 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:34:02.0968 1992 ShellHWDetection - ok
05:34:02.0968 1992 Simbad - ok
05:34:03.0015 1992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:34:03.0187 1992 SLIP - ok
05:34:03.0250 1992 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
05:34:03.0281 1992 smwdm ( UnsignedFile.Multi.Generic ) - warning
05:34:03.0281 1992 smwdm - detected UnsignedFile.Multi.Generic (1)
05:34:03.0281 1992 Sparrow - ok
05:34:03.0312 1992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:34:03.0500 1992 splitter - ok
05:34:03.0578 1992 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
05:34:03.0609 1992 Spooler - ok
05:34:03.0718 1992 SQLBrowser - ok
05:34:03.0750 1992 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
05:34:03.0781 1992 SQLWriter - ok
05:34:03.0843 1992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:34:03.0937 1992 sr - ok
05:34:03.0984 1992 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
05:34:04.0109 1992 srservice - ok
05:34:04.0187 1992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:34:04.0281 1992 Srv - ok
05:34:04.0375 1992 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
05:34:04.0500 1992 SSDPSRV - ok
05:34:04.0546 1992 StatusAgent4 (aa09fd16363e4232c68af854e8a26f21) C:\WINDOWS\system32\SAgent4.exe
05:34:04.0609 1992 StatusAgent4 - ok
05:34:04.0640 1992 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
05:34:04.0859 1992 stisvc - ok
05:34:04.0921 1992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:34:05.0125 1992 streamip - ok
05:34:05.0171 1992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:34:05.0359 1992 swenum - ok
05:34:05.0578 1992 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
05:34:05.0703 1992 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
05:34:05.0703 1992 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
05:34:05.0750 1992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:34:06.0000 1992 swmidi - ok
05:34:06.0015 1992 SwPrv - ok
05:34:06.0015 1992 symc810 - ok
05:34:06.0031 1992 symc8xx - ok
05:34:06.0031 1992 sym_hi - ok
05:34:06.0046 1992 sym_u3 - ok
05:34:06.0093 1992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:34:06.0296 1992 sysaudio - ok
05:34:06.0343 1992 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
05:34:06.0515 1992 SysmonLog - ok
05:34:06.0562 1992 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
05:34:06.0750 1992 TapiSrv - ok
05:34:06.0828 1992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:34:06.0875 1992 Tcpip - ok
05:34:06.0953 1992 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
05:34:07.0046 1992 Tcpip6 - ok
05:34:07.0093 1992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:34:07.0281 1992 TDPIPE - ok
05:34:07.0296 1992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:34:07.0500 1992 TDTCP - ok
05:34:07.0562 1992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:34:07.0765 1992 TermDD - ok
05:34:07.0812 1992 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
05:34:08.0015 1992 TermService - ok
05:34:08.0062 1992 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:34:08.0093 1992 Themes - ok
05:34:08.0156 1992 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
05:34:08.0250 1992 TlntSvr - ok
05:34:08.0265 1992 TMPassthruMP - ok
05:34:08.0265 1992 TosIde - ok
05:34:08.0343 1992 TPM (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
05:34:08.0343 1992 TPM ( UnsignedFile.Multi.Generic ) - warning
05:34:08.0343 1992 TPM - detected UnsignedFile.Multi.Generic (1)
05:34:08.0421 1992 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
05:34:08.0625 1992 TrkWks - ok
05:34:08.0687 1992 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
05:34:08.0875 1992 tunmp - ok
05:34:08.0921 1992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:34:09.0109 1992 Udfs - ok
05:34:09.0125 1992 ultra - ok
05:34:09.0187 1992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:34:09.0375 1992 Update - ok
05:34:09.0437 1992 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
05:34:09.0593 1992 upnphost - ok
05:34:09.0609 1992 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
05:34:09.0812 1992 UPS - ok
05:34:09.0859 1992 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:34:09.0859 1992 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
05:34:09.0859 1992 USBAAPL - detected UnsignedFile.Multi.Generic (1)
05:34:09.0937 1992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
05:34:10.0109 1992 usbaudio - ok
05:34:10.0156 1992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:34:10.0343 1992 usbccgp - ok
05:34:10.0421 1992 UsbdpFP (334fd1ed28cf35113522d86733ab576c) C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
05:34:10.0468 1992 UsbdpFP - ok
05:34:10.0546 1992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:34:10.0734 1992 usbehci - ok
05:34:10.0796 1992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:34:10.0953 1992 usbhub - ok
05:34:11.0015 1992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:34:11.0203 1992 usbscan - ok
05:34:11.0265 1992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:34:11.0453 1992 USBSTOR - ok
05:34:11.0484 1992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:34:11.0671 1992 usbuhci - ok
05:34:11.0734 1992 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
05:34:11.0937 1992 usbvideo - ok
05:34:12.0000 1992 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
05:34:12.0015 1992 VClone ( UnsignedFile.Multi.Generic ) - warning
05:34:12.0015 1992 VClone - detected UnsignedFile.Multi.Generic (1)
05:34:12.0078 1992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:34:12.0265 1992 VgaSave - ok
05:34:12.0265 1992 ViaIde - ok
05:34:12.0328 1992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:34:12.0515 1992 VolSnap - ok
05:34:12.0578 1992 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
05:34:12.0703 1992 VSS - ok
05:34:12.0750 1992 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
05:34:12.0953 1992 W32Time - ok
05:34:13.0015 1992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:34:13.0218 1992 Wanarp - ok
05:34:13.0296 1992 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
05:34:13.0343 1992 Wdf01000 - ok
05:34:13.0359 1992 WDICA - ok
05:34:13.0437 1992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:34:13.0625 1992 wdmaud - ok
