Jump to content

colin0100

Honorary Members
 View Profile  See their activity

  • Posts

    56

  • Joined

  • Last visited

 Content Type 

Everything posted by colin0100

  1. colin0100
    Maniac: thanks for your assistance.... ========== Adobe Bridge 1.0 Adobe Common File Installer Adobe Digital Editions Adobe Download Manager 2.2 (Remove Only) Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Help Center 2.0 Adobe Premiere Pro 2.0 Adobe Reader 7.1.0 Adobe Stock Photos 1.0 Apple Mobile Device Support Apple Software Update Ask Toolbar ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Audacity 1.3.12 (Unicode) Autodesk Express Viewer AutoUpdate Avira Free Antivirus AviSynth 2.5 calibre CardRd81 CCHelp CCScore Conexant D850 56K V.9x DFVc Modem ConvertXtoDVD 2.1.10.208 ConvertXtoDVD 3.4.8.123 CR2 Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 D-Link DSL-302G Ethernet Diagnostics and USB Driver Dell Resource CD DivX Player DivX Web Player DVD Shrink 3.2 EPSON Attach To Email EPSON Easy Photo Print EPSON File Manager EPSON Print CD EPSON Printer Software EPSON Scan Assistant EPSON Web-To-Page ESPR230 User's Guide ESSAdpt ESSANUP ESSBrwr ESSCAM ESSCDBK ESScore ESSCT ESSgui ESShelp ESSini ESSPCD ESSSONIC ESSTUTOR ESSvpaht ESSvpot FLV Player 1.3.3 Google Desktop Search Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GSpot Codec Information Appliance HijackThis 2.0.2 HLPCCTR HLPIndex HLPRFO Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImgBurn Intel® PRO Network Connections Drivers iTunes Kiran's Typing Tutor 1.0 Kodak EasyShare software KSU L&H TTS3000 British English LiveUpdate 1.80 (Symantec Corporation) LiveUpdate BVRP Software Logitech Desktop Messenger Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.61.0.1400 MasterSplitter Program Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Choice Guard Microsoft Fix it Center Microsoft Office Professional Edition 2003 Microsoft Office XP Web Components Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 mobile PhoneTools Mobipocket Reader 6.2 Monkey's Audio Morph Man 2000 Trial MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Navman NavDesk 2008 Nero 7 Ultra Edition neroxml Notifier OGA Notifier 1.7.0105.35.0 Orbit Downloader OTtBP OTtBPSDK Pazera Free MP4 to AVI Converter 1.6 PC Pitstop Optimize3 3.0 PCDLNCH Perfect Uninstaller v6.3.3.8 PIF DESIGNER PowerQuest Drive Image 7.0 QuickPar 0.9 QuickTime Remote Control USB Driver Rhapsody Player Engine ScenalyzerLive (remove) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Segoe UI SFR SFR2 SigmaTel Audio SpeedMaxPc Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VCAMCEN Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.1.11 VobSub v2.23 (Remove Only) VPRINTOL WebFldrs XP Windows Defender Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Safety scanner Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format Runtime Windows Media Player 10 WinRAR archiver WinX Free DVD Ripper 4.5.11 WinZip XviD MPEG4 Video Codec (remove only) Zip Repair Pro
  2. colin0100
    Yes!! ComboFix 12-07-04.01 - COLIN 04/07/2012 21:15:56.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1239 [GMT 10:00] Running from: c:\documents and settings\COLIN\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\0gWFIiFCgcbrMe c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\VptbbJKs7vqKqt c:\documents and settings\COLIN\Application Data\Adobe\shalom.exe c:\documents and settings\COLIN\Application Data\AdobeDLM.log c:\documents and settings\COLIN\Application Data\inst.exe c:\documents and settings\COLIN\Application Data\vso_ts_preview.xml c:\documents and settings\COLIN\My Documents\~WRL0066.tmp c:\documents and settings\COLIN\My Documents\~WRL0219.tmp c:\documents and settings\COLIN\My Documents\~WRL1198.tmp c:\documents and settings\COLIN\My Documents\~WRL2877.tmp c:\documents and settings\COLIN\My Documents\~WRL2917.tmp c:\documents and settings\COLIN\My Documents\~WRL3794.tmp c:\program files\agentenu420-1118.exe c:\program files\AntiMalware c:\windows\system32\ssprs.dll c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 11:11 . 2012-07-04 11:11 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE626111-446C-4883-9C20-7D784B8DD8E9}\offreg.dll 2012-07-04 08:24 . 2012-07-04 08:24 1409 ----a-w- c:\windows\QTFont.for 2012-07-04 03:02 . 2012-07-04 03:02 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-03 21:31 . 2012-06-17 17:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE626111-446C-4883-9C20-7D784B8DD8E9}\mpengine.dll 2012-07-03 13:15 . 2012-07-03 13:15 -------- d-----w- C:\_OTL 2012-07-02 23:30 . 2012-07-03 01:13 -------- d-----w- C:\FRST 2012-07-02 14:33 . 2012-07-02 14:33 -------- d-----w- c:\documents and settings\Administrator 2012-06-29 21:36 . 2012-06-29 13:21 -------- d-----w- c:\windows\Debug 2012-06-29 12:16 . 2004-08-04 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll 2012-06-29 12:15 . 2001-08-17 12:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll 2012-06-29 12:14 . 2004-08-04 12:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll 2012-06-29 12:13 . 2001-08-17 12:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2012-06-29 12:09 . 2012-07-01 15:09 -------- d-s---w- c:\windows\Downloaded Program Files 2012-06-29 12:09 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2012-06-29 12:09 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe 2012-06-29 11:48 . 2012-06-29 12:32 608594 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-06-29 11:48 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2012-06-29 11:48 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2012-06-29 11:48 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2012-06-29 11:48 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2012-06-29 11:48 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET13F.tmp 2012-06-29 11:48 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET133.tmp 2012-06-29 11:48 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET130.tmp 2012-06-29 11:20 . 2012-06-29 11:20 -------- d-----w- c:\documents and settings\MANEERAT\Application Data\AdobeUM 2012-06-29 09:57 . 2012-06-29 09:57 -------- d-----w- c:\documents and settings\MANEERAT\Application Data\DriverCure 2012-06-29 09:56 . 2012-06-29 09:56 -------- d-----w- c:\documents and settings\MANEERAT\Application Data\SpeedMaxPc 2012-06-29 09:56 . 2012-06-29 09:56 -------- d-----w- c:\program files\Common Files\SpeedMaxPc 2012-06-29 09:56 . 2012-06-29 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc 2012-06-29 09:56 . 2012-06-29 09:56 -------- d-----w- c:\program files\SpeedMaxPc 2012-06-29 03:06 . 2012-07-03 11:30 -------- d-----w- c:\windows\system32\MpEngineStore 2012-06-28 21:13 . 2012-06-29 10:28 -------- d-----w- c:\documents and settings\new one 2012-06-28 12:39 . 2012-06-17 17:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-28 12:35 . 2012-06-28 12:36 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-28 12:28 . 2012-06-28 12:28 -------- d-----w- c:\documents and settings\COLIN\Local Settings\Application Data\FixItCenter 2012-06-26 16:17 . 2012-06-17 17:14 6762896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DDD32BDF-4F2B-428A-8A02-5ADE919AC233}\mpengine.dll 2012-06-26 03:59 . 2012-06-26 04:08 -------- d-----w- c:\documents and settings\COLIN\Application Data\HandBrake 2012-06-26 03:51 . 2012-06-26 03:51 -------- d-----w- c:\program files\Microsoft.NET 2012-06-19 09:15 . 2012-06-19 09:15 17396768 ----a-w- c:\program files\mpas-fe.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 17:14 . 2011-11-28 03:19 6762896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-06-04 07:35 . 2006-01-13 04:26 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 05:19 . 2009-08-06 08:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19 . 2009-08-06 08:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19 . 2009-08-06 08:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 05:19 . 2009-08-06 08:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-09 03:47 . 2011-10-18 23:24 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-09 03:47 . 2011-10-18 23:24 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-26 07:05 . 2006-12-06 22:37 47360 ----a-w- c:\documents and settings\COLIN\Application Data\pcouffin.sys 2008-12-12 16:07 . 2008-12-13 01:39 7930904 ----a-w- c:\program files\dap9.exe 2008-12-09 01:28 . 2008-12-09 01:27 2167968 ----a-w- c:\program files\OrbitDownloaderSetup.exe 2008-07-10 09:55 . 2008-07-10 09:55 383755 ----a-w- c:\program files\download-VobSub_2.23.exe 2008-06-23 23:31 . 2009-01-19 01:54 5992404 ----a-w- c:\program files\Portable GetRight 6.3e.exe 2006-02-27 08:15 . 2006-02-27 08:15 217329 ----a-w- c:\program files\gspot221.exe 2006-01-17 06:15 . 2006-01-17 06:14 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe 2006-01-17 05:55 . 2006-01-17 05:55 11477288 ----a-w- c:\program files\DivXPlay.exe 2005-12-06 02:00 . 2005-12-06 02:00 74448 ----a-w- c:\program files\DSETUP.dll 2005-12-06 02:00 . 2005-12-06 02:00 484560 ----a-w- c:\program files\DXSETUP.exe 2005-12-06 02:00 . 2005-12-06 02:00 2247888 ----a-w- c:\program files\dsetup32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-07-27 11:41 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "EPSON Stylus Photo R230 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE" [2005-03-09 98304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\COLIN\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-25 67128] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-1-19 1843000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27649:UDP"= 27649:UDP:*:Disabled:TorrentPort . R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [4/06/2003 9:52 AM 123957] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19/10/2011 9:24 AM 36000] R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [4/06/2003 9:52 AM 46900] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/10/2011 9:24 AM 86224] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/12/2010 9:25 PM 654408] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [26/11/2011 4:11 PM 86016] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2010 4:01 PM 22344] S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [19/10/2011 9:24 AM 465360] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/07/2009 1:49 PM 133104] S2 SZASSIST;SecretZone Assist Service;"c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe" --> c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [?] S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [13/01/2006 3:12 PM 29603] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/07/2009 1:49 PM 133104] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568] S3 mdf16;mdf16;\??\c:\program files\Clarus\Samsung SecretZone\mdf16.sys --> c:\program files\Clarus\Samsung SecretZone\mdf16.sys [?] S3 mvd22;mvd22;\??\c:\program files\Clarus\Samsung SecretZone\mvd22.sys --> c:\program files\Clarus\Samsung SecretZone\mvd22.sys [?] S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15/02/2007 9:23 AM 47360] . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Command Prompt.job - c:\windows\system32\cmd.exe [2004-08-04 12:00] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 03:49] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 03:49] . 2012-07-02 c:\windows\Tasks\Malwarebytes' Anti-Malware.job - c:\progra~1\MALWAR~1\mbam.exe [2010-12-01 05:56] . 2012-07-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03] . 2012-07-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20] . 2012-07-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-07-27 11:41] . 2012-07-04 c:\windows\Tasks\SpeedMaxPc Registration3.job - c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-12-12 22:43] . 2012-06-29 c:\windows\Tasks\SpeedMaxPc Update3.job - c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43] . 2012-07-01 c:\windows\Tasks\SpeedMaxPc.job - c:\program files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 203.12.160.35 203.12.160.36 TCP: Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36 TCP: Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NWEReboot - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-04 21:24 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset] @DACL=(02 0000) @="DV - NTSC\\Standard 48kHz.prpreset" . [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help] @DACL=(02 0000) "Support"="http://www.adobe.com/support/products/premiere.html" "Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html" "Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html" "HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html" "ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html" "AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\"" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:00,b4,89,2a,79,b6,3e,bd,c6,97,4a,e3,f5,76,d4,98,50,9b,82,34,56, e7,e1,78,68,11,fd,f0,d8,9e,fe,5f,93,89,c1,d2,89,2c,d2,76,7a,05,df,44,94,c8,\ . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:00,b4,89,2a,79,b6,3e,bd,c6,97,4a,e3,f5,76,d4,98,50,9b,82,34,56, e7,e1,78,68,11,fd,f0,d8,9e,fe,5f,93,89,c1,d2,89,2c,d2,76,7a,05,df,44,94,c8,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(748) c:\windows\system32\Ati2evxx.dll c:\windows\system32\scg726.acm c:\windows\system32\alf2cd.acm c:\windows\system32\AC3ACM.acm c:\windows\system32\sirenacm.dll . - - - - - - - > 'explorer.exe'(248) c:\windows\system32\ieframe.dll c:\windows\system32\scg726.acm c:\windows\system32\alf2cd.acm c:\windows\system32\AC3ACM.acm c:\windows\system32\sirenacm.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-07-04 21:27:13 ComboFix-quarantined-files.txt 2012-07-04 11:27 . Pre-Run: 48,594,567,168 bytes free Post-Run: 48,672,284,672 bytes free . - - End Of File - - 7B6045E46FB9E6ACFABD63323A20B357
  3. colin0100
    Nope, locked up the PC, had to turn off and turn on. Darn it!
  4. colin0100
    Still can't get into safe mode....proceeding to run under normal boot: hope this is OK.
  5. colin0100
    I read the log and think they went to quarantine, but I certainly did not choose that....
  6. colin0100
    When I first used the tool, there was the list of problems found and down the right side was a dropdown check box with a (I assume) default of 'skip'. In the session this afternoon I saw the same thing, and assumed that the default WAS skip, so I didn't use any entries...just proceeded to finish. Each time I ran it I modified the parameters as requested.
  7. colin0100
    Second run. 13:13:07.0031 4080 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 13:13:08.0046 4080 ============================================================ 13:13:08.0046 4080 Current date / time: 2012/07/04 13:13:08.0046 13:13:08.0046 4080 SystemInfo: 13:13:08.0046 4080 13:13:08.0046 4080 OS Version: 5.1.2600 ServicePack: 2.0 13:13:08.0046 4080 Product type: Workstation 13:13:08.0046 4080 ComputerName: NEW-TOY 13:13:08.0046 4080 UserName: COLIN 13:13:08.0046 4080 Windows directory: C:\WINDOWS 13:13:08.0046 4080 System windows directory: C:\WINDOWS 13:13:08.0046 4080 Processor architecture: Intel x86 13:13:08.0046 4080 Number of processors: 2 13:13:08.0046 4080 Page size: 0x1000 13:13:08.0046 4080 Boot type: Normal boot 13:13:08.0046 4080 ============================================================ 13:13:08.0953 4080 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:13:08.0953 4080 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:13:13.0437 4080 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:13:18.0734 4080 Drive \Device\Harddisk3\DR5 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:13:18.0734 4080 ============================================================ 13:13:18.0734 4080 \Device\Harddisk0\DR0: 13:13:18.0750 4080 MBR partitions: 13:13:18.0750 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1D189832 13:13:18.0750 4080 \Device\Harddisk1\DR3: 13:13:18.0765 4080 MBR partitions: 13:13:18.0765 4080 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705981 13:13:18.0765 4080 \Device\Harddisk2\DR4: 13:13:18.0765 4080 MBR partitions: 13:13:18.0765 4080 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000 13:13:18.0765 4080 \Device\Harddisk3\DR5: 13:13:18.0765 4080 MBR partitions: 13:13:18.0765 4080 \Device\Harddisk3\DR5\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2 13:13:18.0765 4080 ============================================================ 13:13:18.0812 4080 C: <-> \Device\Harddisk0\DR0\Partition0 13:13:18.0812 4080 G: <-> \Device\Harddisk1\DR3\Partition0 13:13:18.0921 4080 H: <-> \Device\Harddisk2\DR4\Partition0 13:13:18.0921 4080 ============================================================ 13:13:18.0921 4080 Initialize success 13:13:18.0921 4080 ============================================================ 13:13:33.0000 3492 ============================================================ 13:13:33.0000 3492 Scan started 13:13:33.0000 3492 Mode: Manual; 13:13:33.0000 3492 ============================================================ 13:13:33.0218 3492 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 13:13:33.0296 3492 61883 - ok 13:13:33.0296 3492 Abiosdsk - ok 13:13:33.0312 3492 abp480n5 - ok 13:13:33.0375 3492 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:13:33.0375 3492 ACPI - ok 13:13:33.0421 3492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:13:33.0437 3492 ACPIEC - ok 13:13:33.0484 3492 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 13:13:33.0500 3492 Adobe LM Service - ok 13:13:33.0515 3492 adpu160m - ok 13:13:33.0578 3492 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 13:13:33.0656 3492 aec - ok 13:13:33.0703 3492 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 13:13:33.0718 3492 AFD - ok 13:13:33.0734 3492 Aha154x - ok 13:13:33.0734 3492 aic78u2 - ok 13:13:33.0734 3492 aic78xx - ok 13:13:33.0781 3492 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll 13:13:33.0796 3492 Alerter - ok 13:13:33.0828 3492 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe 13:13:33.0828 3492 ALG - ok 13:13:33.0843 3492 AliIde - ok 13:13:33.0843 3492 amsint - ok 13:13:33.0921 3492 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 13:13:33.0953 3492 AntiVirSchedulerService - ok 13:13:34.0000 3492 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 13:13:34.0000 3492 AntiVirService - ok 13:13:34.0078 3492 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 13:13:34.0093 3492 AntiVirWebService - ok 13:13:34.0125 3492 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 13:13:34.0140 3492 Apple Mobile Device - ok 13:13:34.0140 3492 AppMgmt - ok 13:13:34.0187 3492 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 13:13:34.0203 3492 Arp1394 - ok 13:13:34.0203 3492 asc - ok 13:13:34.0218 3492 asc3350p - ok 13:13:34.0218 3492 asc3550 - ok 13:13:34.0359 3492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:13:34.0406 3492 aspnet_state - ok 13:13:34.0421 3492 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:13:34.0453 3492 AsyncMac - ok 13:13:34.0484 3492 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:13:34.0515 3492 atapi - ok 13:13:34.0515 3492 Atdisk - ok 13:13:34.0640 3492 Ati HotKey Poller (1444104df30f365a5094e14ec5433b8e) C:\WINDOWS\system32\Ati2evxx.exe 13:13:34.0640 3492 Ati HotKey Poller - ok 13:13:34.0671 3492 ATI Smart (d3cd82df053f076c63a2d6f24aad2e22) C:\WINDOWS\system32\ati2sgag.exe 13:13:34.0687 3492 ATI Smart - ok 13:13:34.0734 3492 ati2mtag (1fa523c5e4ad953f896ea50c33475bea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 13:13:34.0750 3492 ati2mtag - ok 13:13:34.0890 3492 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:13:34.0906 3492 Atmarpc - ok 13:13:34.0968 3492 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll 13:13:34.0968 3492 AudioSrv - ok 13:13:35.0000 3492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:13:35.0000 3492 audstub - ok 13:13:35.0046 3492 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 13:13:35.0062 3492 Avc - ok 13:13:35.0109 3492 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 13:13:35.0109 3492 avgntflt - ok 13:13:35.0156 3492 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 13:13:35.0171 3492 avipbb - ok 13:13:35.0218 3492 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 13:13:35.0234 3492 avkmgr - ok 13:13:35.0296 3492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:13:35.0296 3492 Beep - ok 13:13:35.0359 3492 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll 13:13:35.0515 3492 BITS - ok 13:13:35.0578 3492 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll 13:13:35.0578 3492 Browser - ok 13:13:35.0765 3492 catchme - ok 13:13:35.0796 3492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:13:35.0812 3492 cbidf2k - ok 13:13:35.0859 3492 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:13:35.0875 3492 CCDECODE - ok 13:13:35.0875 3492 cd20xrnt - ok 13:13:35.0953 3492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:13:35.0953 3492 Cdaudio - ok 13:13:35.0984 3492 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 13:13:36.0015 3492 Cdfs - ok 13:13:36.0031 3492 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:13:36.0046 3492 Cdrom - ok 13:13:36.0078 3492 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 13:13:36.0093 3492 cercsr6 - ok 13:13:36.0093 3492 Changer - ok 13:13:36.0171 3492 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe 13:13:36.0171 3492 CiSvc - ok 13:13:36.0218 3492 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe 13:13:36.0234 3492 ClipSrv - ok 13:13:36.0406 3492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:13:36.0625 3492 clr_optimization_v2.0.50727_32 - ok 13:13:36.0687 3492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:13:36.0765 3492 clr_optimization_v4.0.30319_32 - ok 13:13:36.0765 3492 CmdIde - ok 13:13:36.0765 3492 COMSysApp - ok 13:13:36.0781 3492 Cpqarray - ok 13:13:36.0828 3492 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll 13:13:36.0828 3492 CryptSvc - ok 13:13:36.0843 3492 dac2w2k - ok 13:13:36.0843 3492 dac960nt - ok 13:13:36.0921 3492 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys 13:13:36.0937 3492 DcCam - ok 13:13:36.0953 3492 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys 13:13:36.0984 3492 DcFpoint - ok 13:13:37.0000 3492 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys 13:13:37.0031 3492 DCFS2K - ok 13:13:37.0062 3492 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys 13:13:37.0078 3492 DcLps - ok 13:13:37.0171 3492 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll 13:13:37.0203 3492 DcomLaunch - ok 13:13:37.0203 3492 DcPTP (4afaea300a82f0470dc8b8abd619aba8) C:\WINDOWS\system32\DRIVERS\DcPTP.sys 13:13:37.0265 3492 DcPTP - ok 13:13:37.0296 3492 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll 13:13:37.0296 3492 Dhcp - ok 13:13:37.0343 3492 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 13:13:37.0375 3492 Disk - ok 13:13:37.0375 3492 dmadmin - ok 13:13:37.0453 3492 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 13:13:37.0500 3492 dmboot - ok 13:13:37.0546 3492 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 13:13:37.0593 3492 dmio - ok 13:13:37.0640 3492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:13:37.0640 3492 dmload - ok 13:13:37.0687 3492 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll 13:13:37.0687 3492 dmserver - ok 13:13:37.0734 3492 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 13:13:37.0765 3492 DMusic - ok 13:13:37.0812 3492 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll 13:13:37.0828 3492 Dnscache - ok 13:13:37.0875 3492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 13:13:37.0890 3492 Dot3svc - ok 13:13:37.0906 3492 dpti2o - ok 13:13:37.0937 3492 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 13:13:37.0937 3492 drmkaud - ok 13:13:38.0000 3492 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 13:13:38.0015 3492 e1express - ok 13:13:38.0031 3492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 13:13:38.0078 3492 EapHost - ok 13:13:38.0140 3492 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll 13:13:38.0140 3492 ERSvc - ok 13:13:38.0203 3492 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:13:38.0218 3492 Eventlog - ok 13:13:38.0218 3492 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll 13:13:38.0234 3492 EventSystem - ok 13:13:38.0281 3492 Exportit (7ae55f93da22f0732993bce6093105dd) C:\WINDOWS\system32\DRIVERS\exportit.sys 13:13:38.0312 3492 Exportit - ok 13:13:38.0375 3492 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 13:13:38.0390 3492 Fastfat - ok 13:13:38.0453 3492 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:13:38.0453 3492 FastUserSwitchingCompatibility - ok 13:13:38.0515 3492 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 13:13:38.0531 3492 Fdc - ok 13:13:38.0531 3492 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 13:13:38.0531 3492 Fips - ok 13:13:38.0609 3492 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 13:13:38.0625 3492 Flpydisk - ok 13:13:38.0687 3492 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 13:13:38.0703 3492 FltMgr - ok 13:13:38.0812 3492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 13:13:38.0828 3492 FontCache3.0.0.0 - ok 13:13:38.0843 3492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:13:38.0843 3492 Fs_Rec - ok 13:13:38.0890 3492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:13:38.0921 3492 Ftdisk - ok 13:13:38.0953 3492 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys 13:13:38.0953 3492 GearAspiWDM - ok 13:13:38.0968 3492 GEARSecurity (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe 13:13:38.0968 3492 GEARSecurity - ok 13:13:39.0015 3492 glauiad (8243722ac9c74645d745471428ae4d8a) C:\WINDOWS\system32\DRIVERS\glauiad.sys 13:13:39.0031 3492 glauiad - ok 13:13:39.0093 3492 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:13:39.0109 3492 Gpc - ok 13:13:39.0265 3492 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:39.0281 3492 gupdate - ok 13:13:39.0281 3492 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:39.0281 3492 gupdatem - ok 13:13:39.0343 3492 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:13:39.0359 