Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old March 23rd, 2012, 04:21 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
Infected

Ann Marie told me to post to here. She said my machine is infected. Here is my HJT
I did a full system scan with Norton 360 and it came up with no infections but I've never known Ann Marie to be wrong. So would you please check my HJT. My machine has been doing some strange things though.

Thank you
kuzzz

Processor: Intel(R) D CPU 3.33GHz
Memory: 2GIG
System type: 32-bit



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:49 AM, on 3/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dodi\Desktop\DOWNLOADS\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.1.8\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.1.8\IPS\IPSBHO.DLL
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.1.8\coIEPlg.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1576148616-1997340751-1519327759-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab55579.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab99160.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - http://games.ca.zone.msn.com/bingame...e.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames...n.cab64162.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\programdata\bitraider\BRSptSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Secunia PSI Agent - Secunia - F:\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - F:\PSI\sua.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8227 bytes
Reply With Quote


  #2  
Old March 24th, 2012, 12:16 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,433
Hello kuzzz,

Yes, malware is loading there. Let's get a more detailed look.


The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old March 24th, 2012, 04:18 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
I downloaded OTL and right clicked run as administrator and clicked allow and screen went blue full of text. at the bottom it said there was a crash dump and that windows had been shut down as to not cause damage. After about 5 minutes it started back up. i got the message windows has recovered from an unexpected shutdown. in the box it has
Files that help describe the problem:
c:\windows\minidump\mini032312-01.dump
c:\users\dodi\appdata\local\temp\WER-217246-0.sysdata.xml
c:\users\dodi\appdata\local\temp\WER21C2.tmp.versi on.txt

should I try running it again?

kuzzz
Reply With Quote
  #4  
Old March 25th, 2012, 01:08 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,433
Unusual for OTL to crash like that.

Please locate the following hilighted file(s), zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -kuzzz/cth/dmp" as the email Subject.

c:\windows\minidump\mini032312-01.dump


Instead of OTL right now, download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

But still try to do the other scans, and post those logs please.
Reply With Quote
  #5  
Old March 25th, 2012, 11:55 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
I emailed you the minidump file. I downloaded RSIT and ran it but when it was listing event logs I received this:
Line 8617 (File "C:\users\dodi\Dodi\Desktop\RSIT.exe"):
Error: The requested action with this object failed.

I am running GMER and will post when it is finished.

kuzzz
Reply With Quote
  #6  
Old March 26th, 2012, 12:16 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,433
I received the dump file, thanks. The process that crashed was WmiPrvSE.exe, which is used by applications for event monitoring, and the culprit was ataport.SYS, which I believe is a hard drive controller. Leans towards rootkit involvement there. The dump also shows Daemon Tools installed. It's rootkit drivers may cause our scan logs to show false readings, so be prepared to disable or uninstall it. But let's see what the other scans find.

For RSIT, check if it still didn't create a C:\rsit\log.txt log you can post here.
Reply With Quote
  #7  
Old March 26th, 2012, 02:29 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-25 17:30:06
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdePort0 WDC_WD1200JS-00NCB1 rev.10.02E02
Running: wc57eofy.exe; Driver: C:\Users\Dodi\AppData\Local\Temp\fgryapog.sys