05:34:13.0703 1992 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
05:34:13.0906 1992 WebClient - ok
05:34:14.0078 1992 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe
05:34:14.0125 1992 WHSConnector - ok
05:34:14.0250 1992 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
05:34:14.0453 1992 winmgmt - ok
05:34:14.0609 1992 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:34:14.0750 1992 wlidsvc - ok
05:34:14.0906 1992 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
05:34:14.0984 1992 WmdmPmSN - ok
05:34:15.0062 1992 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
05:34:15.0156 1992 Wmi - ok
05:34:15.0265 1992 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:34:15.0468 1992 WmiApSrv - ok
05:34:15.0671 1992 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
05:34:15.0812 1992 WMPNetworkSvc - ok
05:34:16.0250 1992 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:34:16.0343 1992 WPFFontCache_v0400 - ok
05:34:16.0453 1992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:34:16.0640 1992 WS2IFSL - ok
05:34:16.0703 1992 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
05:34:16.0906 1992 wscsvc - ok
05:34:16.0953 1992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:34:17.0140 1992 WSTCODEC - ok
05:34:17.0203 1992 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
05:34:17.0390 1992 wuauserv - ok
05:34:17.0468 1992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:34:17.0515 1992 WudfPf - ok
05:34:17.0546 1992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:34:17.0593 1992 WudfRd - ok
05:34:17.0640 1992 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
05:34:17.0687 1992 WudfSvc - ok
05:34:17.0750 1992 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
05:34:17.0968 1992 WZCSVC - ok
05:34:18.0000 1992 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
05:34:18.0218 1992 xmlprov - ok
05:34:18.0375 1992 XobniService (cfffa72de54c56ae26400753f5f6a482) C:\Program Files\Xobni\XobniService.exe
05:34:18.0406 1992 XobniService - ok
05:34:18.0406 1992 zumbus - ok
05:34:18.0484 1992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:34:19.0250 1992 \Device\Harddisk0\DR0 - ok
05:34:19.0265 1992 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
05:34:19.0453 1992 \Device\Harddisk1\DR2 - ok
05:34:19.0453 1992 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
05:34:19.0671 1992 \Device\Harddisk2\DR4 - ok
05:34:19.0703 1992 Boot (0x1200) (a05958f90f03d8c816c74e51e950f65d) \Device\Harddisk0\DR0\Partition0
05:34:19.0718 1992 \Device\Harddisk0\DR0\Partition0 - ok
05:34:19.0718 1992 Boot (0x1200) (18e1ce3759d9559f4f2c7de5a497cfe7) \Device\Harddisk1\DR2\Partition0
05:34:19.0718 1992 \Device\Harddisk1\DR2\Partition0 - ok
05:34:19.0734 1992 Boot (0x1200) (168f7fbc9680d28ece05f86abc213a4d) \Device\Harddisk2\DR4\Partition0
05:34:19.0734 1992 \Device\Harddisk2\DR4\Partition0 - ok
05:34:19.0734 1992 ============================================================
05:34:19.0734 1992 Scan finished
05:34:19.0734 1992 ============================================================
05:34:19.0843 3572 Detected object count: 24
05:34:19.0843 3572 Actual detected object count: 24
05:35:07.0703 3572 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 bkn50USB ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 bkn50USB ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 cmpci ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 cmpci ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 FNETURPX ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 FVNETusb ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 FVNETusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 GhostStartService ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 GhostStartService ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 GhPciScan ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 GhPciScan ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0703 3572 MaRdPnp ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0703 3572 MaRdPnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0718 3572 MaVctrl ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0718 3572 MaVctrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0718 3572 maz500m ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0718 3572 maz500m ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0718 3572 maz500u ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0718 3572 maz500u ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0718 3572 MTK ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0718 3572 MTK ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0718 3572 pciinfo ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0718 3572 pciinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 portio ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 portio ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0734 3572 TPM ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0734 3572 TPM ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0750 3572 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0750 3572 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:35:07.0750 3572 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
05:35:07.0750 3572 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:36:21.0406 1072 Deinitialize success


>>>>mbam-log-2012-08-06 (05-52-37).txt
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.orgDatabase version: v2012.08.06.05Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steve Gold :: DELL-DD22F55359 [administrator]2012-08-06 05:52
mbam-log-2012-08-06 (05-52-37).txtScan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255527
Time elapsed: 54 minute(s), Memory Processes Detected: 0
(No malicious items detected)Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Kiveubo (Trojan.Cridex) -> Data: "C:\Documents and Settings\Steve Gold\Application Data\Roompa\ryago.exe" -> Quarantined and deleted successfully.Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 0
(No malicious items detected)Files Detected: 1
C:\Documents and Settings\Steve Gold\Application Data\Roompa\ryago.exe (Trojan.Cridex) -> Quarantined and deleted successfully.(end)

Please Advise

Steve







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users