3492 gusvc - ok 13:13:39.0406 3492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:13:39.0406 3492 HDAudBus - ok 13:13:39.0468 3492 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:13:39.0484 3492 helpsvc - ok 13:13:39.0484 3492 HidServ - ok 13:13:39.0500 3492 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:13:39.0515 3492 hidusb - ok 13:13:39.0562 3492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 13:13:39.0640 3492 hkmsvc - ok 13:13:39.0640 3492 hpn - ok 13:13:39.0687 3492 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 13:13:39.0734 3492 HSFHWBS2 - ok 13:13:39.0765 3492 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 13:13:39.0875 3492 HSF_DP - ok 13:13:39.0937 3492 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 13:13:39.0937 3492 HTTP - ok 13:13:40.0000 3492 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll 13:13:40.0031 3492 HTTPFilter - ok 13:13:40.0031 3492 i2omgmt - ok 13:13:40.0031 3492 i2omp - ok 13:13:40.0062 3492 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys 13:13:40.0093 3492 i8042prt - ok 13:13:40.0218 3492 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys 13:13:40.0234 3492 iastor - ok 13:13:40.0437 3492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:13:40.0531 3492 idsvc - ok 13:13:40.0671 3492 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:13:40.0687 3492 Imapi - ok 13:13:40.0750 3492 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe 13:13:40.0750 3492 ImapiService - ok 13:13:40.0765 3492 InCDFs - ok 13:13:40.0765 3492 InCDPass - ok 13:13:40.0765 3492 InCDRm - ok 13:13:40.0781 3492 ini910u - ok 13:13:40.0781 3492 IntelIde - ok 13:13:40.0843 3492 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:13:40.0859 3492 intelppm - ok 13:13:40.0921 3492 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 13:13:40.0937 3492 Ip6Fw - ok 13:13:41.0000 3492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:13:41.0000 3492 IpFilterDriver - ok 13:13:41.0031 3492 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:13:41.0046 3492 IpInIp - ok 13:13:41.0078 3492 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:13:41.0078 3492 IpNat - ok 13:13:41.0250 3492 iPod Service (e1bd28ca09ee8f30e8edbd6c19f5579d) C:\Program Files\iPod\bin\iPodService.exe 13:13:41.0312 3492 iPod Service - ok 13:13:41.0359 3492 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:13:41.0390 3492 IPSec - ok 13:13:41.0421 3492 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:13:41.0437 3492 IRENUM - ok 13:13:41.0468 3492 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:13:41.0484 3492 isapnp - ok 13:13:41.0515 3492 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:13:41.0546 3492 Kbdclass - ok 13:13:41.0562 3492 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:13:41.0625 3492 kbdhid - ok 13:13:41.0687 3492 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 13:13:41.0703 3492 kmixer - ok 13:13:41.0781 3492 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe 13:13:41.0781 3492 KodakCCS - ok 13:13:41.0812 3492 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 13:13:41.0859 3492 KSecDD - ok 13:13:41.0921 3492 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll 13:13:41.0921 3492 lanmanserver - ok 13:13:41.0937 3492 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll 13:13:41.0953 3492 lanmanworkstation - ok 13:13:41.0953 3492 lbrtfdc - ok 13:13:42.0015 3492 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll 13:13:42.0015 3492 LmHosts - ok 13:13:42.0125 3492 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 13:13:42.0187 3492 MatSvc - ok 13:13:42.0203 3492 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 13:13:42.0218 3492 MBAMProtector - ok 13:13:42.0296 3492 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:13:42.0296 3492 MBAMService - ok 13:13:42.0296 3492 mdf16 - ok 13:13:42.0359 3492 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 13:13:42.0375 3492 mdmxsdk - ok 13:13:42.0375 3492 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll 13:13:42.0406 3492 Messenger - ok 13:13:42.0437 3492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:13:42.0437 3492 mnmdd - ok 13:13:42.0453 3492 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe 13:13:42.0484 3492 mnmsrvc - ok 13:13:42.0531 3492 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 13:13:42.0546 3492 Modem - ok 13:13:42.0546 3492 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 13:13:42.0562 3492 MODEMCSA - ok 13:13:42.0640 3492 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:13:42.0656 3492 Mouclass - ok 13:13:42.0656 3492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:13:42.0687 3492 mouhid - ok 13:13:42.0718 3492 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 13:13:42.0750 3492 MountMgr - ok 13:13:42.0812 3492 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 13:13:42.0812 3492 MpFilter - ok 13:13:42.0812 3492 mraid35x - ok 13:13:42.0828 3492 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:13:42.0843 3492 MRxDAV - ok 13:13:42.0875 3492 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:13:42.0921 3492 MRxSmb - ok 13:13:42.0984 3492 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe 13:13:42.0984 3492 MSDTC - ok 13:13:43.0031 3492 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 13:13:43.0046 3492 MSDV - ok 13:13:43.0062 3492 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 13:13:43.0093 3492 Msfs - ok 13:13:43.0109 3492 MSIServer - ok 13:13:43.0156 3492 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:13:43.0156 3492 MSKSSRV - ok 13:13:43.0234 3492 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 13:13:43.0234 3492 MsMpSvc - ok 13:13:43.0265 3492 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:13:43.0281 3492 MSPCLOCK - ok 13:13:43.0281 3492 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 13:13:43.0296 3492 MSPQM - ok 13:13:43.0296 3492 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:13:43.0296 3492 mssmbios - ok 13:13:43.0328 3492 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 13:13:43.0343 3492 MSTEE - ok 13:13:43.0343 3492 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 13:13:43.0390 3492 Mup - ok 13:13:43.0390 3492 mvd22 - ok 13:13:43.0437 3492 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:13:43.0468 3492 NABTSFEC - ok 13:13:43.0531 3492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 13:13:43.0562 3492 napagent - ok 13:13:43.0625 3492 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 13:13:43.0671 3492 NDIS - ok 13:13:43.0703 3492 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:13:43.0718 3492 NdisIP - ok 13:13:43.0765 3492 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:13:43.0781 3492 NdisTapi - ok 13:13:43.0828 3492 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:13:43.0843 3492 Ndisuio - ok 13:13:43.0890 3492 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:13:43.0921 3492 NdisWan - ok 13:13:43.0921 3492 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 13:13:43.0937 3492 NDProxy - ok 13:13:43.0953 3492 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:13:43.0968 3492 NetBIOS - ok 13:13:44.0031 3492 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:13:44.0046 3492 NetBT - ok 13:13:44.0156 3492 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:13:44.0218 3492 NetDDE - ok 13:13:44.0218 3492 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:13:44.0218 3492 NetDDEdsdm - ok 13:13:44.0265 3492 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:13:44.0265 3492 Netlogon - ok 13:13:44.0328 3492 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll 13:13:44.0328 3492 Netman - ok 13:13:44.0468 3492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:13:44.0546 3492 NetTcpPortSharing - ok 13:13:44.0593 3492 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 13:13:44.0640 3492 NIC1394 - ok 13:13:44.0703 3492 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll 13:13:44.0718 3492 Nla - ok 13:13:44.0734 3492 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 13:13:44.0765 3492 Npfs - ok 13:13:44.0812 3492 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 13:13:44.0875 3492 Ntfs - ok 13:13:44.0890 3492 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:13:44.0890 3492 NtLmSsp - ok 13:13:44.0968 3492 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll 13:13:45.0125 3492 NtmsSvc - ok 13:13:45.0187 3492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:13:45.0187 3492 Null - ok 13:13:45.0234 3492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:13:45.0250 3492 NwlnkFlt - ok 13:13:45.0265 3492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:13:45.0281 3492 NwlnkFwd - ok 13:13:45.0296 3492 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 13:13:45.0296 3492 ohci1394 - ok 13:13:45.0406 3492 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:13:45.0421 3492 ose - ok 13:13:45.0484 3492 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 13:13:45.0500 3492 Parport - ok 13:13:45.0531 3492 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 13:13:45.0562 3492 PartMgr - ok 13:13:45.0609 3492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:13:45.0609 3492 ParVdm - ok 13:13:45.0625 3492 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 13:13:45.0656 3492 PCI - ok 13:13:45.0656 3492 PCIDump - ok 13:13:45.0687 3492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:13:45.0703 3492 PCIIde - ok 13:13:45.0750 3492 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:13:45.0781 3492 Pcmcia - ok 13:13:45.0828 3492 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 13:13:45.0843 3492 Pcouffin - ok 13:13:45.0921 3492 PCPitstop Scheduling (4cac3af00e29ce00ea32282e0dd55799) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 13:13:45.0921 3492 PCPitstop Scheduling - ok 13:13:45.0921 3492 PDCOMP - ok 13:13:45.0921 3492 PDFRAME - ok 13:13:45.0937 3492 PDRELI - ok 13:13:45.0937 3492 PDRFRAME - ok 13:13:45.0953 3492 perc2 - ok 13:13:45.0953 3492 perc2hib - ok 13:13:46.0031 3492 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:13:46.0031 3492 PlugPlay - ok 13:13:46.0031 3492 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:13:46.0031 3492 PolicyAgent - ok 13:13:46.0093 3492 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:13:46.0109 3492 PptpMiniport - ok 13:13:46.0171 3492 PQIMount (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys 13:13:46.0171 3492 PQIMount - ok 13:13:46.0203 3492 PQV2i (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys 13:13:46.0234 3492 PQV2i - ok 13:13:46.0234 3492 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:13:46.0234 3492 ProtectedStorage - ok 13:13:46.0250 3492 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 13:13:46.0296 3492 PSched - ok 13:13:46.0296 3492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:13:46.0312 3492 Ptilink - ok 13:13:46.0343 3492 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:13:46.0375 3492 PxHelp20 - ok 13:13:46.0375 3492 ql1080 - ok 13:13:46.0390 3492 Ql10wnt - ok 13:13:46.0390 3492 ql12160 - ok 13:13:46.0406 3492 ql1240 - ok 13:13:46.0406 3492 ql1280 - ok 13:13:46.0421 3492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:13:46.0437 3492 RasAcd - ok 13:13:46.0484 3492 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll 13:13:46.0500 3492 RasAuto - ok 13:13:46.0546 3492 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:13:46.0562 3492 Rasl2tp - ok 13:13:46.0640 3492 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll 13:13:46.0640 3492 RasMan - ok 13:13:46.0640 3492 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:13:46.0671 3492 RasPppoe - ok 13:13:46.0703 3492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:13:46.0734 3492 Raspti - ok 13:13:46.0796 3492 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:13:46.0812 3492 Rdbss - ok 13:13:46.0843 3492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:13:46.0859 3492 RDPCDD - ok 13:13:46.0921 3492 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 13:13:46.0968 3492 RDPWD - ok 13:13:47.0031 3492 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe 13:13:47.0078 3492 RDSessMgr - ok 13:13:47.0125 3492 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:13:47.0171 3492 redbook - ok 13:13:47.0218 3492 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll 13:13:47.0234 3492 RemoteAccess - ok 13:13:47.0265 3492 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe 13:13:47.0296 3492 RpcLocator - ok 13:13:47.0343 3492 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll 13:13:47.0359 3492 RpcSs - ok 13:13:47.0406 3492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 13:13:47.0437 3492 RSVP - ok 13:13:47.0500 3492 SABProcEnum - ok 13:13:47.0546 3492 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:13:47.0546 3492 SamSs - ok 13:13:47.0625 3492 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 13:13:47.0640 3492 sbp2port - ok 13:13:47.0703 3492 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe 13:13:47.0734 3492 SCardSvr - ok 13:13:47.0781 3492 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll 13:13:47.0781 3492 Schedule - ok 13:13:47.0828 3492 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:13:47.0843 3492 Secdrv - ok 13:13:47.0875 3492 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll 13:13:47.0890 3492 seclogon - ok 13:13:47.0906 3492 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll 13:13:47.0921 3492 SENS - ok 13:13:47.0953 3492 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 13:13:47.0984 3492 Serial - ok 13:13:48.0046 3492 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 13:13:48.0062 3492 Sfloppy - ok 13:13:48.0218 3492 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll 13:13:48.0234 3492 SharedAccess - ok 13:13:48.0296 3492 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:13:48.0296 3492 ShellHWDetection - ok 13:13:48.0296 3492 Simbad - ok 13:13:48.0328 3492 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:13:48.0343 3492 SLIP - ok 13:13:48.0359 3492 Sparrow - ok 13:13:48.0406 3492 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 13:13:48.0406 3492 splitter - ok 13:13:48.0437 3492 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe 13:13:48.0437 3492 Spooler - ok 13:13:48.0453 3492 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 13:13:48.0484 3492 sr - ok 13:13:48.0515 3492 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll 13:13:48.0515 3492 srservice - ok 13:13:48.0531 3492 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 13:13:48.0656 3492 Srv - ok 13:13:48.0656 3492 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll 13:13:48.0656 3492 SSDPSRV - ok 13:13:48.0718 3492 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 13:13:48.0718 3492 ssmdrv - ok 13:13:48.0812 3492 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys 13:13:48.0875 3492 STHDA - ok 13:13:48.0953 3492 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll 13:13:48.0968 3492 stisvc - ok 13:13:49.0062 3492 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:13:49.0078 3492 streamip - ok 13:13:49.0109 3492 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:13:49.0109 3492 swenum - ok 13:13:49.0156 3492 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 13:13:49.0187 3492 swmidi - ok 13:13:49.0203 3492 SwPrv - ok 13:13:49.0203 3492 symc810 - ok 13:13:49.0203 3492 symc8xx - ok 13:13:49.0218 3492 sym_hi - ok 13:13:49.0218 3492 sym_u3 - ok 13:13:49.0281 3492 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 13:13:49.0296 3492 sysaudio - ok 13:13:49.0359 3492 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe 13:13:49.0437 3492 SysmonLog - ok 13:13:49.0484 3492 SZASSIST - ok 13:13:49.0500 3492 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll 13:13:49.0500 3492 TapiSrv - ok 13:13:49.0609 3492 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:13:49.0640 3492 Tcpip - ok 13:13:49.0687 3492 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:13:49.0718 3492 TDPIPE - ok 13:13:49.0734 3492 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 13:13:49.0734 3492 TDTCP - ok 13:13:49.0781 3492 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:13:49.0796 3492 TermDD - ok 13:13:49.0890 3492 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll 13:13:49.0890 3492 TermService - ok 13:13:49.0953 3492 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:13:49.0953 3492 Themes - ok 13:13:49.0953 3492 TosIde - ok 13:13:50.0015 3492 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll 13:13:50.0015 3492 TrkWks - ok 13:13:50.0031 3492 TSP - ok 13:13:50.0078 3492 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 13:13:50.0093 3492 Udfs - ok 13:13:50.0093 3492 ultra - ok 13:13:50.0125 3492 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 13:13:50.0156 3492 UMWdf - ok 13:13:50.0171 3492 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 13:13:50.0218 3492 Update - ok 13:13:50.0234 3492 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll 13:13:50.0234 3492 upnphost - ok 13:13:50.0265 3492 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe 13:13:50.0281 3492 UPS - ok 13:13:50.0328 3492 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:13:50.0343 3492 usbehci - ok 13:13:50.0390 3492 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:13:50.0421 3492 usbhub - ok 13:13:50.0421 3492 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:13:50.0421 3492 usbprint - ok 13:13:50.0468 3492 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 13:13:50.0468 3492 usbser - ok 13:13:50.0515 3492 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:13:50.0531 3492 USBSTOR - ok 13:13:50.0546 3492 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:13:50.0562 3492 usbuhci - ok 13:13:50.0734 3492 V2i Protector (d04b0e50847104007979a57fc3115899) C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe 13:13:50.0796 3492 V2i Protector - ok 13:13:50.0859 3492 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 13:13:50.0859 3492 VgaSave - ok 13:13:50.0875 3492 ViaIde - ok 13:13:50.0921 3492 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 13:13:50.0937 3492 VolSnap - ok 13:13:51.0015 3492 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe 13:13:51.0031 3492 VSS - ok 13:13:51.0093 3492 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll 13:13:51.0109 3492 W32Time - ok 13:13:51.0109 3492 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:13:51.0156 3492 Wanarp - ok 13:13:51.0156 3492 WDICA - ok 13:13:51.0234 3492 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 13:13:51.0250 3492 wdmaud - ok 13:13:51.0296 3492 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll 13:13:51.0296 3492 WebClient - ok 13:13:51.0375 3492 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 13:13:51.0421 3492 winachsf - ok 13:13:51.0500 3492 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 13:13:51.0500 3492 WinDefend - ok 13:13:51.0609 3492 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll 13:13:51.0609 3492 winmgmt - ok 13:13:51.0640 3492 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll 13:13:51.0656 3492 WmdmPmSN - ok 13:13:51.0718 3492 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:13:51.0718 3492 WmiApSrv - ok 13:13:51.0859 3492 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 13:13:51.0906 3492 WMPNetworkSvc - ok 13:13:52.0203 3492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:13:52.0328 3492 WPFFontCache_v0400 - ok 13:13:52.0453 3492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:13:52.0468 3492 WS2IFSL - ok 13:13:52.0531 3492 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll 13:13:52.0609 3492 wscsvc - ok 13:13:52.0625 3492 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:13:52.0656 3492 WSTCODEC - ok 13:13:52.0703 3492 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll 13:13:52.0703 3492 wuauserv - ok 13:13:52.0765 3492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:13:52.0781 3492 WudfPf - ok 13:13:52.0781 3492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:13:52.0796 3492 WudfRd - ok 13:13:52.0812 3492 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 13:13:52.0828 3492 WudfSvc - ok 13:13:52.0875 3492 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll 13:13:52.0875 3492 WZCSVC - ok 13:13:52.0937 3492 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll 13:13:52.0953 3492 xmlprov - ok 13:13:52.0984 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:13:53.0437 3492 \Device\Harddisk0\DR0 - ok 13:13:53.0453 3492 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR3 13:13:54.0062 3492 \Device\Harddisk1\DR3 - ok 13:13:56.0812 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4 13:13:56.0812 3492 \Device\Harddisk2\DR4 - ok 13:13:56.0812 3492 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR5 13:13:56.0828 3492 \Device\Harddisk3\DR5 - ok 13:13:56.0828 3492 Boot (0x1200) (71c4bb88d4b9ba0e773a1394259bc686) \Device\Harddisk0\DR0\Partition0 13:13:56.0828 3492 \Device\Harddisk0\DR0\Partition0 - ok 13:13:56.0828 3492 Boot (0x1200) (616d66cf61f4286b05a33ea30e5aa394) \Device\Harddisk1\DR3\Partition0 13:13:56.0843 3492 \Device\Harddisk1\DR3\Partition0 - ok 13:13:56.0843 3492 Boot (0x1200) (2ea8b72ace107f6eb0e1bcc4e90e0dcc) \Device\Harddisk2\DR4\Partition0 13:13:56.0843 3492 \Device\Harddisk2\DR4\Partition0 - ok 13:13:56.0843 3492 Boot (0x1200) (49431ef498ee255f973d0137b9351021) \Device\Harddisk3\DR5\Partition0 13:13:56.0843 3492 \Device\Harddisk3\DR5\Partition0 - ok 13:13:56.0843 3492 ============================================================ 13:13:56.0843 3492 Scan finished 13:13:56.0843 3492 ============================================================ 13:13:56.0875 2976 Detected object count: 0 13:13:56.0875 2976 Actual detected object count: 0 13:14:03.0453 3884 ============================================================ 13:14:03.0453 3884 Scan started 13:14:03.0453 3884 Mode: Manual; 13:14:03.0453 3884 ============================================================ 13:14:03.0625 3884 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 13:14:03.0625 3884 61883 - ok 13:14:03.0625 3884 Abiosdsk - ok 13:14:03.0640 3884 abp480n5 - ok 13:14:03.0671 3884 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:14:03.0671 3884 ACPI - ok 13:14:03.0718 3884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:14:03.0718 3884 ACPIEC - ok 13:14:03.0828 3884 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 13:14:03.0828 3884 Adobe LM Service - ok 13:14:03.0828 3884 adpu160m - ok 13:14:03.0890 3884 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 13:14:03.0890 3884 aec - ok 13:14:03.0953 3884 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 13:14:03.0953 3884 AFD - ok 13:14:03.0953 3884 Aha154x - ok 13:14:03.0968 3884 aic78u2 - ok 13:14:03.0968 3884 aic78xx - ok 13:14:04.0015 3884 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll 13:14:04.0015 3884 Alerter - ok 13:14:04.0046 3884 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe 13:14:04.0046 3884 ALG - ok 13:14:04.0046 3884 AliIde - ok 13:14:04.0062 3884 amsint - ok 13:14:04.0156 3884 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 13:14:04.0156 3884 AntiVirSchedulerService - ok 13:14:04.0203 3884 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 13:14:04.0203 3884 AntiVirService - ok 13:14:04.0281 3884 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 13:14:04.0281 3884 AntiVirWebService - ok 13:14:04.0328 3884 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 13:14:04.0328 3884 Apple Mobile Device - ok 13:14:04.0328 3884 AppMgmt - ok 13:14:04.0375 3884 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 13:14:04.0375 3884 Arp1394 - ok 13:14:04.0375 3884 asc - ok 13:14:04.0375 3884 asc3350p - ok 13:14:04.0390 3884 asc3550 - ok 13:14:04.0515 3884 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:14:04.0531 3884 aspnet_state - ok 13:14:04.0546 3884 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:14:04.0546 3884 AsyncMac - ok 13:14:04.0625 3884 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:14:04.0625 3884 atapi - ok 13:14:04.0625 3884 Atdisk - ok 13:14:04.0687 3884 Ati HotKey Poller (1444104df30f365a5094e14ec5433b8e) C:\WINDOWS\system32\Ati2evxx.exe 13:14:04.0703 3884 Ati HotKey Poller - ok 13:14:04.0718 3884 ATI Smart (d3cd82df053f076c63a2d6f24aad2e22) C:\WINDOWS\system32\ati2sgag.exe 13:14:04.0718 3884 ATI Smart - ok 13:14:04.0781 3884 ati2mtag (1fa523c5e4ad953f896ea50c33475bea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 13:14:04.0796 3884 ati2mtag - ok 13:14:04.0937 3884 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:14:04.0937 3884 Atmarpc - ok 13:14:04.0984 3884 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll 13:14:04.0984 3884 AudioSrv - ok 13:14:04.0984 3884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:14:04.0984 3884 audstub - ok 13:14:05.0015 3884 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 13:14:05.0015 3884 Avc - ok 13:14:05.0031 3884 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 13:14:05.0031 3884 avgntflt - ok 13:14:05.0093 3884 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 13:14:05.0093 3884 avipbb - ok 13:14:05.0156 3884 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 13:14:05.0156 3884 avkmgr - ok 13:14:05.0171 3884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:14:05.0171 3884 Beep - ok 13:14:05.0250 3884 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll 13:14:05.0250 3884 BITS - ok 13:14:05.0312 3884 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll 13:14:05.0312 3884 Browser - ok 13:14:05.0468 3884 catchme - ok 13:14:05.0515 3884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:14:05.0515 3884 cbidf2k - ok 13:14:05.0562 3884 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:14:05.0562 3884 CCDECODE - ok 13:14:05.0562 3884 cd20xrnt - ok 13:14:05.0640 3884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:14:05.0640 3884 Cdaudio - ok 13:14:05.0671 3884 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 13:14:05.0671 3884 Cdfs - ok 13:14:05.0687 3884 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:14:05.0687 3884 Cdrom - ok 13:14:05.0734 3884 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 13:14:05.0734 3884 cercsr6 - ok 13:14:05.0734 3884 Changer - ok 13:14:05.0765 3884 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe 13:14:05.0765 3884 CiSvc - ok 13:14:05.0812 3884 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe 13:14:05.0828 3884 ClipSrv - ok 13:14:05.0968 3884 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:14:05.0968 3884 clr_optimization_v2.0.50727_32 - ok 13:14:06.0046 3884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:14:06.0046 3884 clr_optimization_v4.0.30319_32 - ok 13:14:06.0046 3884 CmdIde - ok 13:14:06.0046 3884 COMSysApp - ok 13:14:06.0062 3884 Cpqarray - ok 13:14:06.0125 3884 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll 13:14:06.0125 3884 CryptSvc - ok 13:14:06.0125 3884 dac2w2k - ok 13:14:06.0125 3884 dac960nt - ok 13:14:06.0156 3884 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys 13:14:06.0156 3884 DcCam - ok 13:14:06.0187 3884 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys 13:14:06.0187 3884 DcFpoint - ok 13:14:06.0218 3884 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys 13:14:06.0218 3884 DCFS2K - ok 13:14:06.0234 3884 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys 13:14:06.0250 3884 DcLps - ok 13:14:06.0296 3884 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll 13:14:06.0296 3884 DcomLaunch - ok 13:14:06.0328 3884 DcPTP (4afaea300a82f0470dc8b8abd619aba8) C:\WINDOWS\system32\DRIVERS\DcPTP.sys 13:14:06.0328 3884 DcPTP - ok 13:14:06.0343 3884 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll 13:14:06.0359 3884 Dhcp - ok 13:14:06.0375 3884 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 13:14:06.0375 3884 Disk - ok 13:14:06.0390 3884 dmadmin - ok 13:14:06.0453 3884 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 13:14:06.0453 3884 dmboot - ok 13:14:06.0500 3884 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 13:14:06.0500 3884 dmio - ok 13:14:06.0515 3884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:14:06.0515 3884 dmload - ok 13:14:06.0531 3884 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll 13:14:06.0531 3884 dmserver - ok 13:14:06.0562 3884 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 13:14:06.0562 3884 DMusic - ok 13:14:06.0640 3884 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll 13:14:06.0640 3884 Dnscache - ok 13:14:06.0703 3884 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 13:14:06.0703 3884 Dot3svc - ok 13:14:06.0703 3884 dpti2o - ok 13:14:06.0765 3884 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 13:14:06.0765 3884 drmkaud - ok 13:14:06.0843 3884 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 13:14:06.0843 3884 e1express - ok 13:14:06.0890 3884 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 13:14:06.0890 3884 EapHost - ok 13:14:06.0921 3884 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll 13:14:06.0921 3884 ERSvc - ok 13:14:06.0984 3884 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:14:06.0984 3884 Eventlog - ok 13:14:07.0015 3884 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll 13:14:07.0015 3884 EventSystem - ok 13:14:07.0062 3884 Exportit (7ae55f93da22f0732993bce6093105dd) C:\WINDOWS\system32\DRIVERS\exportit.sys 13:14:07.0078 3884 Exportit - ok 13:14:07.0109 3884 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 13:14:07.0109 3884 Fastfat - ok 13:14:07.0171 3884 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:14:07.0171 3884 FastUserSwitchingCompatibility - ok 13:14:07.0218 3884 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 13:14:07.0218 3884 Fdc - ok 13:14:07.0234 3884 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 13:14:07.0234 3884 Fips - ok 13:14:07.0265 3884 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 13:14:07.0265 3884 Flpydisk - ok 13:14:07.0312 3884 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 13:14:07.0312 3884 FltMgr - ok 13:14:07.0421 3884 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 13:14:07.0421 3884 FontCache3.0.0.0 - ok 13:14:07.0453 3884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:14:07.0453 3884 Fs_Rec - ok 13:14:07.0500 3884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:14:07.0500 3884 Ftdisk - ok 13:14:07.0531 3884 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys 13:14:07.0531 3884 GearAspiWDM - ok 13:14:07.0546 3884 GEARSecurity (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe 13:14:07.0546 3884 GEARSecurity - ok 13:14:07.0578 3884 glauiad (8243722ac9c74645d745471428ae4d8a) C:\WINDOWS\system32\DRIVERS\glauiad.sys 13:14:07.0578 3884 glauiad - ok 13:14:07.0656 3884 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:14:07.0656 3884 Gpc - ok 13:14:07.0843 3884 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:14:07.0843 3884 gupdate - ok 13:14:07.0843 3884 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:14:07.0843 3884 gupdatem - ok 13:14:07.0921 3884 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:14:07.0921 3884 gusvc - ok 13:14:07.0984 3884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:14:07.0984 3884 HDAudBus - ok 13:14:08.0046 3884 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:14:08.0046 3884 helpsvc - ok 13:14:08.0062 3884 HidServ - ok 13:14:08.0062 3884 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:14:08.0062 3884 hidusb - ok 13:14:08.0125 3884 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 13:14:08.0125 3884 hkmsvc - ok 13:14:08.0125 3884 hpn - ok 13:14:08.0203 3884 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 13:14:08.0203 3884 HSFHWBS2 - ok 13:14:08.0234 3884 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 13:14:08.0250 3884 HSF_DP - ok 13:14:08.0312 3884 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 13:14:08.0312 3884 HTTP - ok 13:14:08.0375 3884 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll 13:14:08.0375 3884 HTTPFilter - ok 13:14:08.0375 3884 i2omgmt - ok 13:14:08.0375 3884 i2omp - ok 13:14:08.0437 3884 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys 13:14:08.0437 3884 i8042prt - ok 13:14:08.0484 3884 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys 13:14:08.0484 3884 iastor - ok 13:14:08.0718 3884 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:14:08.0718 3884 idsvc - ok 13:14:08.0843 3884 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:14:08.0843 3884 Imapi - ok 13:14:08.0906 3884 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe 13:14:08.0921 3884 ImapiService - ok 13:14:08.0921 3884 InCDFs - ok 13:14:08.0921 3884 InCDPass - ok 13:14:08.0937 3884 InCDRm - ok 13:14:08.0937 3884 ini910u - ok 13:14:08.0953 3884 IntelIde - ok 13:14:09.0000 3884 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:14:09.0015 3884 intelppm - ok 13:14:09.0062 3884 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 13:14:09.0062 3884 Ip6Fw - ok 13:14:09.0078 3884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:14:09.0093 3884 IpFilterDriver - ok 13:14:09.0109 3884 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:14:09.0109 3884 IpInIp - ok 13:14:09.0125 3884 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:14:09.0125 3884 IpNat - ok 13:14:09.0218 3884 iPod Service (e1bd28ca09ee8f30e8edbd6c19f5579d) C:\Program Files\iPod\bin\iPodService.exe 13:14:09.0234 3884 iPod Service - ok 13:14:09.0250 3884 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:14:09.0250 3884 IPSec - ok 13:14:09.0265 3884 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:14:09.0265 3884 IRENUM - ok 13:14:09.0296 3884 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:14:09.0296 3884 isapnp - ok 13:14:09.0328 3884 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:14:09.0328 3884 Kbdclass - ok 13:14:09.0343 3884 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:14:09.0343 3884 kbdhid - ok 13:14:09.0375 3884 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 13:14:09.0375 3884 kmixer - ok 13:14:09.0437 3884 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe 13:14:09.0437 3884 KodakCCS - ok 13:14:09.0468 3884 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 13:14:09.0468 3884 KSecDD - ok 13:14:09.0515 3884 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll 13:14:09.0515 3884 lanmanserver - ok 13:14:09.0578 3884 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll 13:14:09.0578 3884 lanmanworkstation - ok 13:14:09.0578 3884 lbrtfdc - ok 13:14:09.0640 3884 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll 13:14:09.0640 3884 LmHosts - ok 13:14:09.0734 3884 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 13:14:09.0750 3884 MatSvc - ok 13:14:09.0781 3884 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 13:14:09.0781 3884 MBAMProtector - ok 13:14:09.0859 3884 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:14:09.0875 3884 MBAMService - ok 13:14:09.0875 3884 mdf16 - ok 13:14:09.0921 3884 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 13:14:09.0921 3884 mdmxsdk - ok 13:14:09.0937 3884 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll 13:14:09.0937 3884 Messenger - ok 13:14:09.0937 3884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:14:09.0937 3884 mnmdd - ok 13:14:09.0968 3884 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe 13:14:09.0968 3884 mnmsrvc - ok 13:14:09.0984 3884 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 13:14:10.0000 3884 Modem - ok 13:14:10.0000 3884 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 13:14:10.0000 3884 MODEMCSA - ok 13:14:10.0031 3884 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:14:10.0046 3884 Mouclass - ok 13:14:10.0093 3884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:14:10.0093 3884 mouhid - ok 13:14:10.0109 3884 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 13:14:10.0109 3884 MountMgr - ok 13:14:10.0234 3884 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 13:14:10.0250 3884 MpFilter - ok 13:14:10.0250 3884 mraid35x - ok 13:14:10.0250 3884 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:14:10.0265 3884 MRxDAV - ok 13:14:10.0312 3884 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:14:10.0312 3884 MRxSmb - ok 13:14:10.0375 3884 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe 13:14:10.0375 3884 MSDTC - ok 13:14:10.0421 3884 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 13:14:10.0421 3884 MSDV - ok 13:14:10.0437 3884 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 13:14:10.0437 3884 Msfs - ok 13:14:10.0437 3884 MSIServer - ok 13:14:10.0468 3884 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:14:10.0468 3884 MSKSSRV - ok 13:14:10.0531 3884 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 13:14:10.0531 3884 MsMpSvc - ok 13:14:10.0562 3884 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:14:10.0562 3884 MSPCLOCK - ok 13:14:10.0593 3884 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 13:14:10.0593 3884 MSPQM - ok 13:14:10.0609 3884 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:14:10.0609 3884 mssmbios - ok 13:14:10.0640 3884 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 13:14:10.0640 3884 MSTEE - ok 13:14:10.0640 3884 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 13:14:10.0640 3884 Mup - ok 13:14:10.0656 3884 mvd22 - ok 13:14:10.0687 3884 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:14:10.0703 3884 NABTSFEC - ok 13:14:10.0734 3884 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 13:14:10.0734 3884 napagent - ok 13:14:10.0765 3884 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 13:14:10.0765 3884 NDIS - ok 13:14:10.0796 3884 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:14:10.0796 3884 NdisIP - ok 13:14:10.0843 3884 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:14:10.0843 3884 NdisTapi - ok 13:14:10.0890 3884 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:14:10.0906 3884 Ndisuio - ok 13:14:10.0921 3884 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:14:10.0921 3884 NdisWan - ok 13:14:10.0968 3884 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 13:14:10.0968 3884 NDProxy - ok 13:14:10.0968 3884 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:14:10.0968 3884 NetBIOS - ok 13:14:11.0031 3884 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:14:11.0031 3884 NetBT - ok 13:14:11.0109 3884 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:14:11.0109 3884 NetDDE - ok 13:14:11.0109 3884 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:14:11.0109 3884 NetDDEdsdm - ok 13:14:11.0156 3884 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:14:11.0156 3884 Netlogon - ok 13:14:11.0218 3884 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll 13:14:11.0218 3884 Netman - ok 13:14:11.0359 3884 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:14:11.0359 3884 NetTcpPortSharing - ok 13:14:11.0406 3884 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 13:14:11.0406 3884 NIC1394 - ok 13:14:11.0468 3884 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll 13:14:11.0468 3884 Nla - ok 13:14:11.0500 3884 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 13:14:11.0500 3884 Npfs - ok 13:14:11.0546 3884 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 13:14:11.0546 3884 Ntfs - ok 13:14:11.0609 3884 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:14:11.0609 3884 NtLmSsp - ok 13:14:11.0703 3884 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll 13:14:11.0703 3884 NtmsSvc - ok 13:14:11.0703 3884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:14:11.0703 3884 Null - ok 13:14:11.0750 3884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:14:11.0750 3884 NwlnkFlt - ok 13:14:11.0765 3884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:14:11.0765 3884 NwlnkFwd - ok 13:14:11.0781 3884 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 13:14:11.0781 3884 ohci1394 - ok 13:14:11.0890 3884 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:14:11.0890 3884 ose - ok 13:14:11.0953 3884 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 13:14:11.0953 3884 Parport - ok 13:14:11.0984 3884 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 13:14:11.0984 3884 PartMgr - ok 13:14:12.0000 3884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:14:12.0000 3884 ParVdm - ok 13:14:12.0015 3884 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 13:14:12.0015 3884 PCI - ok 13:14:12.0015 3884 PCIDump - ok 13:14:12.0015 3884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:14:12.0015 3884 PCIIde - ok 13:14:12.0078 3884 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:14:12.0078 3884 Pcmcia - ok 13:14:12.0156 3884 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 13:14:12.0171 3884 Pcouffin - ok 13:14:12.0234 3884 PCPitstop Scheduling (4cac3af00e29ce00ea32282e0dd55799) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 13:14:12.0234 3884 PCPitstop Scheduling - ok 13:14:12.0234 3884 PDCOMP - ok 13:14:12.0234 3884 PDFRAME - ok 13:14:12.0250 3884 PDRELI - ok 13:14:12.0250 3884 PDRFRAME - ok 13:14:12.0265 3884 perc2 - ok 13:14:12.0265 3884 perc2hib - ok 13:14:12.0343 3884 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:14:12.0343 3884 PlugPlay - ok 13:14:12.0359 3884 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:14:12.0359 3884 PolicyAgent - ok 13:14:12.0406 3884 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:14:12.0406 3884 PptpMiniport - ok 13:14:12.0468 3884 PQIMount (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys 13:14:12.0468 3884 PQIMount - ok 13:14:12.0500 3884 PQV2i (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys 13:14:12.0500 3884 PQV2i - ok 13:14:12.0500 3884 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:14:12.0500 3884 ProtectedStorage - ok 13:14:12.0515 3884 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 13:14:12.0515 3884 PSched - ok 13:14:12.0531 3884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:14:12.0531 3884 Ptilink - ok 13:14:12.0546 3884 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:14:12.0546 3884 PxHelp20 - ok 13:14:12.0546 3884 ql1080 - ok 13:14:12.0546 3884 Ql10wnt - ok 13:14:12.0562 3884 ql12160 - ok 13:14:12.0562 3884 ql1240 - ok 13:14:12.0562 3884 ql1280 - ok 13:14:12.0609 3884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:14:12.0609 3884 RasAcd - ok 13:14:12.0671 3884 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll 13:14:12.0671 3884 RasAuto - ok 13:14:12.0734 3884 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:14:12.0734 3884 Rasl2tp - ok 13:14:12.0796 3884 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll 13:14:12.0796 3884 RasMan - ok 13:14:12.0796 3884 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:14:12.0796 3884 RasPppoe - ok 13:14:12.0828 3884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:14:12.0828 3884 Raspti - ok 13:14:12.0875 3884 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:14:12.0875 3884 Rdbss - ok 13:14:12.0906 3884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:14:12.0906 3884 RDPCDD - ok 13:14:12.0968 3884 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 13:14:12.0968 3884 RDPWD - ok 13:14:13.0015 3884 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe 13:14:13.0015 3884 RDSessMgr - ok 13:14:13.0062 3884 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:14:13.0062 3884 redbook - ok 13:14:13.0125 3884 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll 13:14:13.0125 3884 RemoteAccess - ok 13:14:13.0156 3884 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe 13:14:13.0156 3884 RpcLocator - ok 13:14:13.0218 3884 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll 13:14:13.0234 3884 RpcSs - ok 13:14:13.0281 3884 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 13:14:13.0281 3884 RSVP - ok 13:14:13.0359 3884 SABProcEnum - ok 13:14:13.0406 3884 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:14:13.0406 3884 SamSs - ok 13:14:13.0468 3884 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 13:14:13.0468 3884 sbp2port - ok 13:14:13.0515 3884 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe 13:14:13.0531 3884 SCardSvr - ok 13:14:13.0625 3884 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll 13:14:13.0625 3884 Schedule - ok 13:14:13.0671 3884 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:14:13.0671 3884 Secdrv - ok 13:14:13.0703 3884 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll 13:14:13.0703 3884 seclogon - ok 13:14:13.0734 3884 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll 13:14:13.0734 3884 SENS - ok 13:14:13.0781 3884 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 13:14:13.0781 3884 Serial - ok 13:14:13.0843 3884 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 13:14:13.0843 3884 Sfloppy - ok 13:14:13.0906 3884 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll 13:14:13.0921 3884 SharedAccess - ok 13:14:13.0968 3884 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:14:13.0984 3884 ShellHWDetection - ok 13:14:13.0984 3884 Simbad - ok 13:14:14.0015 3884 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:14:14.0015 3884 SLIP - ok 13:14:14.0015 3884 Sparrow - ok 13:14:14.0062 3884 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 13:14:14.0062 3884 splitter - ok 13:14:14.0109 3884 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe 13:14:14.0109 3884 Spooler - ok 13:14:14.0140 3884 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 13:14:14.0140 3884 sr - ok 13:14:14.0156 3884 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll 13:14:14.0171 3884 srservice - ok 13:14:14.0187 3884 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 13:14:14.0187 3884 Srv - ok 13:14:14.0187 3884 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll 13:14:14.0187 3884 SSDPSRV - ok 13:14:14.0250 3884 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 13:14:14.0250 3884 ssmdrv - ok 13:14:14.0343 3884 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys 13:14:14.0343 3884 STHDA - ok 13:14:14.0421 3884 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll 13:14:14.0421 3884 stisvc - ok 13:14:14.0515 3884 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:14:14.0515 3884 streamip - ok 13:14:14.0562 3884 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:14:14.0562 3884 swenum - ok 13:14:14.0609 3884 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 13:14:14.0609 3884 swmidi - ok 13:14:14.0609 3884 SwPrv - ok 13:14:14.0625 3884 symc810 - ok 13:14:14.0625 3884 symc8xx - ok 13:14:14.0640 3884 sym_hi - ok 13:14:14.0640 3884 sym_u3 - ok 13:14:14.0687 3884 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 13:14:14.0687 3884 sysaudio - ok 13:14:14.0765 3884 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe 13:14:14.0765 3884 SysmonLog - ok 13:14:14.0796 3884 SZASSIST - ok 13:14:14.0812 3884 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll 13:14:14.0828 3884 TapiSrv - ok 13:14:14.0890 3884 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:14:14.0890 3884 Tcpip - ok 13:14:14.0937 3884 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:14:14.0937 3884 TDPIPE - ok 13:14:14.0953 3884 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 13:14:14.0953 3884 TDTCP - ok 13:14:15.0000 3884 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:14:15.0000 3884 TermDD - ok 13:14:15.0093 3884 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll 13:14:15.0093 3884 TermService - ok 13:14:15.0156 3884 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:14:15.0156 3884 Themes - ok 13:14:15.0171 3884 TosIde - ok 13:14:15.0218 3884 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll 13:14:15.0234 3884 TrkWks - ok 13:14:15.0234 3884 TSP - ok 13:14:15.0296 3884 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 13:14:15.0296 3884 Udfs - ok 13:14:15.0296 3884 ultra - ok 13:14:15.0328 3884 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 13:14:15.0328 3884 UMWdf - ok 13:14:15.0359 3884 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 13:14:15.0359 3884 Update - ok 13:14:15.0390 3884 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll 13:14:15.0406 3884 upnphost - ok 13:14:15.0421 3884 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe 13:14:15.0421 3884 UPS - ok 13:14:15.0468 3884 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:14:15.0468 3884 usbehci - ok 13:14:15.0515 3884 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:14:15.0515 3884 usbhub - ok 13:14:15.0515 3884 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:14:15.0515 3884 usbprint - ok 13:14:15.0531 3884 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 13:14:15.0531 3884 usbser - ok 13:14:15.0578 3884 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:14:15.0578 3884 USBSTOR - ok 13:14:15.0625 3884 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:14:15.0625 3884 usbuhci - ok 13:14:15.0781 3884 V2i Protector (d04b0e50847104007979a57fc3115899) C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe 13:14:15.0796 3884 V2i Protector - ok 13:14:15.0828 3884 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 13:14:15.0828 3884 VgaSave - ok 13:14:15.0828 3884 ViaIde - ok 13:14:15.0875 3884 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 13:14:15.0875 3884 VolSnap - ok 13:14:15.0906 3884 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe 13:14:15.0906 3884 VSS - ok 13:14:15.0968 3884 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll 13:14:15.0984 3884 W32Time - ok 13:14:15.0984 3884 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:14:15.0984 3884 Wanarp - ok 13:14:15.0984 3884 WDICA - ok 13:14:16.0046 3884 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 13:14:16.0046 3884 wdmaud - ok 13:14:16.0078 3884 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll 13:14:16.0093 3884 WebClient - ok 13:14:16.0171 3884 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 13:14:16.0187 3884 winachsf - ok 13:14:16.0265 3884 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 13:14:16.0265 3884 WinDefend - ok 13:14:16.0343 3884 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll 13:14:16.0359 3884 winmgmt - ok 13:14:16.0390 3884 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll 13:14:16.0390 3884 WmdmPmSN - ok 13:14:16.0437 3884 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:14:16.0437 3884 WmiApSrv - ok 13:14:16.0625 3884 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 13:14:16.0640 3884 WMPNetworkSvc - ok 13:14:16.0921 3884 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:14:16.0937 3884 WPFFontCache_v0400 - ok 13:14:17.0015 3884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:14:17.0015 3884 WS2IFSL - ok 13:14:17.0078 3884 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll 13:14:17.0078 3884 wscsvc - ok 13:14:17.0140 3884 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:14:17.0140 3884 WSTCODEC - ok 13:14:17.0203 3884 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll 13:14:17.0203 3884 wuauserv - ok 13:14:17.0265 3884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:14:17.0265 3884 WudfPf - ok 13:14:17.0281 3884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:14:17.0296 3884 WudfRd - ok 13:14:17.0296 3884 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 13:14:17.0296 3884 WudfSvc - ok 13:14:17.0328 3884 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll 13:14:17.0343 3884 WZCSVC - ok 13:14:17.0390 3884 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll 13:14:17.0390 3884 xmlprov - ok 13:14:17.0421 3884 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:14:17.0859 3884 \Device\Harddisk0\DR0 - ok 13:14:17.0875 3884 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR3 13:14:18.0203 3884 \Device\Harddisk1\DR3 - ok 13:14:18.0203 3884 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4 13:14:18.0203 3884 \Device\Harddisk2\DR4 - ok 13:14:18.0218 3884 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR5 13:14:18.0218 3884 \Device\Harddisk3\DR5 - ok 13:14:18.0218 3884 Boot (0x1200) (71c4bb88d4b9ba0e773a1394259bc686) \Device\Harddisk0\DR0\Partition0 13:14:18.0218 3884 \Device\Harddisk0\DR0\Partition0 - ok 13:14:18.0234 3884 Boot (0x1200) (616d66cf61f4286b05a33ea30e5aa394) \Device\Harddisk1\DR3\Partition0 13:14:18.0234 3884 \Device\Harddisk1\DR3\Partition0 - ok 13:14:18.0234 3884 Boot (0x1200) (2ea8b72ace107f6eb0e1bcc4e90e0dcc) \Device\Harddisk2\DR4\Partition0 13:14:18.0234 3884 \Device\Harddisk2\DR4\Partition0 - ok 13:14:18.0250 3884 Boot (0x1200) (49431ef498ee255f973d0137b9351021) \Device\Harddisk3\DR5\Partition0 13:14:18.0250 3884 \Device\Harddisk3\DR5\Partition0 - ok 13:14:18.0250 3884 ============================================================ 13:14:18.0250 3884 Scan finished 13:14:18.0250 3884 ============================================================ 13:14:18.0250 1816 Detected object count: 0 13:14:18.0250 1816 Actual detected object count: 0 13:14:27.0453 3456 Deinitialize success