---- System - GMER 1.0.15 ----

SSDT 86A92138 ZwAlertResumeThread
SSDT 86A92218 ZwAlertThread
SSDT 86A92B28 ZwAllocateVirtualMemory
SSDT 865B5220 ZwAlpcConnectPort
SSDT 86B13858 ZwAssignProcessToJobObject
SSDT 86B13E00 ZwCreateMutant
SSDT 866EF6E0 ZwCreateSymbolicLinkObject
SSDT 86A92FB0 ZwCreateThread
SSDT 86B13938 ZwDebugActiveProcess
SSDT 86A92CF8 ZwDuplicateObject
SSDT 86A92948 ZwFreeVirtualMemory
SSDT 86B13EF0 ZwImpersonateAnonymousToken
SSDT 86B13FD0 ZwImpersonateThread
SSDT 865B51A8 ZwLoadDriver
SSDT 86A92848 ZwMapViewOfSection
SSDT 86B13D20 ZwOpenEvent
SSDT 86A92E98 ZwOpenProcess
SSDT 86A92C18 ZwOpenProcessToken
SSDT 86B13B60 ZwOpenSection
SSDT 86A92DC8 ZwOpenThread
SSDT 86B13768 ZwProtectVirtualMemory
SSDT 86A922F8 ZwResumeThread
SSDT 86A92598 ZwSetContextThread
SSDT 86A92678 ZwSetInformationProcess
SSDT 86B13A18 ZwSetSystemInformation
SSDT 86B13C40 ZwSuspendProcess
SSDT 86A923D8 ZwSuspendThread
SSDT 86BDE128 ZwTerminateProcess
SSDT 86A924B8 ZwTerminateThread
SSDT 86A92768 ZwUnmapViewOfSection
SSDT 86A92A38 ZwWriteVirtualMemory
SSDT 86BDECC8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 826C88A0 8 Bytes [38, 21, A9, 86, 18, 22, A9, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826C88B4 4 Bytes [28, 2B, A9, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 826C88C0 4 Bytes [20, 52, 5B, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 826C8914 4 Bytes [58, 38, B1, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826C8978 4 Bytes [00, 3E, B1, 86] {ADD [ESI], BH; MOV CL, 0x86}
.text ...

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SRTSP@Start 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{EFB686EB-4D6B-7085-78C6-B5815EB1D3FD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{EFB686EB-4D6B-7085-78C6-B5815EB1D3FD}@handambkjfjihlpa 0x69 0x61 0x62 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{EFB686EB-4D6B-7085-78C6-B5815EB1D3FD}@iahechehlhimdchceg 0x63 0x61 0x67 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{EFB686EB-4D6B-7085-78C6-B5815EB1D3FD}@iadejoapdddangljmf 0x69 0x61 0x62 0x64 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #8  
Old March 26th, 2012, 02:30 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
i dont use the daemon, my ex put it on my machine just never got around to taking it off
Reply With Quote
  #9  
Old March 26th, 2012, 02:34 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
i finally got it to run:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dodi at 2012-03-25 18:32:25
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 36 GB (34%) free of 106 GB
Total RAM: 2045 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:32:45 PM, on 3/25/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Users\Dodi\Desktop\RSIT.exe
C:\Program Files\trend micro\Dodi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1576148616-1997340751-1519327759-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\ Roaming\Apple Computer\Apple Computer\hmlxkn.dll",DllRegisterServer (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab55579.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab99160.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - http://games.ca.zone.msn.com/bingame...e.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames...n.cab64162.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\programdata\bitraider\BRSptSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Secunia PSI Agent - Secunia - F:\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - F:\PSI\sua.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7768 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\SpywareBot Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dodi\AppData\Roaming\Mozilla\Firefox\Prof iles\vxna18j9.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://startpage.com/"
prefs.js - "extensions.enabledItems" - "npmozax31@real.com:3.1, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, DeviceDetection@logitech.com:1.20.0.66, foxmarks@kei.com:3.9.5, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86, {a0729639-d831-46c9-811b-9b0aa79fb45a}:2.7.2.0, {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5, personas@christopher.beard:1.6.2, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0, {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\ v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\
"fmdownloader@gmail.com"=F:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\Brow serRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe. com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32. dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.c om/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.c om/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.c om/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.c om/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.c om/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Micros oft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@micros oft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Win dows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia .com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia .com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandon etworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nppl3260;version=15.0.2.72]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/npracplug;version=1.0.0.0]
"Description"=Scriptable Plugin for RealArcade
"Path"=C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nprjplug;version=15.0.2.72]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nprpchromebrowserrecordext;version=15.0.2.72]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecor dPlugin\MozillaPlugins\nprpchromebrowserrecordext. dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nprphtml5videoshim;version=15.0.2.72]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecor dPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nprpjplug;version=15.0.2.72]
"Description"=15.0.2.72
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.c om/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realar cade.com/RAClient]
"Description"=RealArcade Client Plugin 1.00
"Path"=C:\ProgramData\RealArcade\npraclient.dl l

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools. google.com/Google Update;version=3]
"Description"=Google Update
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools. google.com/Google Update;version=9]
"Description"=Google Update
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videol an.org/vlc,version=2.0.0]
"Description"=VLC Multimedia Plugin
"Path"=F:\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
npmozax31@real.com
npmozax@real.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npDivxPlayerPlugin.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npraclient.dll
nprjplug.dll
nprpjplug.dll
nsIDivxPlayerPlugin.xpt
nsiqtscriptableplugin.xpt
nsjsrealplayerplugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Dodi\AppData\Roaming\Mozilla\Firefox\Prof iles\vxna18j9.default\extensions\
DeviceDetection@logitech.com
personas@christopher.beard
{a0729639-d831-46c9-811b-9b0aa79fb45a}

C:\Users\Dodi\AppData\Roaming\Mozilla\Firefox\Prof iles\vxna18j9.default\searchplugins\
bing-zugo.xml
searchya.xml
startpage-https.xml
startpage-ssl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll [2012-03-02 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll [2012-03-09 499640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-23 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-23 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll [2012-03-09 499640]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Gadwin PrintScreen 3.1"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-26 1073152]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-15 17145992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
C:\Windows\BBStore\DSS\dssagent.exe [1998-11-24 546304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-26 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2009-06-17 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfx update.exe [2004-08-10 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities]
F:\Norton Utilities 14\rmtray.exe [2009-09-14 279912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PureText]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe [2010-09-15 913412]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\real\realplayer\Update\realsched.exe [2012-03-02 296056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]
C:\Windows\system32\config\system [2012-03-25 25427968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-07-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
F:\PSI\psi_tray.exe [2011-01-10 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dodi^AppData ^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SMR210]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=255
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=i420vfw.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.divxa32"=divxa32.acm
"msacm.lhacm"=lhacm.acm
"msacm.siren"=sirenacm.dll
"msacm.sl_anet"=sl_anet.acm
"msacm.vorbis"=vorbis.acm
"vidc.wmv3"=wmv9vcm.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux7"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - edit -
.reg - open - regedit.exe %1
.txt - open - "C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe" "%1"