  8. colin0100
    Maniac, I ran TDSSkiller, and it found about 9 items. The display was not showing much detail that I could match the display to the items you asked my to delete. I rebooted and ran again, thinking maybe I had done something wrong...again, changed parameters. The second run showed nothing. Sorry, think I mesed up. Will not start step 2 until I hear from you Here is log odf the first run: (second run in next message. 12:59:52.0500 4004 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 12:59:53.0500 4004 ============================================================ 12:59:53.0500 4004 Current date / time: 2012/07/04 12:59:53.0500 12:59:53.0500 4004 SystemInfo: 12:59:53.0500 4004 12:59:53.0500 4004 OS Version: 5.1.2600 ServicePack: 2.0 12:59:53.0500 4004 Product type: Workstation 12:59:53.0500 4004 ComputerName: NEW-TOY 12:59:53.0500 4004 UserName: COLIN 12:59:53.0500 4004 Windows directory: C:\WINDOWS 12:59:53.0500 4004 System windows directory: C:\WINDOWS 12:59:53.0500 4004 Processor architecture: Intel x86 12:59:53.0500 4004 Number of processors: 2 12:59:53.0500 4004 Page size: 0x1000 12:59:53.0500 4004 Boot type: Normal boot 12:59:53.0500 4004 ============================================================ 12:59:54.0531 4004 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:59:54.0531 4004 Drive \Device\Harddisk1\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:59:54.0531 4004 Drive \Device\Harddisk2\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:59:59.0812 4004 Drive \Device\Harddisk3\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:59:59.0812 4004 ============================================================ 12:59:59.0812 4004 \Device\Harddisk0\DR0: 12:59:59.0828 4004 MBR partitions: 12:59:59.0828 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1D189832 12:59:59.0828 4004 \Device\Harddisk1\DR4: 12:59:59.0828 4004 MBR partitions: 12:59:59.0828 4004 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705981 12:59:59.0828 4004 \Device\Harddisk2\DR5: 12:59:59.0828 4004 MBR partitions: 12:59:59.0828 4004 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000 12:59:59.0828 4004 \Device\Harddisk3\DR6: 12:59:59.0828 4004 MBR partitions: 12:59:59.0828 4004 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2 12:59:59.0828 4004 ============================================================ 12:59:59.0875 4004 C: <-> \Device\Harddisk0\DR0\Partition0 13:00:00.0281 4004 G: <-> \Device\Harddisk1\DR4\Partition0 13:00:00.0453 4004 H: <-> \Device\Harddisk2\DR5\Partition0 13:00:00.0453 4004 ============================================================ 13:00:00.0453 4004 Initialize success 13:00:00.0453 4004 ============================================================ 13:00:43.0187 1740 ============================================================ 13:00:43.0187 1740 Scan started 13:00:43.0187 1740 Mode: Manual; SigCheck; TDLFS; 13:00:43.0187 1740 ============================================================ 13:00:50.0906 1740 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 13:00:52.0062 1740 61883 - ok 13:00:52.0062 1740 Abiosdsk - ok 13:00:52.0062 1740 abp480n5 - ok 13:00:52.0140 1740 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:00:52.0281 1740 ACPI - ok 13:00:52.0328 1740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:00:52.0484 1740 ACPIEC - ok 13:00:52.0609 1740 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 13:00:52.0625 1740 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 13:00:52.0625 1740 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 13:00:52.0625 1740 adpu160m - ok 13:00:52.0703 1740 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 13:00:52.0828 1740 aec - ok 13:00:52.0890 1740 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 13:00:53.0031 1740 AFD - ok 13:00:53.0031 1740 Aha154x - ok 13:00:53.0046 1740 aic78u2 - ok 13:00:53.0046 1740 aic78xx - ok 13:00:53.0078 1740 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll 13:00:53.0203 1740 Alerter - ok 13:00:53.0234 1740 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe 13:00:53.0328 1740 ALG - ok 13:00:53.0328 1740 AliIde - ok 13:00:53.0343 1740 amsint - ok 13:00:53.0453 1740 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 13:00:53.0484 1740 AntiVirSchedulerService - ok 13:00:53.0546 1740 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 13:00:53.0562 1740 AntiVirService - ok 13:00:53.0640 1740 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 13:00:53.0671 1740 AntiVirWebService - ok 13:00:53.0703 1740 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 13:00:53.0750 1740 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning 13:00:53.0750 1740 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1) 13:00:53.0765 1740 AppMgmt - ok 13:00:53.0828 1740 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 13:00:53.0984 1740 Arp1394 - ok 13:00:53.0984 1740 asc - ok 13:00:54.0000 1740 asc3350p - ok 13:00:54.0000 1740 asc3550 - ok 13:00:54.0125 1740 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:00:54.0140 1740 aspnet_state - ok 13:00:54.0171 1740 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:00:54.0343 1740 AsyncMac - ok 13:00:54.0406 1740 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:00:54.0546 1740 atapi - ok 13:00:54.0562 1740 Atdisk - ok 13:00:54.0625 1740 Ati HotKey Poller (1444104df30f365a5094e14ec5433b8e) C:\WINDOWS\system32\Ati2evxx.exe 13:00:54.0765 1740 Ati HotKey Poller - ok 13:00:54.0828 1740 ATI Smart (d3cd82df053f076c63a2d6f24aad2e22) C:\WINDOWS\system32\ati2sgag.exe 13:00:54.0859 1740 ATI Smart ( UnsignedFile.Multi.Generic ) - warning 13:00:54.0859 1740 ATI Smart - detected UnsignedFile.Multi.Generic (1) 13:00:54.0953 1740 ati2mtag (1fa523c5e4ad953f896ea50c33475bea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 13:00:55.0062 1740 ati2mtag - ok 13:00:55.0203 1740 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:00:55.0343 1740 Atmarpc - ok 13:00:55.0406 1740 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll 13:00:55.0562 1740 AudioSrv - ok 13:00:55.0625 1740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:00:55.0750 1740 audstub - ok 13:00:55.0796 1740 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 13:00:55.0953 1740 Avc - ok 13:00:56.0015 1740 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 13:00:56.0265 1740 avgntflt - ok 13:00:56.0328 1740 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 13:00:56.0343 1740 avipbb - ok 13:00:56.0406 1740 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 13:00:56.0421 1740 avkmgr - ok 13:00:56.0484 1740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:00:56.0640 1740 Beep - ok 13:00:56.0718 1740 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll 13:00:56.0921 1740 BITS - ok 13:00:56.0968 1740 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll 13:00:57.0156 1740 Browser - ok 13:00:57.0328 1740 catchme - ok 13:00:57.0359 1740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:00:57.0500 1740 cbidf2k - ok 13:00:57.0531 1740 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:00:57.0687 1740 CCDECODE - ok 13:00:57.0687 1740 cd20xrnt - ok 13:00:57.0750 1740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:00:57.0906 1740 Cdaudio - ok 13:00:57.0984 1740 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 13:00:58.0140 1740 Cdfs - ok 13:00:58.0187 1740 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:00:58.0328 1740 Cdrom - ok 13:00:58.0390 1740 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 13:00:58.0406 1740 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 13:00:58.0406 1740 cercsr6 - detected UnsignedFile.Multi.Generic (1) 13:00:58.0421 1740 Changer - ok 13:00:58.0453 1740 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe 13:00:58.0625 1740 CiSvc - ok 13:00:58.0687 1740 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe 13:00:58.0828 1740 ClipSrv - ok 13:00:58.0984 1740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:00:59.0078 1740 clr_optimization_v2.0.50727_32 - ok 13:00:59.0156 1740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:00:59.0171 1740 clr_optimization_v4.0.30319_32 - ok 13:00:59.0171 1740 CmdIde - ok 13:00:59.0187 1740 COMSysApp - ok 13:00:59.0187 1740 Cpqarray - ok 13:00:59.0234 1740 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll 13:00:59.0390 1740 CryptSvc - ok 13:00:59.0390 1740 dac2w2k - ok 13:00:59.0390 1740 dac960nt - ok 13:00:59.0453 1740 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys 13:00:59.0531 1740 DcCam - ok 13:00:59.0562 1740 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys 13:00:59.0593 1740 DcFpoint - ok 13:00:59.0609 1740 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys 13:00:59.0671 1740 DCFS2K - ok 13:00:59.0703 1740 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys 13:00:59.0750 1740 DcLps - ok 13:00:59.0828 1740 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll 13:01:00.0000 1740 DcomLaunch - ok 13:01:00.0031 1740 DcPTP (4afaea300a82f0470dc8b8abd619aba8) C:\WINDOWS\system32\DRIVERS\DcPTP.sys 13:01:00.0093 1740 DcPTP - ok 13:01:00.0156 1740 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll 13:01:00.0390 1740 Dhcp - ok 13:01:00.0484 1740 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 13:01:00.0625 1740 Disk - ok 13:01:00.0625 1740 dmadmin - ok 13:01:00.0703 1740 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 13:01:00.0937 1740 dmboot - ok 13:01:00.0968 1740 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 13:01:01.0140 1740 dmio - ok 13:01:01.0187 1740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:01:01.0296 1740 dmload - ok 13:01:01.0328 1740 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll 13:01:01.0484 1740 dmserver - ok 13:01:01.0562 1740 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 13:01:01.0703 1740 DMusic - ok 13:01:01.0765 1740 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll 13:01:01.0906 1740 Dnscache - ok 13:01:01.0953 1740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 13:01:01.0968 1740 Dot3svc ( UnsignedFile.Multi.Generic ) - warning 13:01:01.0984 1740 Dot3svc - detected UnsignedFile.Multi.Generic (1) 13:01:01.0984 1740 dpti2o - ok 13:01:02.0015 1740 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 13:01:02.0156 1740 drmkaud - ok 13:01:02.0234 1740 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 13:01:02.0328 1740 e1express - ok 13:01:02.0390 1740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 13:01:02.0406 1740 EapHost ( UnsignedFile.Multi.Generic ) - warning 13:01:02.0406 1740 EapHost - detected UnsignedFile.Multi.Generic (1) 13:01:02.0468 1740 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll 13:01:02.0593 1740 ERSvc - ok 13:01:02.0656 1740 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:01:02.0796 1740 Eventlog - ok 13:01:02.0859 1740 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll 13:01:03.0046 1740 EventSystem - ok 13:01:03.0109 1740 Exportit (7ae55f93da22f0732993bce6093105dd) C:\WINDOWS\system32\DRIVERS\exportit.sys 13:01:03.0140 1740 Exportit - ok 13:01:03.0218 1740 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 13:01:03.0343 1740 Fastfat - ok 13:01:03.0390 1740 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:01:03.0531 1740 FastUserSwitchingCompatibility - ok 13:01:03.0593 1740 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 13:01:03.0734 1740 Fdc - ok 13:01:03.0765 1740 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 13:01:03.0906 1740 Fips - ok 13:01:03.0937 1740 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 13:01:04.0093 1740 Flpydisk - ok 13:01:04.0187 1740 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 13:01:04.0406 1740 FltMgr - ok 13:01:04.0515 1740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 13:01:04.0546 1740 FontCache3.0.0.0 - ok 13:01:04.0546 1740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:01:04.0718 1740 Fs_Rec - ok 13:01:04.0781 1740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:01:04.0953 1740 Ftdisk - ok 13:01:05.0000 1740 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys 13:01:05.0031 1740 GearAspiWDM - ok 13:01:05.0093 1740 GEARSecurity (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe 13:01:05.0093 1740 GEARSecurity ( UnsignedFile.Multi.Generic ) - warning 13:01:05.0093 1740 GEARSecurity - detected UnsignedFile.Multi.Generic (1) 13:01:05.0156 1740 glauiad (8243722ac9c74645d745471428ae4d8a) C:\WINDOWS\system32\DRIVERS\glauiad.sys 13:01:05.0203 1740 glauiad - ok 13:01:05.0218 1740 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:01:05.0375 1740 Gpc - ok 13:01:05.0531 1740 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:01:05.0546 1740 gupdate - ok 13:01:05.0546 1740 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 13:01:05.0562 1740 gupdatem - ok 13:01:05.0625 1740 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:01:05.0703 1740 gusvc - ok 13:01:05.0750 1740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:01:05.0750 1740 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 13:01:05.0750 1740 HDAudBus - detected UnsignedFile.Multi.Generic (1) 13:01:05.0812 1740 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:01:05.0984 1740 helpsvc - ok 13:01:05.0984 1740 HidServ - ok 13:01:06.0015 1740 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:01:06.0140 1740 hidusb - ok 13:01:06.0203 1740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 13:01:06.0203 1740 hkmsvc ( UnsignedFile.Multi.Generic ) - warning 13:01:06.0203 1740 hkmsvc - detected UnsignedFile.Multi.Generic (1) 13:01:06.0218 1740 hpn - ok 13:01:06.0359 1740 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 13:01:06.0406 1740 HSFHWBS2 - ok 13:01:06.0484 1740 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 13:01:06.0546 1740 HSF_DP - ok 13:01:06.0609 1740 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 13:01:06.0750 1740 HTTP - ok 13:01:06.0781 1740 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll 13:01:06.0953 1740 HTTPFilter - ok 13:01:06.0953 1740 i2omgmt - ok 13:01:06.0953 1740 i2omp - ok 13:01:07.0015 1740 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys 13:01:07.0171 1740 i8042prt - ok 13:01:07.0250 1740 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys 13:01:07.0343 1740 iastor - ok 13:01:07.0515 1740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:01:07.0593 1740 idsvc - ok 13:01:07.0718 1740 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:01:07.0875 1740 Imapi - ok 13:01:07.0937 1740 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe 13:01:08.0078 1740 ImapiService - ok 13:01:08.0078 1740 InCDFs - ok 13:01:08.0093 1740 InCDPass - ok 13:01:08.0093 1740 InCDRm - ok 13:01:08.0109 1740 ini910u - ok 13:01:08.0109 1740 IntelIde - ok 13:01:08.0171 1740 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:01:08.0312 1740 intelppm - ok 13:01:08.0359 1740 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 13:01:08.0484 1740 Ip6Fw - ok 13:01:08.0562 1740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:01:08.0703 1740 IpFilterDriver - ok 13:01:08.0734 1740 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:01:08.0859 1740 IpInIp - ok 13:01:08.0921 1740 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:01:09.0062 1740 IpNat - ok 13:01:09.0203 1740 iPod Service (e1bd28ca09ee8f30e8edbd6c19f5579d) C:\Program Files\iPod\bin\iPodService.exe 13:01:09.0250 1740 iPod Service - ok 13:01:09.0312 1740 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:01:09.0468 1740 IPSec - ok 13:01:09.0515 1740 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:01:09.0578 1740 IRENUM - ok 13:01:09.0625 1740 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:01:09.0765 1740 isapnp - ok 13:01:09.0828 1740 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:01:09.0968 1740 Kbdclass - ok 13:01:10.0000 1740 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:01:10.0125 1740 kbdhid - ok 13:01:10.0171 1740 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 13:01:10.0312 1740 kmixer - ok 13:01:10.0375 1740 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe 13:01:10.0421 1740 KodakCCS - ok 13:01:10.0500 1740 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 13:01:10.0625 1740 KSecDD - ok 13:01:10.0671 1740 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll 13:01:10.0812 1740 lanmanserver - ok 13:01:10.0875 1740 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll 13:01:11.0015 1740 lanmanworkstation - ok 13:01:11.0031 1740 lbrtfdc - ok 13:01:11.0093 1740 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll 13:01:11.0250 1740 LmHosts - ok 13:01:11.0484 1740 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 13:01:11.0515 1740 MatSvc - ok 13:01:11.0578 1740 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 13:01:11.0593 1740 MBAMProtector - ok 13:01:11.0687 1740 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:01:11.0734 1740 MBAMService - ok 13:01:11.0734 1740 mdf16 - ok 13:01:11.0781 1740 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 13:01:11.0812 1740 mdmxsdk - ok 13:01:11.0843 1740 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll 13:01:12.0015 1740 Messenger - ok 13:01:12.0031 1740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:01:12.0156 1740 mnmdd - ok 13:01:12.0187 1740 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe 13:01:12.0359 1740 mnmsrvc - ok 13:01:12.0390 1740 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 13:01:12.0546 1740 Modem - ok 13:01:12.0593 1740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 13:01:12.0718 1740 MODEMCSA - ok 13:01:12.0750 1740 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:01:12.0890 1740 Mouclass - ok 13:01:12.0921 1740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:01:13.0078 1740 mouhid - ok 13:01:13.0140 1740 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 13:01:13.0265 1740 MountMgr - ok 13:01:13.0375 1740 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 13:01:13.0390 1740 MpFilter - ok 13:01:13.0406 1740 mraid35x - ok 13:01:13.0421 1740 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:01:13.0562 1740 MRxDAV - ok 13:01:13.0609 1740 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:01:13.0781 1740 MRxSmb - ok 13:01:13.0812 1740 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe 13:01:13.0937 1740 MSDTC - ok 13:01:14.0000 1740 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 13:01:14.0156 1740 MSDV - ok 13:01:14.0187 1740 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 13:01:14.0343 1740 Msfs - ok 13:01:14.0343 1740 MSIServer - ok 13:01:14.0375 1740 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:01:14.0531 1740 MSKSSRV - ok 13:01:14.0625 1740 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 13:01:14.0656 1740 MsMpSvc - ok 13:01:14.0687 1740 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:01:14.0796 1740 MSPCLOCK - ok 13:01:14.0812 1740 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 13:01:14.0953 1740 MSPQM - ok 13:01:14.0984 1740 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:01:15.0140 1740 mssmbios - ok 13:01:15.0187 1740 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 13:01:15.0343 1740 MSTEE - ok 13:01:15.0406 1740 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 13:01:15.0562 1740 Mup - ok 13:01:15.0562 1740 mvd22 - ok 13:01:15.0609 1740 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:01:15.0750 1740 NABTSFEC - ok 13:01:15.0812 1740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 13:01:15.0828 1740 napagent ( UnsignedFile.Multi.Generic ) - warning 13:01:15.0828 1740 napagent - detected UnsignedFile.Multi.Generic (1) 13:01:15.0906 1740 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 13:01:16.0062 1740 NDIS - ok 13:01:16.0093 1740 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:01:16.0234 1740 NdisIP - ok 13:01:16.0265 1740 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:01:16.0406 1740 NdisTapi - ok 13:01:16.0453 1740 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:01:16.0593 1740 Ndisuio - ok 13:01:16.0625 1740 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:01:16.0781 1740 NdisWan - ok 13:01:16.0812 1740 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 13:01:16.0968 1740 NDProxy - ok 13:01:17.0015 1740 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:01:17.0156 1740 NetBIOS - ok 13:01:17.0218 1740 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:01:17.0343 1740 NetBT - ok 13:01:17.0421 1740 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:01:17.0593 1740 NetDDE - ok 13:01:17.0609 1740 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 13:01:17.0718 1740 NetDDEdsdm - ok 13:01:17.0765 1740 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:01:17.0921 1740 Netlogon - ok 13:01:17.0984 1740 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll 13:01:18.0140 1740 Netman - ok 13:01:18.0343 1740 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:01:18.0390 1740 NetTcpPortSharing - ok 13:01:18.0437 1740 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 13:01:18.0562 1740 NIC1394 - ok 13:01:18.0625 1740 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll 13:01:18.0750 1740 Nla - ok 13:01:18.0796 1740 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 13:01:18.0968 1740 Npfs - ok 13:01:19.0046 1740 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 13:01:19.0203 1740 Ntfs - ok 13:01:19.0234 1740 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:01:19.0359 1740 NtLmSsp - ok 13:01:19.0453 1740 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll 13:01:19.0640 1740 NtmsSvc - ok 13:01:19.0687 1740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:01:19.0828 1740 Null - ok 13:01:19.0859 1740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:01:19.0984 1740 NwlnkFlt - ok 13:01:20.0015 1740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:01:20.0140 1740 NwlnkFwd - ok 13:01:20.0187 1740 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 13:01:20.0328 1740 ohci1394 - ok 13:01:20.0437 1740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:01:20.0453 1740 ose - ok 13:01:20.0515 1740 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 13:01:20.0671 1740 Parport - ok 13:01:20.0687 1740 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 13:01:20.0828 1740 PartMgr - ok 13:01:20.0859 1740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:01:21.0015 1740 ParVdm - ok 13:01:21.0046 1740 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 13:01:21.0203 1740 PCI - ok 13:01:21.0203 1740 PCIDump - ok 13:01:21.0234 1740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:01:21.0359 1740 PCIIde - ok 13:01:21.0437 1740 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:01:21.0593 1740 Pcmcia - ok 13:01:21.0671 1740 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 13:01:21.0687 1740 Pcouffin ( UnsignedFile.Multi.Generic ) - warning 13:01:21.0687 1740 Pcouffin - detected UnsignedFile.Multi.Generic (1) 13:01:21.0765 1740 PCPitstop Scheduling (4cac3af00e29ce00ea32282e0dd55799) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 13:01:21.0765 1740 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning 13:01:21.0765 1740 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1) 13:01:21.0781 1740 PDCOMP - ok 13:01:21.0781 1740 PDFRAME - ok 13:01:21.0781 1740 PDRELI - ok 13:01:21.0796 1740 PDRFRAME - ok 13:01:21.0796 1740 perc2 - ok 13:01:21.0812 1740 perc2hib - ok 13:01:21.0890 1740 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 13:01:22.0015 1740 PlugPlay - ok 13:01:22.0015 1740 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:01:22.0140 1740 PolicyAgent - ok 13:01:22.0187 1740 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:01:22.0328 1740 PptpMiniport - ok 13:01:22.0343 1740 PQIMount (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys 13:01:22.0406 1740 PQIMount ( UnsignedFile.Multi.Generic ) - warning 13:01:22.0406 1740 PQIMount - detected UnsignedFile.Multi.Generic (1) 13:01:22.0468 1740 PQV2i (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys 13:01:22.0484 1740 PQV2i ( UnsignedFile.Multi.Generic ) - warning 13:01:22.0484 1740 PQV2i - detected UnsignedFile.Multi.Generic (1) 13:01:22.0500 1740 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:01:22.0609 1740 ProtectedStorage - ok 13:01:22.0656 1740 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 13:01:22.0812 1740 PSched - ok 13:01:22.0859 1740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:01:23.0000 1740 Ptilink - ok 13:01:23.0031 1740 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:01:23.0078 1740 PxHelp20 - ok 13:01:23.0078 1740 ql1080 - ok 13:01:23.0093 1740 Ql10wnt - ok 13:01:23.0093 1740 ql12160 - ok 13:01:23.0093 1740 ql1240 - ok 13:01:23.0109 1740 ql1280 - ok 13:01:23.0140 1740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:01:23.0296 1740 RasAcd - ok 13:01:23.0390 1740 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll 13:01:23.0515 1740 RasAuto - ok 13:01:23.0562 1740 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:01:23.0687 1740 Rasl2tp - ok 13:01:23.0750 1740 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll 13:01:23.0953 1740 RasMan - ok 13:01:23.0968 1740 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:01:24.0109 1740 RasPppoe - ok 13:01:24.0125 1740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:01:24.0281 1740 Raspti - ok 13:01:24.0406 1740 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:01:24.0546 1740 Rdbss - ok 13:01:24.0578 1740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:01:24.0703 1740 RDPCDD - ok 13:01:24.0750 1740 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 13:01:24.0906 1740 RDPWD - ok 13:01:24.0984 1740 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe 13:01:25.0171 1740 RDSessMgr - ok 13:01:25.0218 1740 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:01:25.0375 1740 redbook - ok 13:01:25.0406 1740 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll 13:01:25.0546 1740 RemoteAccess - ok 13:01:25.0671 1740 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe 13:01:25.0843 1740 RpcLocator - ok 13:01:25.0921 1740 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll 13:01:26.0046 1740 RpcSs - ok 13:01:26.0093 1740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 13:01:26.0250 1740 RSVP - ok 13:01:26.0359 1740 SABProcEnum - ok 13:01:26.0390 1740 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 13:01:26.0515 1740 SamSs - ok 13:01:26.0578 1740 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 13:01:26.0718 1740 sbp2port - ok 13:01:26.0781 1740 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe 13:01:26.0937 1740 SCardSvr - ok 13:01:26.0968 1740 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll 13:01:27.0109 1740 Schedule - ok 13:01:27.0140 1740 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:01:27.0234 1740 Secdrv - ok 13:01:27.0296 1740 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll 13:01:27.0484 1740 seclogon - ok 13:01:27.0515 1740 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll 13:01:27.0656 1740 SENS - ok 13:01:27.0718 1740 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 13:01:27.0843 1740 Serial - ok 13:01:27.0921 1740 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 13:01:28.0062 1740 Sfloppy - ok 13:01:28.0140 1740 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll 13:01:28.0328 1740 SharedAccess - ok 13:01:28.0375 1740 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:01:28.0484 1740 ShellHWDetection - ok 13:01:28.0484 1740 Simbad - ok 13:01:28.0531 1740 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:01:28.0703 1740 SLIP - ok 13:01:28.0718 1740 Sparrow - ok 13:01:28.0781 1740 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 13:01:28.0890 1740 splitter - ok 13:01:28.0953 1740 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe 13:01:29.0078 1740 Spooler - ok 13:01:29.0140 1740 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 13:01:29.0203 1740 sr - ok 13:01:29.0328 1740 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll 13:01:29.0390 1740 srservice - ok 13:01:29.0437 1740 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 13:01:29.0656 1740 Srv - ok 13:01:29.0687 1740 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll 13:01:29.0781 1740 SSDPSRV - ok 13:01:29.0828 1740 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 13:01:29.0859 1740 ssmdrv - ok 13:01:29.0953 1740 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys 13:01:30.0062 1740 STHDA - ok 13:01:30.0093 1740 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll 13:01:30.0328 1740 stisvc - ok 13:01:30.0406 1740 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:01:30.0531 1740 streamip - ok 13:01:30.0578 1740 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:01:30.0687 1740 swenum - ok 13:01:30.0734 1740 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 13:01:30.0859 1740 swmidi - ok 13:01:30.0875 1740 SwPrv - ok 13:01:30.0875 1740 symc810 - ok 13:01:30.0890 1740 symc8xx - ok 13:01:30.0890 1740 sym_hi - ok 13:01:30.0906 1740 sym_u3 - ok 13:01:30.0968 1740 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 13:01:31.0109 1740 sysaudio - ok 13:01:31.0187 1740 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe 13:01:31.0359 1740 SysmonLog - ok 13:01:31.0406 1740 SZASSIST - ok 13:01:31.0468 1740 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll 13:01:31.0625 1740 TapiSrv - ok 13:01:31.0703 1740 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:01:31.0906 1740 Tcpip - ok 13:01:31.0953 1740 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:01:32.0078 1740 TDPIPE - ok 13:01:32.0093 1740 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 13:01:32.0218 1740 TDTCP - ok 13:01:32.0250 1740 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:01:32.0453 1740 TermDD - ok 13:01:32.0546 1740 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll 13:01:32.0750 1740 TermService - ok 13:01:32.0812 1740 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 13:01:32.0937 1740 Themes - ok 13:01:32.0937 1740 TosIde - ok 13:01:33.0000 1740 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll 13:01:33.0140 1740 TrkWks - ok 13:01:33.0156 1740 TSP - ok 13:01:33.0203 1740 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 13:01:33.0328 1740 Udfs - ok 13:01:33.0343 1740 ultra - ok 13:01:33.0359 1740 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 13:01:33.0453 1740 UMWdf - ok 13:01:33.0500 1740 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 13:01:33.0640 1740 Update - ok 13:01:33.0703 1740 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll 13:01:33.0765 1740 upnphost - ok 13:01:33.0796 1740 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe 13:01:33.0937 1740 UPS - ok 13:01:33.0984 1740 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:01:34.0125 1740 usbehci - ok 13:01:34.0203 1740 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:01:34.0343 1740 usbhub - ok 13:01:34.0390 1740 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:01:34.0515 1740 usbprint - ok 13:01:34.0562 1740 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 13:01:34.0687 1740 usbser - ok 13:01:34.0703 1740 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:01:34.0859 1740 USBSTOR - ok 13:01:34.0921 1740 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:01:35.0062 1740 usbuhci - ok 13:01:35.0218 1740 V2i Protector (d04b0e50847104007979a57fc3115899) C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe 13:01:35.0265 1740 V2i Protector ( UnsignedFile.Multi.Generic ) - warning 13:01:35.0265 1740 V2i Protector - detected UnsignedFile.Multi.Generic (1) 13:01:35.0281 1740 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 13:01:35.0453 1740 VgaSave - ok 13:01:35.0453 1740 ViaIde - ok 13:01:35.0515 1740 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 13:01:35.0656 1740 VolSnap - ok 13:01:35.0703 1740 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe 13:01:35.0796 1740 VSS - ok 13:01:35.0875 1740 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll 13:01:36.0015 1740 W32Time - ok 13:01:36.0046 1740 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:01:36.0187 1740 Wanarp - ok 13:01:36.0203 1740 WDICA - ok 13:01:36.0250 1740 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 13:01:36.0421 1740 wdmaud - ok 13:01:36.0484 1740 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll 13:01:36.0625 1740 WebClient - ok 13:01:36.0703 1740 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 13:01:36.0750 1740 winachsf - ok 13:01:36.0859 1740 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 13:01:36.0890 1740 WinDefend - ok 13:01:37.0015 1740 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll 13:01:37.0140 1740 winmgmt - ok 13:01:37.0203 1740 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll 13:01:37.0281 1740 WmdmPmSN - ok 13:01:37.0359 1740 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:01:37.0531 1740 WmiApSrv - ok 13:01:37.0671 1740 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 13:01:37.0718 1740 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning 13:01:37.0718 1740 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1) 13:01:38.0046 1740 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:01:38.0171 1740 WPFFontCache_v0400 - ok 13:01:38.0281 1740 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:01:38.0531 1740 WS2IFSL - ok 13:01:38.0578 1740 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll 13:01:38.0734 1740 wscsvc - ok 13:01:38.0796 1740 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:01:38.0984 1740 WSTCODEC - ok 13:01:39.0046 1740 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll 13:01:39.0171 1740 wuauserv - ok 13:01:39.0234 1740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:01:39.0281 1740 WudfPf - ok 13:01:39.0328 1740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:01:39.0359 1740 WudfRd - ok 13:01:39.0375 1740 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 13:01:39.0406 1740 WudfSvc - ok 13:01:39.0468 1740 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll 13:01:39.0609 1740 WZCSVC - ok 13:01:39.0656 1740 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll 13:01:39.0812 1740 xmlprov - ok 13:01:39.0843 1740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:01:39.0890 1740 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected 13:01:39.0890 1740 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0) 13:01:39.0921 1740 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 13:01:39.0921 1740 \Device\Harddisk0\DR0 - detected TDSS File System (1) 13:01:39.0937 1740 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR4 13:01:40.0671 1740 \Device\Harddisk1\DR4 - ok 13:01:45.0968 1740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5 13:01:46.0140 1740 \Device\Harddisk2\DR5 - ok 13:01:46.0140 1740 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6 13:01:46.0250 1740 \Device\Harddisk3\DR6 - ok 13:01:46.0265 1740 Boot (0x1200) (71c4bb88d4b9ba0e773a1394259bc686) \Device\Harddisk0\DR0\Partition0 13:01:46.0265 1740 \Device\Harddisk0\DR0\Partition0 - ok 13:01:46.0265 1740 Boot (0x1200) (616d66cf61f4286b05a33ea30e5aa394) \Device\Harddisk1\DR4\Partition0 13:01:46.0265 1740 \Device\Harddisk1\DR4\Partition0 - ok 13:01:46.0312 1740 Boot (0x1200) (2ea8b72ace107f6eb0e1bcc4e90e0dcc) \Device\Harddisk2\DR5\Partition0 13:01:46.0312 1740 \Device\Harddisk2\DR5\Partition0 - ok 13:01:46.0312 1740 Boot (0x1200) (49431ef498ee255f973d0137b9351021) \Device\Harddisk3\DR6\Partition0 13:01:46.0312 1740 \Device\Harddisk3\DR6\Partition0 - ok 13:01:46.0312 1740 ============================================================ 13:01:46.0312 1740 Scan finished 13:01:46.0312 1740 ============================================================ 13:01:46.0453 1916 Detected object count: 18 13:01:46.0453 1916 Actual detected object count: 18 13:02:41.0171 1916 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0171 1916 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0171 1916 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0171 1916 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0171 1916 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0171 1916 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0171 1916 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0171 1916 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0171 1916 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0171 1916 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 napagent ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0187 1916 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0187 1916 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0203 1916 PQIMount ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0203 1916 PQIMount ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0203 1916 PQV2i ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0203 1916 PQV2i ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0203 1916 V2i Protector ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0203 1916 V2i Protector ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0203 1916 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:02:41.0203 1916 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:02:41.0937 1916 \Device\Harddisk0\DR0\# - copied to quarantine 13:02:41.0937 1916 \Device\Harddisk0\DR0 - copied to quarantine 13:02:42.0000 1916 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine 13:02:42.0000 1916 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine 13:02:42.0000 1916 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine 13:02:42.0015 1916 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine 13:02:42.0015 1916 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine 13:02:42.0015 1916 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine 13:02:42.0015 1916 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine 13:02:42.0109 1916 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine 13:02:42.0171 1916 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine 13:02:42.0187 1916 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 13:02:42.0265 1916 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 13:02:42.0281 1916 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 13:02:42.0281 1916 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 13:02:42.0281 1916 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine 13:02:42.0281 1916 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine 13:02:42.0296 1916 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine 13:02:42.0296 1916 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine 13:02:42.0312 1916 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine 13:02:42.0343 1916 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine 13:02:42.0937 1916 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine 13:02:42.0953 1916 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine 13:02:42.0953 1916 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine 13:02:43.0000 1916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot 13:02:43.0015 1916 \Device\Harddisk0\DR0 - ok 13:02:43.0015 1916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 13:02:43.0015 1916 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 13:02:43.0015 1916 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 13:02:56.0312 4056 Deinitialize success
  9. colin0100
    bed time...0100 here..good night. Looking good maniac!!
  10. colin0100
    23:05:49.0703 3844 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 23:05:50.0687 3844 ============================================================ 23:05:50.0687 3844 Current date / time: 2012/07/03 23:05:50.0687 23:05:50.0687 3844 SystemInfo: 23:05:50.0687 3844 23:05:50.0687 3844 OS Version: 5.1.2600 ServicePack: 2.0 23:05:50.0687 3844 Product type: Workstation 23:05:50.0687 3844 ComputerName: NEW-TOY 23:05:50.0687 3844 UserName: COLIN 23:05:50.0687 3844 Windows directory: C:\WINDOWS 23:05:50.0687 3844 System windows directory: C:\WINDOWS 23:05:50.0687 3844 Processor architecture: Intel x86 23:05:50.0687 3844 Number of processors: 2 23:05:50.0687 3844 Page size: 0x1000 23:05:50.0687 3844 Boot type: Normal boot 23:05:50.0687 3844 ============================================================ 23:05:51.0140 3844 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:05:51.0140 3844 Drive \Device\Harddisk1\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:05:55.0593 3844 Drive \Device\Harddisk2\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:06:00.0828 3844 Drive \Device\Harddisk3\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:06:00.0828 3844 ============================================================ 23:06:00.0828 3844 \Device\Harddisk0\DR0: 23:06:00.0843 3844 MBR partitions: 23:06:00.0843 3844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1D189832 23:06:00.0843 3844 \Device\Harddisk1\DR4: 23:06:00.0843 3844 MBR partitions: 23:06:00.0843 3844 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705981 23:06:00.0843 3844 \Device\Harddisk2\DR5: 23:06:00.0843 3844 MBR partitions: 23:06:00.0843 3844 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000 23:06:00.0843 3844 \Device\Harddisk3\DR6: 23:06:00.0843 3844 MBR partitions: 23:06:00.0843 3844 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2 23:06:00.0843 3844 ============================================================ 23:06:00.0921 3844 C: <-> \Device\Harddisk0\DR0\Partition0 23:06:01.0031 3844 G: <-> \Device\Harddisk1\DR4\Partition0 23:06:01.0156 3844 H: <-> \Device\Harddisk2\DR5\Partition0 23:06:01.0156 3844 ============================================================ 23:06:01.0156 3844 Initialize success 23:06:01.0156 3844 ============================================================ 23:06:34.0625 2304 ============================================================ 23:06:34.0625 2304 Scan started 23:06:34.0625 2304 Mode: Manual; SigCheck; TDLFS; 23:06:34.0625 2304 ============================================================ 23:06:40.0921 2304 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 23:06:41.0750 2304 61883 - ok 23:06:41.0750 2304 Abiosdsk - ok 23:06:41.0750 2304 abp480n5 - ok 23:06:41.0859 2304 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:06:42.0000 2304 ACPI - ok 23:06:42.0031 2304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:06:42.0156 2304 ACPIEC - ok 23:06:42.0250 2304 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 23:06:42.0281 2304 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 23:06:42.0281 2304 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 23:06:42.0281 2304 adpu160m - ok 23:06:42.0343 2304 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 23:06:42.0484 2304 aec - ok 23:06:42.0546 2304 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 23:06:42.0703 2304 AFD - ok 23:06:42.0703 2304 Aha154x - ok 23:06:42.0703 2304 aic78u2 - ok 23:06:42.0718 2304 aic78xx - ok 23:06:42.0750 2304 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll 23:06:42.0906 2304 Alerter - ok 23:06:42.0937 2304 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe 23:06:43.0000 2304 ALG - ok 23:06:43.0000 2304 AliIde - ok 23:06:43.0000 2304 amsint - ok 23:06:43.0109 2304 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 23:06:43.0140 2304 AntiVirSchedulerService - ok 23:06:43.0203 2304 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 23:06:43.0218 2304 AntiVirService - ok 23:06:43.0281 2304 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 23:06:43.0328 2304 AntiVirWebService - ok 23:06:43.0359 2304 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 23:06:43.0406 2304 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning 23:06:43.0406 2304 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1) 23:06:43.0406 2304 AppMgmt - ok 23:06:43.0468 2304 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 23:06:43.0593 2304 Arp1394 - ok 23:06:43.0593 2304 asc - ok 23:06:43.0609 2304 asc3350p - ok 23:06:43.0609 2304 asc3550 - ok 23:06:43.0734 2304 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 23:06:43.0781 2304 aspnet_state - ok 23:06:43.0796 2304 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:06:43.0968 2304 AsyncMac - ok 23:06:44.0000 2304 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:06:44.0140 2304 atapi - ok 23:06:44.0140 2304 Atdisk - ok 23:06:44.0203 2304 Ati HotKey Poller (1444104df30f365a5094e14ec5433b8e) C:\WINDOWS\system32\Ati2evxx.exe 23:06:44.0265 2304 Ati HotKey Poller - ok 23:06:44.0312 2304 ATI Smart (d3cd82df053f076c63a2d6f24aad2e22) C:\WINDOWS\system32\ati2sgag.exe 23:06:44.0343 2304 ATI Smart ( UnsignedFile.Multi.Generic ) - warning 23:06:44.0343 2304 ATI Smart - detected UnsignedFile.Multi.Generic (1) 23:06:44.0437 2304 ati2mtag (1fa523c5e4ad953f896ea50c33475bea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 23:06:44.0515 2304 ati2mtag - ok 23:06:44.0640 2304 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:06:44.0796 2304 Atmarpc - ok 23:06:44.0859 2304 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll 23:06:45.0015 2304 AudioSrv - ok 23:06:45.0031 2304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:06:45.0187 2304 audstub - ok 23:06:45.0218 2304 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 23:06:45.0359 2304 Avc - ok 23:06:45.0390 2304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 23:06:45.0500 2304 avgntflt - ok 23:06:45.0546 2304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 23:06:45.0578 2304 avipbb - ok 23:06:45.0640 2304 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 23:06:45.0656 2304 avkmgr - ok 23:06:45.0703 2304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:06:45.0875 2304 Beep - ok 23:06:45.0937 2304 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll 23:06:46.0140 2304 BITS - ok 23:06:46.0187 2304 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll 23:06:46.0312 2304 Browser - ok 23:06:46.0453 2304 catchme - ok 23:06:46.0500 2304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:06:46.0625 2304 cbidf2k - ok 23:06:46.0671 2304 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:06:46.0828 2304 CCDECODE - ok 23:06:46.0828 2304 cd20xrnt - ok 23:06:46.0890 2304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:06:47.0031 2304 Cdaudio - ok 23:06:47.0078 2304 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 23:06:47.0203 2304 Cdfs - ok 23:06:47.0234 2304 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:06:47.0375 2304 Cdrom - ok 23:06:47.0421 2304 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 23:06:47.0437 2304 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 23:06:47.0437 2304 cercsr6 - detected UnsignedFile.Multi.Generic (1) 23:06:47.0437 2304 Changer - ok 23:06:47.0484 2304 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe 23:06:47.0609 2304 CiSvc - ok 23:06:47.0656 2304 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe 23:06:47.0796 2304 ClipSrv - ok 23:06:48.0031 2304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:06:48.0062 2304 clr_optimization_v2.0.50727_32 - ok 23:06:48.0125 2304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:06:48.0156 2304 clr_optimization_v4.0.30319_32 - ok 23:06:48.0156 2304 CmdIde - ok 23:06:48.0156 2304 COMSysApp - ok 23:06:48.0171 2304 Cpqarray - ok 23:06:48.0203 2304 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll 23:06:48.0375 2304 CryptSvc - ok 23:06:48.0375 2304 dac2w2k - ok 23:06:48.0390 2304 dac960nt - ok 23:06:48.0453 2304 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys 23:06:48.0500 2304 DcCam - ok 23:06:48.0531 2304 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys 23:06:48.0546 2304 DcFpoint - ok 23:06:48.0578 2304 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys 23:06:48.0625 2304 DCFS2K - ok 23:06:48.0656 2304 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys 23:06:48.0671 2304 DcLps - ok 23:06:48.0718 2304 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll 23:06:48.0875 2304 DcomLaunch - ok 23:06:48.0875 2304 DcPTP (4afaea300a82f0470dc8b8abd619aba8) C:\WINDOWS\system32\DRIVERS\DcPTP.sys 23:06:48.0906 2304 DcPTP - ok 23:06:48.0937 2304 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll 23:06:49.0078 2304 Dhcp - ok 23:06:49.0125 2304 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 23:06:49.0250 2304 Disk - ok 23:06:49.0265 2304 dmadmin - ok 23:06:49.0343 2304 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 23:06:49.0515 2304 dmboot - ok 23:06:49.0531 2304 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 23:06:49.0703 2304 dmio - ok 23:06:49.0734 2304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:06:49.0875 2304 dmload - ok 23:06:49.0921 2304 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll 23:06:50.0062 2304 dmserver - ok 23:06:50.0109 2304 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 23:06:50.0265 2304 DMusic - ok 23:06:50.0328 2304 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll 23:06:50.0453 2304 Dnscache - ok 23:06:50.0515 2304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 23:06:50.0515 2304 Dot3svc ( UnsignedFile.Multi.Generic ) - warning 23:06:50.0515 2304 Dot3svc - detected UnsignedFile.Multi.Generic (1) 23:06:50.0515 2304 dpti2o - ok 23:06:50.0562 2304 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 23:06:50.0687 2304 drmkaud - ok 23:06:50.0750 2304 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 23:06:50.0812 2304 e1express - ok 23:06:50.0843 2304 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 23:06:50.0875 2304 EapHost ( UnsignedFile.Multi.Generic ) - warning 23:06:50.0875 2304 EapHost - detected UnsignedFile.Multi.Generic (1) 23:06:50.0953 2304 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll 23:06:51.0140 2304 ERSvc - ok 23:06:51.0203 2304 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 23:06:51.0359 2304 Eventlog - ok 23:06:51.0390 2304 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll 23:06:51.0515 2304 EventSystem - ok 23:06:51.0578 2304 Exportit (7ae55f93da22f0732993bce6093105dd) C:\WINDOWS\system32\DRIVERS\exportit.sys 23:06:51.0625 2304 Exportit - ok 23:06:51.0687 2304 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 23:06:51.0828 2304 Fastfat - ok 23:06:51.0890 2304 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 23:06:52.0031 2304 FastUserSwitchingCompatibility - ok 23:06:52.0078 2304 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 23:06:52.0203 2304 Fdc - ok 23:06:52.0250 2304 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 23:06:52.0375 2304 Fips - ok 23:06:52.0406 2304 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 23:06:52.0531 2304 Flpydisk - ok 23:06:52.0578 2304 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 23:06:52.0718 2304 FltMgr - ok 23:06:52.0843 2304 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 23:06:52.0859 2304 FontCache3.0.0.0 - ok 23:06:52.0890 2304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:06:53.0031 2304 Fs_Rec - ok 23:06:53.0031 2304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:06:53.0156 2304 Ftdisk - ok 23:06:53.0203 2304 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys 23:06:53.0218 2304 GearAspiWDM - ok 23:06:53.0281 2304 GEARSecurity (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe 23:06:53.0281 2304 GEARSecurity ( UnsignedFile.Multi.Generic ) - warning 23:06:53.0281 2304 GEARSecurity - detected UnsignedFile.Multi.Generic (1) 23:06:53.0343 2304 glauiad (8243722ac9c74645d745471428ae4d8a) C:\WINDOWS\system32\DRIVERS\glauiad.sys 23:06:53.0390 2304 glauiad - ok 23:06:53.0390 2304 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:06:53.0531 2304 Gpc - ok 23:06:53.0671 2304 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 23:06:53.0687 2304 gupdate - ok 23:06:53.0687 2304 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 23:06:53.0718 2304 gupdatem - ok 23:06:53.0781 2304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 23:06:53.0812 2304 gusvc - ok 23:06:53.0828 2304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 23:06:53.0859 2304 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 23:06:53.0859 2304 HDAudBus - detected UnsignedFile.Multi.Generic (1) 23:06:53.0937 2304 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 23:06:54.0140 2304 helpsvc - ok 23:06:54.0140 2304 HidServ - ok 23:06:54.0203 2304 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:06:54.0328 2304 hidusb - ok 23:06:54.0390 2304 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 23:06:54.0406 2304 hkmsvc ( UnsignedFile.Multi.Generic ) - warning 23:06:54.0406 2304 hkmsvc - detected UnsignedFile.Multi.Generic (1) 23:06:54.0406 2304 hpn - ok 23:06:54.0484 2304 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 23:06:54.0531 2304 HSFHWBS2 - ok 23:06:54.0593 2304 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 23:06:54.0656 2304 HSF_DP - ok 23:06:54.0718 2304 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 23:06:54.0859 2304 HTTP - ok 23:06:54.0890 2304 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll 23:06:55.0046 2304 HTTPFilter - ok 23:06:55.0046 2304 i2omgmt - ok 23:06:55.0062 2304 i2omp - ok 23:06:55.0109 2304 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys 23:06:55.0250 2304 i8042prt - ok 23:06:55.0343 2304 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys 23:06:55.0421 2304 iastor - ok 23:06:55.0593 2304 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:06:55.0656 2304 idsvc - ok 23:06:55.0781 2304 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:06:55.0921 2304 Imapi - ok 23:06:56.0031 2304 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe 23:06:56.0171 2304 ImapiService - ok 23:06:56.0171 2304 InCDFs - ok 23:06:56.0187 2304 InCDPass - ok 23:06:56.0187 2304 InCDRm - ok 23:06:56.0187 2304 ini910u - ok 23:06:56.0203 2304 IntelIde - ok 23:06:56.0265 2304 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 23:06:56.0390 2304 intelppm - ok 23:06:56.0437 2304 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 23:06:56.0578 2304 Ip6Fw - ok 23:06:56.0640 2304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:06:56.0781 2304 IpFilterDriver - ok 23:06:56.0812 2304 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:06:56.0937 2304 IpInIp - ok 23:06:57.0046 2304 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:06:57.0171 2304 IpNat - ok 23:06:57.0281 2304 iPod Service (e1bd28ca09ee8f30e8edbd6c19f5579d) C:\Program Files\iPod\bin\iPodService.exe 23:06:57.0328 2304 iPod Service - ok 23:06:57.0390 2304 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:06:57.0546 2304 IPSec - ok 23:06:57.0593 2304 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:06:57.0656 2304 IRENUM - ok 23:06:57.0687 2304 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:06:57.0843 2304 isapnp - ok 23:06:57.0906 2304 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:06:58.0031 2304 Kbdclass - ok 23:06:58.0046 2304 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 23:06:58.0171 2304 kbdhid - ok 23:06:58.0218 2304 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 23:06:58.0343 2304 kmixer - ok 23:06:58.0406 2304 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe 23:06:58.0468 2304 KodakCCS - ok 23:06:58.0531 2304 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 23:06:58.0671 2304 KSecDD - ok 23:06:58.0734 2304 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll 23:06:58.0859 2304 lanmanserver - ok 23:06:58.0921 2304 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll 23:06:59.0046 2304 lanmanworkstation - ok 23:06:59.0046 2304 lbrtfdc - ok 23:06:59.0109 2304 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll 23:06:59.0234 2304 LmHosts - ok 23:06:59.0421 2304 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 23:06:59.0468 2304 MatSvc - ok 23:06:59.0515 2304 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 23:06:59.0531 2304 MBAMProtector - ok 23:06:59.0609 2304 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 23:06:59.0656 2304 MBAMService - ok 23:06:59.0718 2304 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 23:06:59.0734 2304 MBAMSwissArmy - ok 23:06:59.0734 2304 mdf16 - ok 23:06:59.0750 2304 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 23:06:59.0796 2304 mdmxsdk - ok 23:06:59.0843 2304 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll 23:06:59.0984 2304 Messenger - ok 23:07:00.0031 2304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:07:00.0171 2304 mnmdd - ok 23:07:00.0203 2304 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe 23:07:00.0328 2304 mnmsrvc - ok 23:07:00.0359 2304 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 23:07:00.0515 2304 Modem - ok 23:07:00.0562 2304 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 23:07:00.0671 2304 MODEMCSA - ok 23:07:00.0718 2304 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:07:00.0843 2304 Mouclass - ok 23:07:00.0875 2304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:07:01.0015 2304 mouhid - ok 23:07:01.0062 2304 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 23:07:01.0187 2304 MountMgr - ok 23:07:01.0234 2304 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 23:07:01.0265 2304 MpFilter - ok 23:07:01.0265 2304 mraid35x - ok 23:07:01.0281 2304 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:07:01.0421 2304 MRxDAV - ok 23:07:01.0468 2304 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:07:01.0625 2304 MRxSmb - ok 23:07:01.0671 2304 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe 23:07:01.0812 2304 MSDTC - ok 23:07:01.0859 2304 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 23:07:02.0000 2304 MSDV - ok 23:07:02.0015 2304 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 23:07:02.0140 2304 Msfs - ok 23:07:02.0156 2304 MSIServer - ok 23:07:02.0187 2304 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:07:02.0328 2304 MSKSSRV - ok 23:07:02.0406 2304 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 23:07:02.0421 2304 MsMpSvc - ok 23:07:02.0453 2304 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:07:02.0578 2304 MSPCLOCK - ok 23:07:02.0593 2304 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 23:07:02.0718 2304 MSPQM - ok 23:07:02.0765 2304 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:07:02.0906 2304 mssmbios - ok 23:07:02.0984 2304 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 23:07:03.0125 2304 MSTEE - ok 23:07:03.0187 2304 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 23:07:03.0328 2304 Mup - ok 23:07:03.0343 2304 mvd22 - ok 23:07:03.0390 2304 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:07:03.0515 2304 NABTSFEC - ok 23:07:03.0578 2304 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 23:07:03.0609 2304 napagent ( UnsignedFile.Multi.Generic ) - warning 23:07:03.0609 2304 napagent - detected UnsignedFile.Multi.Generic (1) 23:07:03.0671 2304 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 23:07:03.0812 2304 NDIS - ok 23:07:03.0859 2304 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:07:03.0984 2304 NdisIP - ok 23:07:04.0031 2304 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:07:04.0140 2304 NdisTapi - ok 23:07:04.0203 2304 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:07:04.0328 2304 Ndisuio - ok 23:07:04.0359 2304 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:07:04.0515 2304 NdisWan - ok 23:07:04.0546 2304 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 23:07:04.0703 2304 NDProxy - ok 23:07:04.0750 2304 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:07:04.0890 2304 NetBIOS - ok 23:07:04.0953 2304 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:07:05.0078 2304 NetBT - ok 23:07:05.0156 2304 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 23:07:05.0265 2304 NetDDE - ok 23:07:05.0281 2304 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 23:07:05.0390 2304 NetDDEdsdm - ok 23:07:05.0437 2304 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 23:07:05.0578 2304 Netlogon - ok 23:07:05.0640 2304 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll 23:07:05.0796 2304 Netman - ok 23:07:05.0953 2304 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 23:07:06.0015 2304 NetTcpPortSharing - ok 23:07:06.0062 2304 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 23:07:06.0187 2304 NIC1394 - ok 23:07:06.0250 2304 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll 23:07:06.0390 2304 Nla - ok 23:07:06.0437 2304 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 23:07:06.0578 2304 Npfs - ok 23:07:06.0656 2304 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 23:07:06.0812 2304 Ntfs - ok 23:07:06.0859 2304 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 23:07:06.0984 2304 NtLmSsp - ok 23:07:07.0078 2304 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll 23:07:07.0312 2304 NtmsSvc - ok 23:07:07.0359 2304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:07:07.0500 2304 Null - ok 23:07:07.0531 2304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:07:07.0671 2304 NwlnkFlt - ok 23:07:07.0687 2304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:07:07.0828 2304 NwlnkFwd - ok 23:07:07.0859 2304 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 23:07:08.0015 2304 ohci1394 - ok 23:07:08.0125 2304 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:07:08.0140 2304 ose - ok 23:07:08.0203 2304 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 23:07:08.0343 2304 Parport - ok 23:07:08.0375 2304 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 23:07:08.0484 2304 PartMgr - ok 23:07:08.0500 2304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 23:07:08.0625 2304 ParVdm - ok 23:07:08.0671 2304 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 23:07:08.0828 2304 PCI - ok 23:07:08.0843 2304 PCIDump - ok 23:07:08.0843 2304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 23:07:08.0968 2304 PCIIde - ok 23:07:09.0046 2304 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 23:07:09.0171 2304 Pcmcia - ok 23:07:09.0234 2304 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 23:07:09.0234 2304 Pcouffin ( UnsignedFile.Multi.Generic ) - warning 23:07:09.0234 2304 Pcouffin - detected UnsignedFile.Multi.Generic (1) 23:07:09.0343 2304 PCPitstop Scheduling (4cac3af00e29ce00ea32282e0dd55799) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 23:07:09.0359 2304 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning 23:07:09.0359 2304 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1) 23:07:09.0359 2304 PDCOMP - ok 23:07:09.0375 2304 PDFRAME - ok 23:07:09.0375 2304 PDRELI - ok 23:07:09.0390 2304 PDRFRAME - ok 23:07:09.0390 2304 perc2 - ok 23:07:09.0390 2304 perc2hib - ok 23:07:09.0468 2304 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe 23:07:09.0593 2304 PlugPlay - ok 23:07:09.0593 2304 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 23:07:09.0734 2304 PolicyAgent - ok 23:07:09.0781 2304 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:07:09.0921 2304 PptpMiniport - ok 23:07:09.0984 2304 PQIMount (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys 23:07:10.0015 2304 PQIMount ( UnsignedFile.Multi.Generic ) - warning 23:07:10.0015 2304 PQIMount - detected UnsignedFile.Multi.Generic (1) 23:07:10.0078 2304 PQV2i (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys 23:07:10.0093 2304 PQV2i ( UnsignedFile.Multi.Generic ) - warning 23:07:10.0093 2304 PQV2i - detected UnsignedFile.Multi.Generic (1) 23:07:10.0093 2304 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 23:07:10.0218 2304 ProtectedStorage - ok 23:07:10.0250 2304 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 23:07:10.0406 2304 PSched - ok 23:07:10.0437 2304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:07:10.0546 2304 Ptilink - ok 23:07:10.0593 2304 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 23:07:10.0609 2304 PxHelp20 - ok 23:07:10.0609 2304 ql1080 - ok 23:07:10.0625 2304 Ql10wnt - ok 23:07:10.0625 2304 ql12160 - ok 23:07:10.0625 2304 ql1240 - ok 23:07:10.0640 2304 ql1280 - ok 23:07:10.0687 2304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:07:10.0828 2304 RasAcd - ok 23:07:10.0890 2304 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll 23:07:11.0015 2304 RasAuto - ok 23:07:11.0078 2304 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:07:11.0187 2304 Rasl2tp - ok 23:07:11.0250 2304 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll 23:07:11.0375 2304 RasMan - ok 23:07:11.0375 2304 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:07:11.0515 2304 RasPppoe - ok 23:07:11.0546 2304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:07:11.0703 2304 Raspti - ok 23:07:11.0765 2304 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:07:11.0906 2304 Rdbss - ok 23:07:11.0953 2304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:07:12.0062 2304 RDPCDD - ok 23:07:12.0156 2304 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 23:07:12.0265 2304 RDPWD - ok 23:07:12.0328 2304 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe 23:07:12.0453 2304 RDSessMgr - ok 23:07:12.0500 2304 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:07:12.0640 2304 redbook - ok 23:07:12.0703 2304 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll 23:07:12.0828 2304 RemoteAccess - ok 23:07:12.0875 2304 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe 23:07:13.0015 2304 RpcLocator - ok 23:07:13.0078 2304 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll 23:07:13.0203 2304 RpcSs - ok 23:07:13.0234 2304 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 23:07:13.0359 2304 RSVP - ok 23:07:13.0437 2304 SABProcEnum - ok 23:07:13.0484 2304 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 23:07:13.0609 2304 SamSs - ok 23:07:13.0656 2304 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 23:07:13.0812 2304 sbp2port - ok 23:07:13.0875 2304 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe 23:07:13.0984 2304 SCardSvr - ok 23:07:14.0031 2304 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll 23:07:14.0156 2304 Schedule - ok 23:07:14.0203 2304 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:07:14.0265 2304 Secdrv - ok 23:07:14.0296 2304 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll 23:07:14.0437 2304 seclogon - ok 23:07:14.0468 2304 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll 23:07:14.0609 2304 SENS - ok 23:07:14.0671 2304 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 23:07:14.0812 2304 Serial - ok 23:07:14.0875 2304 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 23:07:15.0015 2304 Sfloppy - ok 23:07:15.0062 2304 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll 23:07:15.0265 2304 SharedAccess - ok 23:07:15.0328 2304 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 23:07:15.0453 2304 ShellHWDetection - ok 23:07:15.0453 2304 Simbad - ok 23:07:15.0500 2304 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:07:15.0656 2304 SLIP - ok 23:07:15.0656 2304 Sparrow - ok 23:07:15.0718 2304 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 23:07:15.0843 2304 splitter - ok 23:07:15.0906 2304 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe 23:07:16.0031 2304 Spooler - ok 23:07:16.0078 2304 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 23:07:16.0140 2304 sr - ok 23:07:16.0187 2304 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll 23:07:16.0265 2304 srservice - ok 23:07:16.0312 2304 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 23:07:16.0515 2304 Srv - ok 23:07:16.0546 2304 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll 23:07:16.0625 2304 SSDPSRV - ok 23:07:16.0687 2304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 23:07:16.0703 2304 ssmdrv - ok 23:07:16.0796 2304 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys 23:07:16.0906 2304 STHDA - ok 23:07:16.0937 2304 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll 23:07:17.0171 2304 stisvc - ok 23:07:17.0234 2304 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:07:17.0359 2304 streamip - ok 23:07:17.0390 2304 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:07:17.0515 2304 swenum - ok 23:07:17.0578 2304 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 23:07:17.0718 2304 swmidi - ok 23:07:17.0718 2304 SwPrv - ok 23:07:17.0734 2304 symc810 - ok 23:07:17.0734 2304 symc8xx - ok 23:07:17.0750 2304 sym_hi - ok 23:07:17.0750 2304 sym_u3 - ok 23:07:17.0828 2304 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 23:07:17.0937 2304 sysaudio - ok 23:07:18.0046 2304 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe 23:07:18.0171 2304 SysmonLog - ok 23:07:18.0218 2304 SZASSIST - ok 23:07:18.0250 2304 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll 23:07:18.0390 2304 TapiSrv - ok 23:07:18.0468 2304 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:07:18.0671 2304 Tcpip - ok 23:07:18.0718 2304 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:07:18.0843 2304 TDPIPE - ok 23:07:18.0859 2304 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 23:07:18.0968 2304 TDTCP - ok 23:07:19.0015 2304 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:07:19.0140 2304 TermDD - ok 23:07:19.0250 2304 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll 23:07:19.0468 2304 TermService - ok 23:07:19.0531 2304 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll 23:07:19.0656 2304 Themes - ok 23:07:19.0656 2304 TosIde - ok 23:07:19.0734 2304 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll 23:07:19.0890 2304 TrkWks - ok 23:07:19.0890 2304 TSP - ok 23:07:19.0968 2304 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 23:07:20.0093 2304 Udfs - ok 23:07:20.0093 2304 ultra - ok 23:07:20.0125 2304 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 23:07:20.0203 2304 UMWdf - ok 23:07:20.0250 2304 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 23:07:20.0375 2304 Update - ok 23:07:20.0421 2304 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll 23:07:20.0500 2304 upnphost - ok 23:07:20.0531 2304 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe 23:07:20.0640 2304 UPS - ok 23:07:20.0687 2304 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:07:20.0828 2304 usbehci - ok 23:07:20.0890 2304 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:07:21.0031 2304 usbhub - ok 23:07:21.0062 2304 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:07:21.0187 2304 usbprint - ok 23:07:21.0234 2304 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 23:07:21.0343 2304 usbser - ok 23:07:21.0359 2304 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:07:21.0500 2304 USBSTOR - ok 23:07:21.0531 2304 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:07:21.0640 2304 usbuhci - ok 23:07:21.0796 2304 V2i Protector (d04b0e50847104007979a57fc3115899) C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe 23:07:21.0859 2304 V2i Protector ( UnsignedFile.Multi.Generic ) - warning 23:07:21.0859 2304 V2i Protector - detected UnsignedFile.Multi.Generic (1) 23:07:21.0906 2304 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 23:07:22.0046 2304 VgaSave - ok 23:07:22.0046 2304 ViaIde - ok 23:07:22.0109 2304 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 23:07:22.0281 2304 VolSnap - ok 23:07:22.0343 2304 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe 23:07:22.0453 2304 VSS - ok 23:07:22.0515 2304 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll 23:07:22.0640 2304 W32Time - ok 23:07:22.0734 2304 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:07:22.0859 2304 Wanarp - ok 23:07:22.0859 2304 WDICA - ok 23:07:22.0921 2304 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 23:07:23.0031 2304 wdmaud - ok 23:07:23.0078 2304 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll 23:07:23.0203 2304 WebClient - ok 23:07:23.0296 2304 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 23:07:23.0343 2304 winachsf - ok 23:07:23.0453 2304 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 23:07:23.0484 2304 WinDefend - ok 23:07:23.0609 2304 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll 23:07:23.0765 2304 winmgmt - ok 23:07:23.0828 2304 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll 23:07:23.0906 2304 WmdmPmSN - ok 23:07:24.0000 2304 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 23:07:24.0156 2304 WmiApSrv - ok 23:07:24.0250 2304 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 23:07:24.0312 2304 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning 23:07:24.0312 2304 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1) 23:07:24.0593 2304 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 23:07:24.0703 2304 WPFFontCache_v0400 - ok 23:07:24.0828 2304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 23:07:24.0968 2304 WS2IFSL - ok 23:07:25.0031 2304 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll 23:07:25.0171 2304 wscsvc - ok 23:07:25.0218 2304 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:07:25.0375 2304 WSTCODEC - ok 23:07:25.0437 2304 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll 23:07:25.0562 2304 wuauserv - ok 23:07:25.0625 2304 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 23:07:25.0671 2304 WudfPf - ok 23:07:25.0718 2304 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 23:07:25.0734 2304 WudfRd - ok 23:07:25.0750 2304 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 23:07:25.0781 2304 WudfSvc - ok 23:07:25.0843 2304 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll 23:07:25.0984 2304 WZCSVC - ok 23:07:26.0031 2304 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll 23:07:26.0187 2304 xmlprov - ok 23:07:26.0218 2304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 23:07:26.0265 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected 23:07:26.0265 2304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0) 23:07:26.0312 2304 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 23:07:26.0312 2304 \Device\Harddisk0\DR0 - detected TDSS File System (1) 23:07:26.0312 2304 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR4 23:07:27.0046 2304 \Device\Harddisk1\DR4 - ok 23:07:32.0781 2304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5 23:07:32.0953 2304 \Device\Harddisk2\DR5 - ok 23:07:32.0953 2304 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6 23:07:33.0062 2304 \Device\Harddisk3\DR6 - ok 23:07:33.0093 2304 Boot (0x1200) (71c4bb88d4b9ba0e773a1394259bc686) \Device\Harddisk0\DR0\Partition0 23:07:33.0093 2304 \Device\Harddisk0\DR0\Partition0 - ok 23:07:33.0093 2304 Boot (0x1200) (616d66cf61f4286b05a33ea30e5aa394) \Device\Harddisk1\DR4\Partition0 23:07:33.0093 2304 \Device\Harddisk1\DR4\Partition0 - ok 23:07:33.0093 2304 Boot (0x1200) (2ea8b72ace107f6eb0e1bcc4e90e0dcc) \Device\Harddisk2\DR5\Partition0 23:07:33.0109 2304 \Device\Harddisk2\DR5\Partition0 - ok 23:07:33.0109 2304 Boot (0x1200) (49431ef498ee255f973d0137b9351021) \Device\Harddisk3\DR6\Partition0 23:07:33.0109 2304 \Device\Harddisk3\DR6\Partition0 - ok 23:07:33.0109 2304 ============================================================ 23:07:33.0109 2304 Scan finished 23:07:33.0109 2304 ============================================================ 23:07:33.0218 3760 Detected object count: 18 23:07:33.0218 3760 Actual detected object count: 18 23:10:18.0375 3760 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0375 3760 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0375 3760 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0375 3760 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0375 3760 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0375 3760 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0375 3760 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0375 3760 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0375 3760 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0375 3760 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 napagent ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0390 3760 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0390 3760 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0406 3760 PQIMount ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0406 3760 PQIMount ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0406 3760 PQV2i ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0406 3760 PQV2i ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0406 3760 V2i Protector ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0406 3760 V2i Protector ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0406 3760 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:18.0406 3760 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:18.0406 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user 23:10:18.0406 3760 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip 23:10:18.0406 3760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 23:10:18.0406 3760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 23:10:41.0515 2272 Deinitialize success
  11. colin0100
    Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 07/03/2012 10:47:57 PM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 116908 files processed. Processing the F:\ drive Finished processing the F:\ drive. 17 files processed. Processing the G:\ drive Finished processing the G:\ drive. 5843 files processed. Processing the H:\ drive Finished processing the H:\ drive. 4795 files processed. The C:\DOCUME~1\COLIN\LOCALS~1\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop * HidNoChangingWallPaperden policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowNetConn was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 07/03/2012 10:52:05 PM Execution time: 0 hours(s), 4 minute(s), and 7 seconds(s)
  12. colin0100
    Maniac, ran the firdt 2 in your list, than ran otl...went for 1.5 hours so I killed it.