======List of files/folders created in the last 1 month======

2012-03-25 15:30:43 ----D---- C:\rsit
2012-03-25 00:05:10 ----ASH---- C:\hiberfil.sys
2012-03-24 03:20:57 ----SHD---- C:\Config.Msi
2012-03-23 20:17:34 ----A---- C:\Windows\system32\win32k.sys
2012-03-23 20:17:33 ----A---- C:\Windows\system32\DWrite.dll
2012-03-23 20:17:33 ----A---- C:\Windows\system32\d3d10warp.dll
2012-03-23 20:17:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-03-23 20:17:33 ----A---- C:\Windows\system32\d2d1.dll
2012-03-23 20:17:32 ----A---- C:\Windows\system32\d3d10_1.dll
2012-03-23 20:15:54 ----A---- C:\Windows\system32\rdpencom.dll
2012-03-23 20:15:54 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-23 19:30:53 ----D---- C:\Program Files\Common Files\Java
2012-03-23 19:29:33 ----A---- C:\Windows\system32\javaws.exe
2012-03-23 19:29:33 ----A---- C:\Windows\system32\javaw.exe
2012-03-23 19:29:33 ----A---- C:\Windows\system32\java.exe
2012-03-23 17:55:12 ----A---- C:\Users\Dodi\AppData\Roaming\SMRBackup250.dat
2012-03-21 13:44:43 ----D---- C:\Users\Dodi\AppData\Roaming\Audacity
2012-03-05 09:44:32 ----RD---- C:\Program Files\Skype
2012-03-05 09:44:32 ----D---- C:\Program Files\Common Files\Skype
2012-03-02 15:56:00 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-02 15:55:59 ----A---- C:\Windows\system32\jscript.dll
2012-03-02 15:55:59 ----A---- C:\Windows\system32\iertutil.dll
2012-03-02 15:55:58 ----A---- C:\Windows\system32\wininet.dll
2012-03-02 15:55:58 ----A---- C:\Windows\system32\url.dll
2012-03-02 15:55:58 ----A---- C:\Windows\system32\jscript9.dll
2012-03-02 15:55:58 ----A---- C:\Windows\system32\ieui.dll
2012-03-02 15:55:57 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-02 15:55:56 ----A---- C:\Windows\system32\mshtml.dll
2012-03-02 15:55:55 ----A---- C:\Windows\system32\ieframe.dll
2012-03-02 15:55:54 ----A---- C:\Windows\system32\urlmon.dll
2012-03-02 15:44:01 ----A---- C:\Windows\system32\tzres.dll
2012-03-02 15:43:54 ----A---- C:\Windows\system32\winsrv.dll
2012-03-02 15:43:53 ----A---- C:\Windows\system32\winhttp.dll
2012-03-02 15:43:53 ----A---- C:\Windows\system32\schannel.dll
2012-03-02 15:43:53 ----A---- C:\Windows\system32\lsasrv.dll
2012-03-02 15:43:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-03-02 15:43:52 ----A---- C:\Windows\system32\secur32.dll
2012-03-02 15:43:52 ----A---- C:\Windows\system32\lsass.exe
2012-03-02 15:43:50 ----A---- C:\Windows\system32\packager.dll
2012-03-02 15:43:49 ----A---- C:\Windows\system32\XpsPrint.dll
2012-03-02 15:43:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2012-03-02 15:43:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2012-03-02 15:43:25 ----A---- C:\Windows\system32\quartz.dll
2012-03-02 15:43:25 ----A---- C:\Windows\system32\qdvd.dll
2012-03-02 15:43:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-02 15:43:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-03-02 15:43:20 ----A---- C:\Windows\system32\kernel32.dll
2012-03-02 15:43:18 ----A---- C:\Windows\system32\ntdll.dll
2012-03-02 15:43:17 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-03-02 15:43:15 ----A---- C:\Windows\system32\msvcrt.dll
2012-03-02 15:43:14 ----A---- C:\Windows\system32\winmm.dll
2012-03-02 15:43:14 ----A---- C:\Windows\system32\mciseq.dll
2012-03-02 15:43:13 ----A---- C:\Windows\system32\EncDec.dll
2012-03-02 15:43:12 ----A---- C:\Windows\system32\csrsrv.dll
2012-03-02 15:36:35 ----D---- C:\Program Files\Common Files\xing shared

======List of files/folders modified in the last 1 month======

2012-03-25 18:32:41 ----D---- C:\Windows\Temp
2012-03-25 18:32:30 ----D---- C:\Program Files\Trend Micro
2012-03-25 18:30:11 ----D---- C:\Users\Dodi\AppData\Roaming\Skype
2012-03-25 18:06:25 ----D---- C:\Windows\System32
2012-03-25 18:06:25 ----D---- C:\Windows\inf
2012-03-25 18:06:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-25 17:59:08 ----D---- C:\ProgramData\NVIDIA
2012-03-25 15:17:51 ----D---- C:\Windows\Minidump
2012-03-25 14:31:41 ----SHD---- C:\System Volume Information
2012-03-25 00:44:49 ----D---- C:\Windows\Prefetch
2012-03-25 00:39:22 ----D---- C:\Windows\Microsoft.NET
2012-03-25 00:39:21 ----RSD---- C:\Windows\assembly
2012-03-25 00:15:40 ----HD---- C:\ProgramData
2012-03-24 23:17:51 ----A---- C:\Windows\ntbtlog.txt
2012-03-24 09:24:22 ----D---- C:\Windows\system32\drivers
2012-03-24 03:33:49 ----D---- C:\Windows\winsxs
2012-03-24 03:33:06 ----SHD---- C:\Windows\Installer
2012-03-24 03:33:02 ----D---- C:\ProgramData\Microsoft Help
2012-03-24 03:31:44 ----D---- C:\Windows
2012-03-24 03:29:21 ----D---- C:\Windows\Debug
2012-03-24 03:29:16 ----A---- C:\Windows\system32\mrt.exe
2012-03-24 03:28:57 ----D---- C:\Windows\system32\catroot
2012-03-24 03:21:13 ----D---- C:\Program Files\Common Files\microsoft shared
2012-03-23 20:39:10 ----AD---- C:\ProgramData\TEMP
2012-03-23 20:17:22 ----D---- C:\Windows\system32\catroot2
2012-03-23 20:11:20 ----D---- C:\Windows\system32\Tasks
2012-03-23 20:04:36 ----D---- C:\Windows\system32\drivers\N360
2012-03-23 19:30:53 ----D---- C:\Program Files\Common Files
2012-03-23 19:29:02 ----A---- C:\Windows\system32\deployJava1.dll
2012-03-23 18:57:48 ----D---- C:\Program Files\NortonInstaller
2012-03-23 18:57:43 ----RD---- C:\Program Files
2012-03-23 18:50:40 ----D---- C:\Windows\system32\drivers\etc
2012-03-23 17:54:01 ----D---- C:\ProgramData\NortonInstaller
2012-03-23 14:51:00 ----D---- C:\Program Files\Symantec
2012-03-21 14:32:13 ----D---- C:\Program Files\Mozilla Firefox
2012-03-19 08:53:05 ----D---- C:\Users\Dodi\AppData\Roaming\vlc
2012-03-13 10:08:06 ----SD---- C:\Windows\Downloaded Program Files
2012-03-12 21:11:30 ----D---- C:\Windows\pss
2012-03-12 17:13:58 ----D---- C:\ProgramData\bitraider
2012-03-12 14:14:40 ----D---- C:\Windows\system32\config
2012-03-12 11:57:48 ----D---- C:\Windows\system32\sysprep
2012-03-05 09:44:31 ----D---- C:\ProgramData\Skype
2012-03-02 20:58:40 ----D---- C:\Windows\rescache
2012-03-02 20:03:00 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-02 19:58:25 ----D---- C:\Windows\AppPatch
2012-03-02 19:58:23 ----RSD---- C:\Windows\Fonts
2012-03-02 19:58:19 ----D---- C:\Windows\system32\migration
2012-03-02 19:58:16 ----D---- C:\Program Files\Internet Explorer
2012-03-02 19:58:08 ----D---- C:\Windows\system32\en-US
2012-03-02 15:46:53 ----D---- C:\Program Files\Common Files\System
2012-03-02 15:35:43 ----A---- C:\Windows\system32\rmoc3260.dll
2012-03-02 15:34:31 ----A---- C:\Windows\system32\pndx5032.dll
2012-03-02 15:34:30 ----A---- C:\Windows\system32\pndx5016.dll
2012-03-02 15:34:03 ----A---- C:\Windows\system32\msvcr71.dll
2012-03-02 15:34:03 ----A---- C:\Windows\system32\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-03-07 43528]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0601020.00A\SYMDS .SYS [2011-08-15 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0601020.00A\SYMEF A.SYS [2011-11-23 905336]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20 120317.002\BHDrvx86.sys [2012-03-02 820856]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360\0601020.00A\ccSet x86.sys [2011-11-04 132744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-02-03 374392]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\F:\HWiNFO32\HWiNFO32.SYS [2010-09-30 20088]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\201 20323.002\IDSvix86.sys [2012-03-06 368248]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0601020.00A\SRTSP X.SYS [2011-11-23 32888]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2011-11-23 35960]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0601020.00A\Ironx 86.SYS [2011-11-16 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0601020.00A\SYMTD IV.SYS [2011-11-16 345208]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-14 106104]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\2 0120324.019\NAVENG.SYS [2012-02-14 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\2 0120324.019\NAVEX15.SYS [2012-02-14 1576312]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-10-15 10327360]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP .SYS [2011-11-23 574584]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-03-23 141944]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2007-11-24 685816]
S3 BRDriver;BRDriver; \??\C:\programdata\bitraider\BRDriver.sys [2011-10-01 61312]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [2009-01-26 21248]
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [2009-01-26 20096]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-16 138232]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 Secunia PSI Agent;Secunia PSI Agent; F:\PSI\PSIA.exe [2011-01-10 993848]
R2 Secunia Update Agent;Secunia Update Agent; F:\PSI\sua.exe [2011-01-10 399416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S3 BRSptSvc;BitRaider Mini-Support Service; C:\programdata\bitraider\BRSptSvc.exe [2011-10-01 794984]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Frame work\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
Reply With Quote
  #10  
Old March 26th, 2012, 06:00 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
info.txt logfile of random's system information tool 1.09 2012-03-25 15:32:01