  13. colin0100
    OTL logfile created on: 3/07/2012 9:37:14 PM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\COLIN\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.22% Memory free 3.85 Gb Paging File | 2.48 Gb Available in Paging File | 64.46% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 45.48 Gb Free Space | 19.54% Space Free | Partition Type: NTFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.42% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 229.63 Gb Free Space | 24.65% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe PRC - [2012/05/09 13:47:56 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 13:47:55 | 000,348,624 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 13:47:55 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 13:47:55 | 000,080,336 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/06/28 09:03:22 | 001,843,000 | -H-- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe PRC - [2011/06/27 09:05:26 | 000,557,056 | -H-- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe PRC - [2010/09/13 15:05:36 | 000,086,016 | -H-- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PRC - [2008/12/31 16:04:48 | 000,942,960 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/08/13 08:43:58 | 000,045,056 | -H-- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005/03/09 14:00:00 | 000,098,304 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/05/24 12:35:52 | 000,322,104 | -H-- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe PRC - [2002/11/26 02:12:32 | 000,049,152 | -H-- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 21:12:26 | 000,843,776 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1b45d66\system.drawing.dll MOD - [2012/06/13 21:12:12 | 003,035,136 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9aa3dcd\system.windows.forms.dll MOD - [2012/06/13 21:11:47 | 000,471,040 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/05/09 13:47:56 | 000,398,288 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/01/13 08:06:42 | 003,391,488 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3db6a3e6\mscorlib.dll MOD - [2012/01/13 08:06:32 | 002,088,960 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc2b0697\system.xml.dll MOD - [2012/01/13 08:06:18 | 001,966,080 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3a3c05f7\system.dll MOD - [2012/01/13 08:06:07 | 001,232,896 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/01/13 08:06:06 | 001,269,760 | -H-- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012/01/13 08:06:05 | 002,064,384 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011/06/28 09:01:38 | 000,397,312 | -H-- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll MOD - [2010/06/13 11:01:28 | 000,410,432 | -H-- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll MOD - [2006/01/16 18:34:03 | 001,339,392 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/01/16 18:34:03 | 000,372,736 | -H-- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006/01/16 18:34:02 | 000,323,584 | -H-- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2005/10/08 09:05:32 | 000,125,440 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/05/09 13:47:56 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 13:47:55 | 000,465,360 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/05/09 13:47:55 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | -H-- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,011,552 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/06/13 22:09:22 | 000,267,568 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/09/13 15:05:36 | 000,086,016 | -H-- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/05/24 12:35:52 | 000,322,104 | -H-- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2003/06/04 09:52:22 | 001,200,128 | -H-- | M] (PowerQuest Corporation) [Auto | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector) SRV - [2002/11/26 02:12:32 | 000,049,152 | -H-- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COLIN\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/05/09 13:47:56 | 000,137,928 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 13:47:56 | 000,083,392 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/04 15:56:40 | 000,022,344 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/11 14:00:32 | 000,036,000 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/06/17 14:14:27 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/01/05 13:46:40 | 001,420,288 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/18 08:41:08 | 001,022,040 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM) DRV - [2004/07/07 10:27:28 | 000,070,070 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2004/07/07 08:55:12 | 000,152,049 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2004/06/02 13:19:00 | 000,038,705 | -H-- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2004/05/20 08:41:54 | 000,061,564 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2004/05/20 08:39:42 | 000,008,022 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2004/05/20 08:21:10 | 000,036,918 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2003/11/18 06:59:20 | 000,212,224 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/18 06:58:02 | 000,680,704 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/18 06:56:26 | 001,042,432 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/06/04 09:52:24 | 000,123,957 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i) DRV - [2003/06/04 09:52:20 | 000,046,900 | -H-- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount) DRV - [2003/03/08 09:07:58 | 000,029,603 | -H-- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes,DefaultScope = {7B5D77E7-B219-4760-B284-AE305BDFD485} IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{7B5D77E7-B219-4760-B284-AE305BDFD485}: "URL" = http://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\COLIN\Application Data\nprhapengine.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD} [2009/11/25 15:34:28 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}\ [2009/11/30 19:16:23 | 000,000,000 | -H-D | M] O1 HOSTS File: ([2012/07/02 11:22:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NWEReboot] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Documents and Settings\COLIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/13 14:27:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/03 21:36:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 09:30:48 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/02 23:06:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 11:20:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/07/02 10:33:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/02 10:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/02 10:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/02 10:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/02 10:26:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/02 10:25:28 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/07/02 10:19:21 | 004,568,829 | R--- | C] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/02 01:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\COLIN\My Documents\ComboFix [2012/07/02 00:57:19 | 001,544,384 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/02 00:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Desktop\Malwarebytes (D) [2012/07/02 00:34:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/02 00:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/01 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/06/30 07:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2012/06/29 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2012/06/29 22:16:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2012/06/29 22:14:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2012/06/29 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2012/06/29 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc [2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedMaxPc [2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2012/06/29 16:40:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\COLIN\Recent [2012/06/29 13:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2012/06/29 07:20:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/06/28 22:35:38 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Security Client [2012/06/28 22:28:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\FixItCenter [2012/06/28 18:21:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Data Recovery [2012/06/26 13:59:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\COLIN\Application Data\HandBrake [2012/06/26 13:58:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Handbrake [2012/06/26 13:51:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft.NET [2012/06/19 19:15:30 | 017,396,768 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2009/01/19 11:54:15 | 005,992,404 | -H-- | C] (Headlight Software, Inc.) -- C:\Program Files\Portable GetRight 6.3e.exe [2008/12/09 11:27:59 | 002,167,968 | -H-- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe [2008/07/10 19:55:26 | 000,383,755 | -H-- | C] (Headlight Software, Inc.) -- C:\Program Files\download-VobSub_2.23.exe [2006/12/07 08:37:54 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\COLIN\Application Data\pcouffin.sys [2006/01/17 15:55:09 | 011,477,288 | -H-- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe [2005/12/06 12:00:46 | 002,247,888 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2005/12/06 12:00:46 | 000,484,560 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe [2005/12/06 12:00:46 | 000,074,448 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/03 22:01:01 | 000,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/07/03 21:36:23 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 21:10:01 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/07/03 19:06:19 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/03 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job [2012/07/03 17:15:18 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/03 17:10:45 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/07/03 17:10:01 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/07/03 17:08:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/03 17:05:40 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/07/03 17:05:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1682526488-682003330-1004.job [2012/07/03 17:05:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/03 09:22:59 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job [2012/07/02 23:07:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 11:22:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/02 10:33:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/02 10:19:28 | 004,568,829 | R--- | M] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/02 03:39:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc.job [2012/07/02 00:57:21 | 001,544,384 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/01 09:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/07/01 00:27:36 | 000,000,143 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/06/29 23:15:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 22:20:55 | 000,224,024 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/29 22:19:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012/06/29 22:12:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/06/29 22:12:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/06/29 22:12:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/06/29 22:11:07 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/06/29 22:08:28 | 000,023,392 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/06/29 22:06:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/06/29 19:56:46 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job [2012/06/29 11:45:52 | 000,051,712 | -H-- | M] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/29 07:10:04 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:04 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/28 22:41:55 | 000,001,945 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif [2012/06/28 22:24:13 | 000,000,720 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2012/06/28 18:43:40 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/28 18:21:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/27 18:14:12 | 000,000,333 | -H-- | M] () -- C:\Documents and Settings\COLIN\Desktop\TV Guide - Australia's TV Guide - Yahoo!7.url [2012/06/27 10:10:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1682526488-682003330-1004.job [2012/06/26 16:35:23 | 000,505,984 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/26 16:35:23 | 000,089,256 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/26 13:58:20 | 000,000,694 | -H-- | M] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:01 | 000,029,635 | -H-- | M] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | -H-- | M] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 16:51:26 | 004,478,300 | -H-- | M] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/06/09 21:55:16 | 000,000,133 | -H-- | M] () -- C:\Documents and Settings\COLIN\default.pls [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/03 13:38:27 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/02 11:01:31 | 000,002,076 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/07/02 11:01:30 | 000,001,757 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2012/07/02 10:58:18 | 000,000,955 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2012/07/02 10:58:17 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012/07/02 10:58:16 | 000,000,726 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2012/07/02 10:58:15 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012/07/02 10:58:14 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/07/02 10:58:13 | 000,001,810 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk [2012/07/02 10:58:12 | 000,001,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk [2012/07/02 10:58:11 | 000,001,744 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk [2012/07/02 10:58:09 | 000,001,825 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk [2012/07/02 10:58:08 | 000,001,726 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk [2012/07/02 10:33:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/02 10:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/02 10:26:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/02 10:26:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/02 10:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/02 10:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/02 10:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/02 01:01:26 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/06/29 23:15:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 23:11:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/06/29 22:16:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012/06/29 22:15:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012/06/29 22:15:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012/06/29 22:15:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012/06/29 22:15:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012/06/29 22:15:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012/06/29 22:15:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012/06/29 22:15:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2012/06/29 22:14:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012/06/29 22:09:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/06/29 22:07:42 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/06/29 21:48:16 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2012/06/29 21:48:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2012/06/29 21:48:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2012/06/29 21:48:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2012/06/29 21:48:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2012/06/29 21:48:16 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2012/06/29 21:48:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2012/06/29 21:48:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2012/06/29 21:48:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2012/06/29 21:48:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2012/06/29 21:48:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2012/06/29 21:48:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2012/06/29 21:48:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2012/06/29 21:48:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2012/06/29 21:48:14 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2012/06/29 19:57:06 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job [2012/06/29 19:56:46 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job [2012/06/29 19:56:44 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc.job [2012/06/29 07:10:04 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/29 01:01:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/28 22:41:55 | 000,001,945 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif [2012/06/28 21:57:07 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/06/28 18:21:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/28 18:21:10 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/26 13:58:20 | 000,000,694 | -H-- | C] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:00 | 000,029,635 | -H-- | C] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | -H-- | C] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 16:51:26 | 004,478,300 | -H-- | C] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/05/22 13:26:42 | 000,000,108 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\mbam.context.scan [2010/11/29 15:25:15 | 000,034,296 | -H-- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2009/12/14 15:07:24 | 000,001,316 | -H-- | C] () -- C:\Program Files\ComboFix.htm [2009/12/07 18:04:53 | 000,019,334 | -H-- | C] () -- C:\Documents and Settings\All Users\xpnetdiag.xml [2009/08/07 18:15:33 | 000,000,551 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\AutoGK.ini [2009/06/05 16:02:25 | 000,002,119 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif [2009/06/05 16:02:25 | 000,000,607 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif [2009/06/05 16:02:25 | 000,000,598 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif [2009/04/01 15:14:51 | 000,043,062 | -H-- | C] () -- C:\Documents and Settings\COLIN\UserImages.bmp [2009/02/14 11:10:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/12/13 11:39:15 | 007,930,904 | -H-- | C] () -- C:\Program Files\dap9.exe [2008/05/21 15:42:29 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\COLIN\usb002 [2008/02/06 16:44:12 | 000,000,483 | -H-- | C] () -- C:\Program Files\Shortcut to DVD Shrink.lnk [2007/11/01 23:07:09 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf [2007/04/05 01:14:38 | 000,000,006 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\dm.ini [2007/01/25 09:01:30 | 000,005,986 | -H-- | C] () -- C:\Documents and Settings\COLIN\UserCustomPreset_Adobe Premiere Pro 2.0.vpr [2006/12/07 08:37:54 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\ezpinst.exe [2006/12/07 08:37:54 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.cat [2006/12/07 08:37:54 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.inf [2006/06/10 14:27:28 | 000,002,615 | -H-- | C] () -- C:\Program Files\ChingLiu.nfo [2006/02/27 18:15:06 | 000,217,329 | -H-- | C] () -- C:\Program Files\gspot221.exe [2006/02/04 21:05:20 | 000,000,427 | -H-- | C] () -- C:\Program Files\FILE_ID.DIZ [2006/01/17 16:14:53 | 020,921,040 | -H-- | C] ( ) -- C:\Program Files\AdbeRdr705_enu_full.exe [2006/01/14 13:20:25 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\fusioncache.dat [2006/01/13 16:55:34 | 000,000,133 | -H-- | C] () -- C:\Documents and Settings\COLIN\default.pls [2006/01/13 16:19:38 | 000,051,712 | -H-- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/06 12:28:30 | 003,673,932 | -H-- | C] () -- C:\Program Files\Dec2005_MDX1_x86_Archive.cab [2005/12/06 12:28:04 | 001,358,864 | -H-- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab [2005/12/06 12:28:02 | 000,086,925 | -H-- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab [2005/12/06 12:28:02 | 000,046,247 | -H-- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab [2005/12/06 12:28:02 | 000,041,888 | -H-- | C] () -- C:\Program Files\dxdllreg_x86.cab [2005/12/06 12:28:00 | 000,916,806 | -H-- | C] () -- C:\Program Files\Dec2005_MDX1_x86.cab [2005/12/06 12:27:58 | 001,080,344 | -H-- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab [2005/12/06 12:00:46 | 000,081,092 | -H-- | C] () -- C:\Program Files\dxupdate.cab [2005/12/06 12:00:44 | 001,351,430 | -H-- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab [2005/12/06 12:00:44 | 001,348,242 | -H-- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2005/12/06 12:00:44 | 001,336,890 | -H-- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab [2005/12/06 12:00:44 | 001,248,387 | -H-- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab [2005/12/06 12:00:44 | 001,079,850 | -H-- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2005/12/06 12:00:44 | 001,078,532 | -H-- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab [2005/12/06 12:00:44 | 001,065,813 | -H-- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab [2005/12/06 12:00:44 | 001,014,113 | -H-- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab [2005/12/06 12:00:42 | 013,265,040 | -H-- | C] () -- C:\Program Files\dxnt.cab [2005/12/06 12:00:40 | 015,493,481 | -H-- | C] () -- C:\Program Files\DirectX.cab [2005/12/06 12:00:40 | 001,156,363 | -H-- | C] () -- C:\Program Files\BDANT.cab [2005/12/06 12:00:40 | 000,976,020 | -H-- | C] () -- C:\Program Files\BDAXP.cab [2005/12/06 12:00:40 | 000,703,080 | -H-- | C] () -- C:\Program Files\BDA.cab ========== LOP Check ========== [2008/01/08 16:58:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2006/01/27 03:06:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/01/18 21:12:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2012/07/03 00:35:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2006/01/14 15:35:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest [2009/02/14 11:10:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2008/12/13 11:40:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2012/06/29 19:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2007/04/07 11:22:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/01/26 07:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2011/11/20 13:14:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param [2010/08/09 15:17:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Audacity [2006/02/23 14:12:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Autodesk [2007/04/16 13:45:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\AVSMedia [2012/02/11 15:33:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\calibre [2006/12/09 21:12:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\CopyToDvd [2011/02/18 14:40:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Digiarty [2011/12/20 10:38:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\ElevatedDiagnostics [2007/04/08 01:26:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\EPSON [2007/12/05 19:09:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Forte [2011/11/20 13:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\GetRightToGo [2008/12/20 05:45:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\GrabPro [2012/06/26 14:08:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\HandBrake [2012/06/06 18:15:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\ImgBurn [2006/01/15 13:31:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\IsolatedStorage [2011/10/10 13:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\mediamove for Lexar Media [2011/09/25 22:39:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Mobipocket [2007/01/20 23:40:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Opera [2012/07/03 21:36:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Orbit [2011/11/12 14:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\ProgSense [2009/09/15 17:11:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Regensoft [2006/05/31 08:49:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\ReGet Junior [2006/02/09 07:10:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\SuperAdBlocker.com [2009/01/05 19:45:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\SuperNZB [2009/01/19 11:53:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Thinstall [2007/06/22 15:56:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Uniblue [2012/06/28 18:13:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\uTorrent [2012/06/26 22:23:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\Vso [2006/11/07 21:05:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\COLIN\Application Data\WholeSecurity [2011/12/26 10:57:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\AskToolbar [2009/01/24 14:13:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\GrabPro [2010/11/01 15:45:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\ImgBurn [2012/06/21 15:35:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\Orbit [2011/12/11 11:14:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\ProgSense [2012/01/18 17:40:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\AskToolbar [2006/04/12 17:57:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\Autodesk [2012/06/29 19:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANEERAT\Application Data\DriverCure [2009/01/24 14:11:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\GrabPro [2012/07/01 09:12:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\Orbit [2012/01/18 17:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\ProgSense [2012/06/29 19:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANEERAT\Application Data\SpeedMaxPc [2006/02/14 01:42:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\SuperAdBlocker.com [2012/06/29 20:11:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MANEERAT\Application Data\WholeSecurity [2012/07/03 21:36:23 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\Command Prompt.job [2012/07/03 17:08:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/07/03 22:01:01 | 000,000,236 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2012/07/03 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job [2012/06/29 19:56:46 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Update3.job [2012/07/02 03:39:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2:SummaryInformation @Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s2 < End of report >
  14. colin0100
    Will do as you request...in the meantime this may be of interest MANIAC, MANY THANKS FOR YOUR HELP SO FAR. I AM REALLY TRYING. 4.50 pm my time. ran a quick scan with Malwarebytes. Found pup.bundleinstaller.iq and removed it. Then ran Avira and it found 2 hidden objects which I couldn't do anything about. I noticed that my desktop had 2 icons on it that were a bit atrange. 1. mplayer_installer_1922 Properties: 1.47MB Digital signatures W3i.LLC Right click to scan with Malwarebytes and nothing happened Right click on the icon to scan with Avira- 0 Scanned directories 6 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 6 Files not concerned 3 Archives were scanned 0 Warnings 0 Notes 2. I THEN DID A COMPLETE SCAN WITH AVIRA 14415 Scanned directories 289335 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 289335 Files not concerned 1722 Archives were scanned 135 Warnings 2 Notes 434332 Objects were scanned with rootkit scan 2 Hidden objects were found 3. router_land.php-tracking=ga18banner=6.2 1167 bytes................ Right click to scan with Malwarebytes: nothing happened Right click on the icon and scanned with Avira 0 Scanned directories 3 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 3 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes ====================================== Should I delete these??? Under control panel they are not in the list of progs (add and remove programs option)
  15. colin0100
    I can not get in to 'recovery console'. Let me explain: 1. Using the original WINDOWS cd:- WINDOWS setup. Loads files SETUP is loading WINDOWS... I pressed 'R' WIDOWS XP Home edition setup Microsoft Recovery Console Which WINDOWS installation would you like to log onto? I selected c:\WINDOWS against the prompt of C:\WINDOWS> I typed 'notepad' Didn't open. 2. Boot using F8. WINDOWS Advanced Option Menu safe mode etc. did not see the menu you referred to ie repair your computer. I returned to Operating system choices. Please select operating system to start; I chose: Microsoft WINDOWS Recovery Console ( There was a note under this prompt that said:- Do not select this [debugger enabled] ( my first attempt I did not select it because of that....but this time I did.) Display was: Starting Windows recovery console a line of characters appeared along the bottom of the screen and nothing more happened. Left it like that for about an hour then turned it off. 3. When I boot up normally there is a black box on the screen with a command prompt- c:\WINDOWS\system32> (my USB memory stick is drive 'F') At the command prompt I type 'dir' I get the content .. 'cd' does nothing. cd f: shows F:\ immediatly followed by c:\WINDOWS\system32> In the reboot at a command prompt I tried to get to 'F' and it tells me that there is not an 'f' Similarly it can't see my H and G external hard discs. In 'my computer' it shows all of my drives and can see the files in 'f' of course. I have run the tool, but not in the way that you required. Thanks....I can not get in to 'recovery console'. Let me explain: 1. Using the original WINDOWS cd:- WINDOWS setup. Loads files SETUP is loading WINDOWS... I pressed 'R' WIDOWS XP Home edition setup Microsoft Recovery Console Which WINDOWS installation would you like to log onto? I selected c:\WINDOWS against the prompt of C:\WINDOWS> I typed 'notepad' Didn't open. 2. Boot using F8. WINDOWS Advanced Option Menu safe mode etc. did not see the menu you referred to ie repair your computer. I returned to Operating system choices. Please select operating system to start; I chose: Microsoft WINDOWS Recovery Console ( There was a note under this prompt that said:- Do not select this [debugger enabled] ( my first attempt I did not select it because of that....but this time I did.) Display was: Starting Windows recovery console a line of characters appeared along the bottom of the screen and nothing more happened. Left it like that for about an hour then turned it off. 3. When I boot up normally there is a black box on the screen with a command prompt- c:\WINDOWS\system32> (my USB memory stick is drive 'F') At the command prompt I type 'dir' I get the content .. 'cd' does nothing. cd f: shows F:\ immediatly followed by c:\WINDOWS\system32> In the reboot at a command prompt I tried to get to 'F' and it tells me that there is not an 'f' Similarly it can't see my H and G external hard discs. In 'my computer' it shows all of my drives and can see the files in 'f' of course. I have run the tool, but not in the way that you required. Thanks.... Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012 Ran by COLIN at 03-07-2012 11:13:36 Running from F:\ Service Pack 2 (X86) OS Language: English(US) Attention: Could not load system hive. Error: The process cannot access the file because it is being used by another process. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY. ============ One Month Created Files and Folders ============== 2012-07-03 09:30 - 2012-07-03 11:13 - 00000000 ____D C:\FRST 2012-07-02 10:33 - 2012-07-02 10:33 - 00000000 RASHD C:\cmdcons 2012-07-02 10:33 - 2012-06-29 22:06 - 00000211 ____A C:\Boot.bak 2012-07-02 10:33 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr 2012-07-02 10:26 - 2011-06-26 16:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-02 10:26 - 2010-11-08 03:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-02 10:26 - 2009-04-20 14:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-02 10:26 - 2000-08-31 10:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-02 10:25 - 2012-07-02 11:23 - 00000000 ___SD C:\ComboFix 2012-07-02 00:34 - 2012-07-02 00:37 - 00000000 ____D C:\Qoobox 2012-07-02 00:33 - 2012-07-02 00:33 - 00000000 ____D C:\Windows\erdnt 2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG 2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG 2012-06-30 07:44 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG 2012-06-30 07:44 - 2012-06-30 07:44 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG 2012-06-30 07:44 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG 2012-06-29 23:19 - 2012-06-29 23:19 - 00001448 ____A C:\Windows\COM+.log 2012-06-29 22:17 - 2004-08-04 22:00 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00456704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsvc.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00358400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpincl.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00259072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpcl.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00236544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smi2smir.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00188416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpsmir.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00185344 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\thawbrkr.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00069120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime 2012-06-29 22:17 - 2004-08-04 22:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00040448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpthrd.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00032768 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmp.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys 2012-06-29 22:17 - 2004-08-04 22:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls 2012-06-29 22:17 - 2004-08-04 22:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys 2012-06-29 22:17 - 2004-08-04 22:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys 2012-06-29 22:17 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys 2012-06-29 22:17 - 2004-08-04 22:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmptrap.exe 2012-06-29 22:17 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpmib.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll 2012-06-29 22:17 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll 2012-06-29 22:17 - 2001-08-17 22:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll 2012-06-29 22:17 - 2001-08-17 22:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex 2012-06-29 22:16 - 2004-08-04 22:00 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime 2012-06-29 22:16 - 2004-08-04 22:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtstocom.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys 2012-06-29 22:16 - 2004-08-04 22:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls 2012-06-29 22:16 - 2004-08-04 22:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls 2012-06-29 22:16 - 2004-08-04 22:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime 2012-06-29 22:16 - 2004-08-04 22:00 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime 2012-06-29 22:16 - 2004-08-04 22:00 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00026624 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw330ext.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime 2012-06-29 22:16 - 2004-08-04 22:00 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rw001ext.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00020736 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys 2012-06-29 22:16 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll 2012-06-29 22:16 - 2004-08-04 22:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\migregdb.exe 2012-06-29 22:16 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll 2012-06-29 22:16 - 2001-08-17 22:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll 2012-06-29 22:16 - 2001-08-17 22:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll 2012-06-29 22:16 - 2001-08-17 22:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll 2012-06-29 22:16 - 2001-08-17 22:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex 2012-06-29 22:15 - 2004-08-04 22:00 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00562176 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsst.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00452096 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsapi.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00400384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsxp32.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00397312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxstiff.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime 2012-06-29 22:15 - 2004-08-04 22:00 - 00315452 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00285184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscomex.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00267776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssvc.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00246272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxst30.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00229376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscover.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00192512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxswzrd.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00154112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsui.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00143360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclnt.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex 2012-06-29 22:15 - 2004-08-04 22:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex 2012-06-29 22:15 - 2004-08-04 22:00 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00101888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntagnt.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime 2012-06-29 22:15 - 2004-08-04 22:00 - 00092160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntwin.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00072192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscom.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsevent.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls 2012-06-29 22:15 - 2004-08-04 22:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hostmib.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00035328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iprip.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lmmib2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00027136 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsdrv.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntcmd.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsmon.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsext32.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00022528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lpdsvc.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lprmon.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe 2012-06-29 22:15 - 2004-08-04 22:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsperf.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdibm02.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\f3ahvoas.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41a.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsres.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth3.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41j.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinpun.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdax2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106n.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftlx041e.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdvntc.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdusa.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdurdu.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth1.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth0.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr1.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintel.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintam.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinmar.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinkan.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinhin.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinguj.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdindev.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdheb.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdfa.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv1.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda3.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda2.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda1.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdgeo.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarmw.dll 2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarme.dll 2012-06-29 22:15 - 2003-03-24 16:52 - 00094208 ___AC C:\Windows\System32\dllcache\fpencode.dll 2012-06-29 22:15 - 2003-03-24 16:52 - 00024632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmcgi.exe 2012-06-29 22:15 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmdll.dll 2012-06-29 22:15 - 2001-08-17 22:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll 2012-06-29 22:15 - 2001-08-17 22:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00331264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aqueue.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_g18030.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime 2012-06-29 22:14 - 2004-08-04 22:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime 2012-06-29 22:14 - 2004-08-04 22:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_864.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_862.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_720.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_708.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_28596.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10021.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10005.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10004.nls 2012-06-29 22:14 - 2004-08-04 22:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys 2012-06-29 22:14 - 2004-08-04 22:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys 2012-06-29 22:14 - 2004-08-04 22:00 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0804.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0412.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0411.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt040d.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0404.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0401.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00010752 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_iscii.dll 2012-06-29 22:14 - 2004-08-04 22:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe 2012-06-29 22:14 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll 2012-06-29 22:14 - 2001-08-17 22:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll 2012-06-29 22:13 - 2004-05-13 00:39 - 00876653 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awel.dll 2012-06-29 22:13 - 2004-05-13 00:39 - 00598071 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmc.dll 2012-06-29 22:13 - 2004-05-13 00:39 - 00184435 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4amsft.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00208896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmcsat.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00188494 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpcount.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00188480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cfgwiz.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00147513 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4apws.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00109328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98swin.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00102509 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4atxt.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00082035 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4anscp.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00049212 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awebs.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00049210 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4areg.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00041020 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avnb.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00032827 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptest.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00032826 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avss.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpexedll.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00020538 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpremadm.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00020536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00016437 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.exe 2012-06-29 22:13 - 2003-03-24 16:52 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptsat.dll 2012-06-29 22:13 - 2003-03-24 16:52 - 00014608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98sadm.exe 2012-06-29 22:13 - 2001-08-17 22:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll 2012-06-29 22:12 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\WindowsShell.Manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest 2012-06-29 22:09 - 2004-08-04 22:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe 2012-06-29 22:08 - 2012-06-29 22:08 - 00001041 ____A C:\Windows\sessmgr.setup.log 2012-06-29 22:07 - 2012-06-29 22:27 - 00002098 ____A C:\Windows\wmsetup.log 2012-06-29 22:06 - 2012-06-29 22:06 - 00000200 ____A C:\Windows\cmsetacl.log 2012-06-29 21:48 - 2012-06-29 22:32 - 00608594 ____A C:\Windows\System32\PerfStringBackup.TMP 2012-06-29 21:48 - 2012-06-29 22:23 - 00020827 ____A C:\Windows\comsetup.log 2012-06-29 21:48 - 2012-06-29 22:19 - 00011207 ____A C:\Windows\ntdtcsetup.log 2012-06-29 21:48 - 2012-06-29 22:19 - 00009049 ____A C:\Windows\tsoc.log 2012-06-29 21:48 - 2012-06-29 22:19 - 00004382 ____A C:\Windows\imsins.log 2012-06-29 21:48 - 2012-06-29 22:19 - 00000885 ____A C:\Windows\ocmsn.log 2012-06-29 21:48 - 2012-06-29 22:19 - 00000708 ____A C:\Windows\iis6.log 2012-06-29 21:48 - 2012-06-29 22:08 - 00014685 ____A C:\Windows\ocgen.log 2012-06-29 21:48 - 2012-06-29 22:08 - 00014480 ____A C:\Windows\FaxSetup.log 2012-06-29 21:48 - 2012-06-29 22:08 - 00000927 ____A C:\Windows\msgsocm.log 2012-06-29 21:48 - 2012-06-29 22:05 - 00001494 ____A C:\Windows\regopt.log 2012-06-29 21:48 - 2005-03-23 06:48 - 00007710 ___AC C:\Windows\System32\dllcache\OEMBIOS.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 02012670 ___AC C:\Windows\System32\dllcache\NT5.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 01086058 ___RA C:\Windows\SET133.tmp 2012-06-29 21:48 - 2004-08-04 22:00 - 01086058 ___AC C:\Windows\System32\dllcache\NTPRINT.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 01042903 ___RA C:\Windows\SET130.tmp 2012-06-29 21:48 - 2004-08-04 22:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00382952 ___AC C:\Windows\System32\dllcache\NT5INF.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00168806 ___AC C:\Windows\System32\dllcache\startoc.cat 2012-06-29 21:48 - 2004-08-04 22:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00031281 ___AC C:\Windows\System32\dllcache\FP4.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll 2012-06-29 21:48 - 2004-08-04 22:00 - 00024661 ____A (Perle Systems Ltd.) C:\Windows\System32\spxcoins.dll 2012-06-29 21:48 - 2004-08-04 22:00 - 00024209 ___AC C:\Windows\System32\dllcache\msn7.cat 2012-06-29 21:48 - 2004-08-04 22:00 - 00013753 ___RA C:\Windows\SET13F.tmp 2012-06-29 21:48 - 2004-08-04 22:00 - 00013753 ___AC C:\Windows\System32\dllcache\IMS.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll 2012-06-29 21:48 - 2004-08-04 22:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\irclass.dll 2012-06-29 21:48 - 2004-08-04 22:00 - 00011651 ___AC C:\Windows\System32\dllcache\msn9.cat 2012-06-29 21:48 - 2004-08-04 22:00 - 00009581 ___AC C:\Windows\System32\dllcache\MSMSGS.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT 2012-06-29 21:48 - 2004-08-04 22:00 - 00007245 ___AC C:\Windows\System32\dllcache\MSTSWEB.CAT 2012-06-29 21:47 - 2012-07-02 01:09 - 00434792 ____A C:\Windows\setupapi.log 2012-06-29 21:47 - 2012-06-29 22:19 - 00118868 ____A C:\Windows\setupact.log 2012-06-29 21:47 - 2012-06-29 22:09 - 00000520 ____A C:\Windows\setuperr.log 2012-06-29 20:14 - 2012-07-03 11:11 - 00000159 ____A C:\Windows\wiadebug.log 2012-06-29 19:57 - 2012-07-01 18:00 - 00000446 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job 2012-06-29 19:56 - 2012-07-02 03:39 - 00000382 ____A C:\Windows\Tasks\SpeedMaxPc.job 2012-06-29 19:56 - 2012-06-29 19:56 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job 2012-06-29 19:56 - 2012-06-29 19:56 - 00000000 ____D C:\Program Files\SpeedMaxPc 2012-06-29 19:56 - 2012-06-29 19:56 - 00000000 ____D C:\Program Files\Common Files\SpeedMaxPc 2012-06-29 13:06 - 2012-06-30 12:56 - 00000000 ____D C:\Windows\System32\MpEngineStore 2012-06-29 01:01 - 2012-07-03 10:09 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job 2012-06-28 22:41 - 2012-06-28 22:41 - 00001945 ___AH C:\Windows\epplauncher.mif 2012-06-28 22:35 - 2012-06-28 22:36 - 00000000 ___HD C:\Program Files\Microsoft Security Client 2012-06-28 21:57 - 2012-07-03 11:12 - 00000250 ___AH C:\Windows\Tasks\Command Prompt.job 2012-06-26 13:51 - 2012-06-26 13:51 - 00000000 ___HD C:\Program Files\Microsoft.NET 2012-06-26 13:47 - 2012-06-26 13:47 - 00029635 ___AH C:\Program Files\download.htm 2012-06-19 19:15 - 2012-06-19 19:15 - 17396768 ___AH (Microsoft Corporation) C:\Program Files\mpas-fe.exe ============ 3 Months Modified Files ======================== 2012-07-03 11:12 - 2012-06-28 21:57 - 00000250 ___AH C:\Windows\Tasks\Command Prompt.job 2012-07-03 11:12 - 2004-08-04 22:00 - 00002206 ___AH C:\Windows\System32\wpa.dbl 2012-07-03 11:11 - 2012-06-29 20:14 - 00000159 ____A C:\Windows\wiadebug.log 2012-07-03 11:11 - 2010-05-04 13:59 - 00000278 ___AH C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1682526488-682003330-1004.job 2012-07-03 11:11 - 2009-07-23 13:49 - 00000880 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-03 11:11 - 2006-01-13 14:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-03 11:11 - 2006-01-13 14:26 - 00620606 ___AH C:\Windows\WindowsUpdate.log 2012-07-03 11:11 - 2006-01-13 06:14 - 00000048 ___AH C:\Windows\wiaservc.log 2012-07-03 11:06 - 2006-01-13 14:34 - 00032578 ___AH C:\Windows\SchedLgU.Txt 2012-07-03 10:31 - 2006-02-02 16:40 - 00524288 ___AH C:\Windows\System32\config\ACEEvent.evt 2012-07-03 10:10 - 2009-07-23 13:49 - 00000884 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-03 10:09 - 2012-06-29 01:01 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job 2012-07-03 10:01 - 2011-10-19 09:25 - 00000236 ___AH C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2012-07-03 09:22 - 2010-04-14 17:02 - 00000256 ___AH C:\Windows\Tasks\Malwarebytes' Anti-Malware.job 2012-07-02 10:33 - 2006-01-13 06:11 - 00000327 _RASH C:\boot.ini 2012-07-02 03:39 - 2012-06-29 19:56 - 00000382 ____A C:\Windows\Tasks\SpeedMaxPc.job 2012-07-02 01:09 - 2012-06-29 21:47 - 00434792 ____A C:\Windows\setupapi.log 2012-07-01 18:00 - 2012-06-29 19:57 - 00000446 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job 2012-07-01 00:27 - 2006-01-13 16:58 - 00000143 ___AH C:\Windows\NeroDigital.ini 2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG 2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG 2012-06-30 07:45 - 2006-01-13 06:11 - 34340864 ___AH C:\Windows\System32\config\software.sav 2012-06-30 07:45 - 2006-01-13 06:11 - 13893632 ___AH C:\Windows\System32\config\system.sav 2012-06-30 07:45 - 2006-01-13 06:11 - 00339968 ___AH C:\Windows\System32\config\default.sav 2012-06-30 07:45 - 2006-01-13 06:11 - 00262144 ____A C:\Windows\System32\config\userdiff 2012-06-30 07:44 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG 2012-06-30 07:44 - 2012-06-30 07:44 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG 2012-06-29 23:19 - 2012-06-29 23:19 - 00001448 ____A C:\Windows\COM+.log 2012-06-29 22:32 - 2012-06-29 21:48 - 00608594 ____A C:\Windows\System32\PerfStringBackup.TMP 2012-06-29 22:27 - 2012-06-29 22:07 - 00002098 ____A C:\Windows\wmsetup.log 2012-06-29 22:23 - 2012-06-29 21:48 - 00020827 ____A C:\Windows\comsetup.log 2012-06-29 22:20 - 2006-01-13 06:12 - 00224024 ___AH C:\Windows\System32\FNTCACHE.DAT 2012-06-29 22:19 - 2012-06-29 21:48 - 00011207 ____A C:\Windows\ntdtcsetup.log 2012-06-29 22:19 - 2012-06-29 21:48 - 00009049 ____A C:\Windows\tsoc.log 2012-06-29 22:19 - 2012-06-29 21:48 - 00004382 ____A C:\Windows\imsins.log 2012-06-29 22:19 - 2012-06-29 21:48 - 00000885 ____A C:\Windows\ocmsn.log 2012-06-29 22:19 - 2012-06-29 21:48 - 00000708 ____A C:\Windows\iis6.log 2012-06-29 22:19 - 2012-06-29 21:47 - 00118868 ____A C:\Windows\setupact.log 2012-06-29 22:12 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG 2012-06-29 22:12 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG 2012-06-29 22:12 - 2009-12-07 22:11 - 00262144 ___AH C:\Windows\System32\config\userdifr 2012-06-29 22:12 - 2006-01-13 14:27 - 00316640 ____A C:\Windows\WMSysPr9.prx 2012-06-29 22:12 - 2006-01-13 14:27 - 00023392 ____A C:\Windows\System32\nscompat.tlb 2012-06-29 22:12 - 2006-01-13 14:27 - 00016832 ____A C:\Windows\System32\amcompat.tlb 2012-06-29 22:11 - 2006-01-13 06:13 - 00004161 ___AH C:\Windows\ODBCINST.INI 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\WindowsShell.Manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest 2012-06-29 22:09 - 2012-06-29 22:09 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest 2012-06-29 22:09 - 2012-06-29 21:47 - 00000520 ____A C:\Windows\setuperr.log 2012-06-29 22:09 - 2006-01-13 14:27 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest 2012-06-29 22:09 - 2006-01-13 14:26 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest 2012-06-29 22:09 - 2006-01-13 14:26 - 00000749 __RAH C:\Windows\System32\cdplayer.exe.manifest 2012-06-29 22:09 - 2004-08-04 22:00 - 00000686 ___AH C:\Windows\win.ini 2012-06-29 22:08 - 2012-06-29 22:08 - 00001041 ____A C:\Windows\sessmgr.setup.log 2012-06-29 22:08 - 2012-06-29 21:48 - 00014685 ____A C:\Windows\ocgen.log 2012-06-29 22:08 - 2012-06-29 21:48 - 00014480 ____A C:\Windows\FaxSetup.log 2012-06-29 22:08 - 2012-06-29 21:48 - 00000927 ____A C:\Windows\msgsocm.log 2012-06-29 22:08 - 2006-01-13 14:25 - 00023392 ___AH C:\Windows\System32\emptyregdb.dat 2012-06-29 22:06 - 2012-07-02 10:33 - 00000211 ____A C:\Boot.bak 2012-06-29 22:06 - 2012-06-29 22:06 - 00000200 ____A C:\Windows\cmsetacl.log 2012-06-29 22:05 - 2012-06-29 21:48 - 00001494 ____A C:\Windows\regopt.log 2012-06-29 21:48 - 2004-08-04 22:00 - 00000231 ___AH C:\Windows\system.ini 2012-06-29 21:23 - 2006-01-13 06:12 - 00081920 ____A C:\Windows\System32\config\security.sav 2012-06-29 19:56 - 2012-06-29 19:56 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job 2012-06-28 22:45 - 2011-12-12 14:18 - 00065536 ___AH C:\Windows\System32\config\WindowsPowerShell.evt 2012-06-28 22:41 - 2012-06-28 22:41 - 00001945 ___AH C:\Windows\epplauncher.mif 2012-06-27 10:10 - 2010-05-04 13:59 - 00000286 ___AH C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1682526488-682003330-1004.job 2012-06-26 16:35 - 2006-01-13 06:13 - 00605756 ___AH C:\Windows\System32\PerfStringBackup.INI 2012-06-26 13:47 - 2012-06-26 13:47 - 00029635 ___AH C:\Program Files\download.htm 2012-06-19 22:25 - 2007-05-01 14:51 - 00007680 __ASH C:\Windows\Thumbs.db 2012-06-19 19:15 - 2012-06-19 19:15 - 17396768 ___AH (Microsoft Corporation) C:\Program Files\mpas-fe.exe 2012-06-04 17:35 - 2006-01-13 14:26 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll 2012-06-03 23:35 - 2006-01-14 13:01 - 56731752 ___AH (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-02 15:19 - 2009-08-06 18:24 - 00022040 ___AH (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui 2012-06-02 15:19 - 2009-08-06 18:24 - 00017944 ___AH (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui 2012-06-02 15:19 - 2009-08-06 18:24 - 00015384 ___AH (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui 2012-06-02 15:19 - 2009-08-06 18:24 - 00015384 ___AH (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui 2012-06-02 15:19 - 2005-05-26 22:16 - 00045080 ___AH (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-05-26 16:57 - 2009-04-22 18:30 - 00000087 ___AH C:\Windows\System32\ssprs.tgz 2012-05-12 00:42 - 2006-10-27 14:09 - 00629760 ___AH (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-05-12 00:42 - 2006-10-27 14:09 - 00055296 ___AH (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-05-12 00:42 - 2006-10-17 11:57 - 02000384 ___AH (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-11 20:12 - 2006-10-27 14:09 - 11111424 ___AH (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-09 13:47 - 2011-10-19 09:24 - 00137928 ___AH (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys 2012-05-09 13:47 - 2011-10-19 09:24 - 00083392 ___AH (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys 2012-04-24 20:56 - 2007-04-07 13:24 - 00001024 ___AH C:\EPSONCD.Pal 2012-04-24 20:56 - 2007-04-07 13:24 - 00000071 ___AH C:\Windows\EPSONCD.INI ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe [2004-08-04 22:00] - [2004-08-04 22:00] - 1032192 ____A (Microsoft Corporation) A0732187050030AE399B241436565E64 C:\Windows\System32\winlogon.exe [2004-08-04 22:00] - [2004-08-04 22:00] - 0502272 ____A (Microsoft Corporation) 01C3346C241652F43AED8E2149881BFE C:\Windows\System32\svchost.exe [2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716 C:\Windows\System32\services.exe [2004-08-04 22:00] - [2004-08-04 22:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 C:\Windows\System32\User32.dll [2004-08-04 22:00] - [2004-08-04 22:00] - 0577024 ____A (Microsoft Corporation) C72661F8552ACE7C5C85E16A3CF505C4 C:\Windows\System32\userinit.exe [2004-08-04 22:00] - [2004-08-04 22:00] - 0024576 ____A (Microsoft Corporation) 39B1FFB03C2296323832ACBAE50D2AFF C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 22:00] - [2004-08-04 22:00] - 0052352 ____A (Microsoft Corporation) EE4660083DEBA849FF6C485D944B379B ==================== Restore Points (XP) ===================== RP: -> 2012-07-03 06:07 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP4 RP: -> 2012-07-01 23:30 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP3 RP: -> 2012-06-30 22:51 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP2 RP: -> 2012-06-29 22:27 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP1 ========================= Memory info ====================== Percentage of memory in use: 41% Total physical RAM: 2046.09 MB Available physical RAM: 1187.21 MB Total Pagefile: 3937.94 MB Available Pagefile: 3145.06 MB Total Virtual: 2047.88 MB Available Virtual: 2004.46 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:232.77 GB) (Free:45.54 GB) NTFS ==>[Drive with boot components (Windows XP)] 4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.67 GB) FAT32 5 Drive g: (MOVIES) (Fixed) (Total:931.51 GB) (Free:229.63 GB) NTFS 6 Drive h: (FROM MARK 1 TB) (Fixed) (Total:931.51 GB) (Free:20.95 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 Online 932 GB 0 B Disk 2 Online 932 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 47 MB 32 KB Partition 2 Primary 233 GB 47 MB Partition 3 Unknown 16 MB 233 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 233 GB Healthy Boot ================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: Yes There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 932 GB 32 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 G MOVIES NTFS Partition 932 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 932 GB 1024 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 H FROM MARK 1 NTFS Partition 932 GB Healthy ================================================================================== ======================= End Of Log ==========================
  16. colin0100
    My PC justed crfased....will connect tomorrow..sleeping now, Thaks mate.... Need to go to bed.....agan..tomorrow. regards Colin
  17. colin0100
    OTL Extras logfile created on: 2/07/2012 11:54:02 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = F:\ Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.71% Memory free 3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.82% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 45.54 Gb Free Space | 19.57% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.43% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 229.54 Gb Free Space | 24.64% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "enablefirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "27649:UDP" = 27649:UDP:*:Disabled:TorrentPort "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "enablefirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Call "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) "C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Disabled:Ad-Aware "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Disabled:SUPERAntiSpyware Alternate Start "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Disabled:SUPERAntiSpyware Professional "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1DF4AC80-F76B-42AE-A263-15D2313D4472}" = EPSON Easy Photo Print "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}" = D-Link DSL-302G Ethernet Diagnostics and USB Driver "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = "{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{62369F2F77534556AEF4C58152E3BDE5}" = "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.8.123 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0 "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008 "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3BE07E3-73B2-11D4-ABB6-004095009CCE}" = Morph Man 2000 Trial "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.10.208 "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7 "{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager "{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools "{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F90DA605-4E92-11D4-A319-00104BCAB4AB}" = "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "AddressBook" = "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0 "AdobeESD" = Adobe Download Manager 2.2 (Remove Only) "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Autodesk Express Viewer" = Autodesk Express Viewer "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "Branding" = "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Connection Manager" = "Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 "Digital Editions" = Adobe Digital Editions "DirectAnimation" = "DirectDrawEx" = "DVD Shrink_is1" = DVD Shrink 3.2 "DXM_Runtime" = "EPSON Printer and Utilities" = EPSON Printer Software "ESPR230 User's Guide" = ESPR230 User's Guide "FLVPlayer" = FLV Player 1.3.3 "Fontcore" = "Google Desktop" = Google Desktop Search "Google Updater" = Google Updater "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "ICW" = "IE4Data" = "IE5BAKEX" = "IEData" = "ImgBurn" = ImgBurn "InstallShield Uninstall Information" = "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0 "LHTTSENG" = L&H TTS3000 British English "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MasterSplitter" = MasterSplitter Program "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "MobileOptionPack" = "Monkey's Audio_is1" = Monkey's Audio "MSI30a-KB884016" = "MSI30-Beta1" = "MSI30-Beta2" = "MSI30-KB884016" = "MSI30-RC1" = "MSI30-RC2" = "MSI31-Beta" = "MSI31-RC1" = "MSN Music Assistant" = MSN Music Assistant "Orbit_is1" = Orbit Downloader "PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0 "PCHealth" = "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8 "PROSet" = Intel® PRO Network Connections Drivers "QuickPar" = QuickPar 0.9 "ScenalyzerLive" = ScenalyzerLive (remove) "SchedulingAgent" = "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "Windows Live Safety scanner" = Windows Live Safety scanner "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.11 "WinZip" = WinZip "WMCSetup" = "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Zip Repair Pro_is1" = Zip Repair Pro ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30/06/2012 8:55:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0005d45f. Error - 30/06/2012 8:58:34 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x00107555. Error - 30/06/2012 8:58:59 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Error - 1/07/2012 10:56:59 AM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x000d62c1. Error - 1/07/2012 11:05:56 AM | Computer Name = NEW-TOY | Source = Application Hang | ID = 1002 Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/07/2012 8:40:22 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 1/07/2012 8:42:31 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:44:17 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:45:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:46:58 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:48:54 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:58:40 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. [ System Events ] Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%834 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%842 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%842 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%834 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%837 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%837 Error - 2/07/2012 9:43:07 AM | Computer Name = NEW-TOY | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 2/07/2012 9:43:11 AM | Computer Name = NEW-TOY | Source = NIC1394 | ID = 5002 Description = 1394 Net Adapter : Has determined that the adapter is not functioning properly. Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7024 Description = The V2i Protector service terminated with service-specific error 2147746132 (0x80040154). Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7001 Description = The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: %%0 Error - 2/07/2012 9:43:32 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: MpFilter Error - 2/07/2012 9:53:08 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070005 Error description: Access is denied. < End of report >
  18. colin0100
    nEED DTO GO SLEEP NOW.tHAKS mANIAC, LOVE YOU
  19. colin0100
    OTL Extras logfile created on: 2/07/2012 11:54:02 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = F:\ Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.71% Memory free 3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.82% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 45.54 Gb Free Space | 19.57% Space Free | Partition Type: NTFS Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.43% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 229.54 Gb Free Space | 24.64% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "enablefirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "27649:UDP" = 27649:UDP:*:Disabled:TorrentPort "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "enablefirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Call "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) "C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Disabled:Ad-Aware "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Disabled:SUPERAntiSpyware Alternate Start "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Disabled:SUPERAntiSpyware Professional "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1DF4AC80-F76B-42AE-A263-15D2313D4472}" = EPSON Easy Photo Print "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}" = D-Link DSL-302G Ethernet Diagnostics and USB Driver "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6 "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = "{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{62369F2F77534556AEF4C58152E3BDE5}" = "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.8.123 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0 "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008 "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3BE07E3-73B2-11D4-ABB6-004095009CCE}" = Morph Man 2000 Trial "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.10.208 "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7 "{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager "{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools "{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F90DA605-4E92-11D4-A319-00104BCAB4AB}" = "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "AddressBook" = "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0 "AdobeESD" = Adobe Download Manager 2.2 (Remove Only) "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Autodesk Express Viewer" = Autodesk Express Viewer "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "Branding" = "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Connection Manager" = "Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 "Digital Editions" = Adobe Digital Editions "DirectAnimation" = "DirectDrawEx" = "DVD Shrink_is1" = DVD Shrink 3.2 "DXM_Runtime" = "EPSON Printer and Utilities" = EPSON Printer Software "ESPR230 User's Guide" = ESPR230 User's Guide "FLVPlayer" = FLV Player 1.3.3 "Fontcore" = "Google Desktop" = Google Desktop Search "Google Updater" = Google Updater "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "ICW" = "IE4Data" = "IE5BAKEX" = "IEData" = "ImgBurn" = ImgBurn "InstallShield Uninstall Information" = "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0 "LHTTSENG" = L&H TTS3000 British English "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MasterSplitter" = MasterSplitter Program "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "MobileOptionPack" = "Monkey's Audio_is1" = Monkey's Audio "MSI30a-KB884016" = "MSI30-Beta1" = "MSI30-Beta2" = "MSI30-KB884016" = "MSI30-RC1" = "MSI30-RC2" = "MSI31-Beta" = "MSI31-RC1" = "MSN Music Assistant" = MSN Music Assistant "Orbit_is1" = Orbit Downloader "PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0 "PCHealth" = "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8 "PROSet" = Intel® PRO Network Connections Drivers "QuickPar" = QuickPar 0.9 "ScenalyzerLive" = ScenalyzerLive (remove) "SchedulingAgent" = "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "Windows Live Safety scanner" = Windows Live Safety scanner "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.11 "WinZip" = WinZip "WMCSetup" = "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Zip Repair Pro_is1" = Zip Repair Pro ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30/06/2012 8:55:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0005d45f. Error - 30/06/2012 8:58:34 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x00107555. Error - 30/06/2012 8:58:59 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Error - 1/07/2012 10:56:59 AM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x000d62c1. Error - 1/07/2012 11:05:56 AM | Computer Name = NEW-TOY | Source = Application Hang | ID = 1002 Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/07/2012 8:40:22 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 1/07/2012 8:42:31 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:44:17 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:45:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:46:58 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:48:54 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358. Error - 1/07/2012 8:58:40 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. [ System Events ] Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%834 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%842 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%842 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%834 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%837 Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x8007007f Error description: The specified procedure could not be found. Reason: %%837 Error - 2/07/2012 9:43:07 AM | Computer Name = NEW-TOY | Source = Print | ID = 19 Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error - 2/07/2012 9:43:11 AM | Computer Name = NEW-TOY | Source = NIC1394 | ID = 5002 Description = 1394 Net Adapter : Has determined that the adapter is not functioning properly. Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7024 Description = The V2i Protector service terminated with service-specific error 2147746132 (0x80040154). Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7001 Description = The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: %%0 Error - 2/07/2012 9:43:32 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: MpFilter Error - 2/07/2012 9:53:08 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070005 Error description: Access is denied. < End of report >
  20. colin0100
    IN ANTICIPATION. WILL DO THIS VIA MY fLASH DRIVE
  21. colin0100
    yes.
  22. colin0100
    On my laptop now My PC: On C dri there were 2 folders: ComboFix and Qoobox, no files in these folders. There waa a Book.bak. Now can not get to the internet in the way I have in the past (via Malwarebytes site. PC seems to be be frozen..I can log in to my user account, but then nothing respondes. When I did a tun off/on the Avira did an update. My PC is getting worse with all this Maniac, whatto do??? Thanmks Colin
  23. colin0100
    went to my PC...it was frozen, had to turn off/on. got to C:\ : 2 folders : ComboFix, would not open. Q00box (?) would not open and a file Boot.bak. That's all I can see on C drive.
  24. colin0100
    Maniac, re the message above, ComboFix is still not doing anything : BUT THE CURSOR is blinking.... Regards Colin
  25. colin0100
    Maniac, I was very tired last night.....but today managed to run.Could not get in to 'safe' made. I chose 'safe mode with network' and the screen displayed a lot of lines of data such as: multi disc partition (2) WINDOWS\system32\drivers\NDIS.sys. I had to turn the PC off and did a normal boot. Downloaded the ComboFix again and it ran....took a while...went through I think 50 stages, is now frozen on a message that it is creating a log file. (Sending this message via another PC.) It deleted a number of files and a couple of folders. Maniac, what is next.... Thanks again for your assistance. Colin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.