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
3D Ten Thousand-->C:\3dtentho\UNWISE.EXE C:\3dtentho\INSTALL.LOG
7-Zip 4.65-->"C:\7-Zip\Uninstall.exe"
AC3File 0.7b-->"C:\Program Files\AC3File\unins000.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_A ctiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11g_P lugin.exe -maintain plugin
Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ATT-PRT22-->C:\PROGRA~1\ATT-PR~2\UNWISE.EXE C:\PROGRA~1\ATT-PR~2\INSTALL.LOG
Audacity 2.0-->"F:\Audacity\unins000.exe"
Avination Viewer-->F:\AVINATION VIEWER\uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bejeweled 3-->F:\Gamehouse Games\Bejeweled 3\PopUninstall.exe "F:\Gamehouse Games\Bejeweled 3\Install.log"
BitRaider Web Client-->C:\programdata\bitraider\brwc.exe -brremoveclient
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Chatango Message Catcher-->"C:\Program Files\Chatango\uninstall.exe"
Corel Painter Photo Essentials 4-->MsiExec.exe /I{707EB912-C597-49D8-9460-46CC9AB03EBE}
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
diskMETA-Lite 1.0.1 (remove only)-->"F:\se_archive\diskMETA 101L\uninst\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DrawPlus 3.0-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu"
Duplicate Cleaner 2.1b-->F:\DUPLICATE FILE FINDER\Duplicate Cleaner\uninst.exe
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
Error Messages for Windows-->C:\Windows\SDUnInst.exe k:\software by design\mswinerr.uni
EULAlyzer 2.0-->"C:\Program Files\EULAlyzer\unins000.exe"
Express Burn Disc Burning Software-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
ffdshow [rev 2583] [2009-01-05]-->"C:\Program Files\ffdshow\unins000.exe"
Firebird 2.1.0.16780 (Win32)-->"C:\Program Files\Firebird\Firebird_2_1\unins000.exe"
Firebird 2.1.3.18185 (Win32)-->"C:\Program Files\Firebird\Firebird_2_1\unins001.exe"
Firestorm-Release (remove only)-->"F:\Firestorm-Release\uninst.exe"
Freemake Video Downloader-->"F:\Freemake\Freemake Video Downloader\Uninstall\unins000.exe"
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
GIMP 2.6.11-->"F:\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.34.0.1190-->"F:\Glary Utilities\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HWiNFO32 Version 3.62-->"F:\HWiNFO32\unins000.exe"
iMesh-->"C:\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\iMesh_V11_en_Setup.exe" REMOVE=TRUE MODIFY=FALSE
iMesh-->C:\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\iMesh_V11_en_Setup.exe
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
JongPuzzle-->F:\Gamehouse Games\JongPuzzle\uninstall.exe
Just Great Software EditPad Lite 6.4.2-->C:\Windows\UnDeployV.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
MeggieSoft Games Compendium-->"C:\GAMES\MeggieSoft Games\unins000.exe"
METAbolt-->MsiExec.exe /I{B30E8CF8-0BC8-4327-9F05-BE32645240CA}
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox 11.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI to redistribute MS VS2005 CRT libraries-->MsiExec.exe /I{A8D93648-9F7F-407D-915C-62044644C3DA}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\6.1.2.10\InstStub.exe /X /ARP
Norton Utilities-->"F:\Norton Utilities 14\unins000.exe" /Log
NVIDIA 3D Vision Controller Driver 285.62-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",Unins tallPackage Display.NVIRUSB
NVIDIA 3D Vision Controller Driver-->"C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA 3D Vision Driver 285.62-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",Unins tallPackage Display.3DVision
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Graphics Driver 285.62-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",Unins tallPackage Display.Driver
NVIDIA PhysX System Software 9.11.0621-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",Unins tallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Update 1.5.20-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",Unins tallPackage Display.Update
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PC Wizard 2007.1.73-->"C:\Program Files\PC Wizard 2007\unins000.exe"
Phoenix Viewer 1.5.2.1185-->"F:\Phoenix Viewer\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RC_Vista.exe-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
RecordPad Sound Recorder-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
SCRABBLE-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-scrabble.rguninst" "AddRemove"
Secunia PSI (2.0.0.3001)-->"F:\PSI\uninstall.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Skype™ 5.8-->MsiExec.exe /X{1845470B-EB14-4ABC-835B-E36C693DC07D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SU BSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.inf
Sothink Video Converter-->"f:\Sothink Video Converter\unins000.exe"
StartNow Toolbar-->C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
Super Collapse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\supercollapse .rguninst" "AddRemove"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Print Shop-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\THEPRI~1\DeIsL2.isu" -c"C:\PROGRA~1\BRODER~1\THEPRI~1\psfinst.dll"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {91E130AA-C37F-42D8-9D5D-397B3416A7F2}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC media player 2.0.0-->F:\VLC\uninstall.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Web Site Downloader 3.x-->"F:\WEBSITE DOWNLOADER\Web Site Downloader\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Hosts File Missing
======Security center information======

AV: Kaspersky Anti-Virus (disabled)
AV: Norton 360
FW: Norton 360
AS: AVG Anti-Spyware (disabled)
AS: SpywareBot (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: Norton 360

======System event log======

Computer Name: EMACHINE
Event Code: 1048
Message: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.
Record Number: 489283
Source Name: Microsoft-Windows-TerminalServices-LocalSessionManager
Time Written: 20110603141510.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 4
Message: Driver detected an internal error in its data structures for .
Record Number: 489263
Source Name: sptd
Time Written: 20110603141202.685607-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
sptd
Record Number: 489206
Source Name: Service Control Manager
Time Written: 20110601221254.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 1048
Message: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.
Record Number: 489148
Source Name: Microsoft-Windows-TerminalServices-LocalSessionManager
Time Written: 20110601221249.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 4
Message: Driver detected an internal error in its data structures for .
Record Number: 489129
Source Name: sptd
Time Written: 20110601221031.670007-000
Event Type: Error
User:

=====Application event log=====

Computer Name: EMACHINE
Event Code: 1002
Message: The program imprudence.exe version 1.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 15dc Start Time: 01cbd1338ad8787f Termination Time: 145
Record Number: 81259
Source Name: Application Hang
Time Written: 20110220211418.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ef9cb3f-89e3-41e8-b688-567a32939a3b}
Record Number: 81254
Source Name: VSS
Time Written: 20110220182131.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 1002
Message: The program psi.exe version 1.5.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c10 Start Time: 01cbcfed30fcf02f Termination Time: 4118
Record Number: 81252
Source Name: Application Hang
Time Written: 20110220045142.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 1002
Message: The program PhoenixViewer.exe version 1.5.2.908 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1324 Start Time: 01cbd09064b21a0f Termination Time: 0
Record Number: 81251
Source Name: Application Hang
Time Written: 20110220045124.000000-000
Event Type: Error
User:

Computer Name: EMACHINE
Event Code: 1008
Message: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Record Number: 81250
Source Name: Microsoft-Windows-Perflib
Time Written: 20110219235623.000000-000
Event Type: Error
User:
Reply With Quote
  #11  
Old March 26th, 2012, 06:55 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-25 22:33:26
-----------------------------
22:33:26.389 OS Version: Windows 6.0.6002 Service Pack 2
22:33:26.389 Number of processors: 1 586 0x604
22:33:26.404 ComputerName: EMACHINE UserName: Dodi
22:33:32.457 Initialize success
22:33:57.012 AVAST engine defs: 12032501
22:34:14.889 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3
22:34:14.889 Disk 0 Vendor: WDC_WD200EB-00CPF0 06.04G06 Size: 19092MB BusType: 3
22:34:14.889 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
22:34:14.905 Disk 1 Vendor: WDC_WD1200JS-00NCB1 10.02E02 Size: 114473MB BusType: 3
22:34:14.936 Disk 1 MBR read successfully
22:34:14.936 Disk 1 MBR scan
22:34:14.983 Disk 1 MBR:Alureon-M [Rtk]
22:34:14.998 Disk 1 TDL4@MBR code has been found
22:34:14.998 Disk 1 Windows VISTA default MBR code found via API
22:34:14.998 Disk 1 MBR hidden
22:34:15.030 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 8565 MB offset 63
22:34:15.045 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 105905 MB offset 17543168
22:34:15.061 Disk 1 MBR [TDL4] **ROOTKIT**
22:34:15.061 Disk 1 trace - called modules:
22:34:15.076 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8610149f]<<
22:34:15.076 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8592f7c8]
22:34:15.092 3 CLASSPNP.SYS[88fa88b3] -> nt!IofCallDriver -> [0x84e4f958]
22:34:15.092 5 acpi.sys[82c9c6bc] -> nt!IofCallDriver -> [0x84e61b98]
22:34:15.108 \Driver\atapi[0x85b4d520] -> IRP_MJ_CREATE -> 0x8610149f
22:34:15.778 AVAST engine scan C:\Windows
22:34:21.285 AVAST engine scan C:\Windows\system32
22:38:35.362 AVAST engine scan C:\Windows\system32\drivers
22:38:52.429 AVAST engine scan C:\Users\Dodi
22:51:45.612 Disk 1 MBR has been saved successfully to "C:\Users\Dodi\Desktop\MBR.dat"
22:51:45.627 The log file has been saved successfully to "C:\Users\Dodi\Desktop\aswMBR.txt"
Reply With Quote
  #12  
Old March 27th, 2012, 12:11 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
i also looked in my add/remove list and Daemon Tools isn't listed there. would i need to just find the files and delete them?
Reply With Quote
  #13  
Old March 27th, 2012, 01:29 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,433
No, it usually has an uninstall through Start - All Programs - Daemon Tools. But for now, do the following. The logs due show a bootkit/rootkit infection still.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download DeFogger to your desktop.

Double click DeFogger to run the tool.

Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

When the 'Finished!' message appears just click OK.

DeFogger will now ask to reboot the machine - click OK.

DeFogger will create a defogger_disable log on your desktop - post this in your next reply please.

Note: Do not re-enable these drivers until otherwise instructed.

--------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot. It likely will shows a Reboot Now button - if so, use it.

-----------

After that reboot, Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #14  
Old March 27th, 2012, 11:40 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
02:33:49.0033 4852 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
02:33:51.0037 4852 ================================================== ==========
02:33:51.0037 4852 Current date / time: 2012/03/27 02:33:51.0036
02:33:51.0037 4852 SystemInfo:
02:33:51.0037 4852
02:33:51.0037 4852 OS Version: 6.0.6002 ServicePack: 2.0
02:33:51.0037 4852 Product type: Workstation
02:33:51.0037 4852 ComputerName: EMACHINE
02:33:51.0037 4852 UserName: Dodi
02:33:51.0038 4852 Windows directory: C:\Windows
02:33:51.0038 4852 System windows directory: C:\Windows
02:33:51.0038 4852 Processor architecture: Intel x86
02:33:51.0038 4852 Number of processors: 1
02:33:51.0038 4852 Page size: 0x1000
02:33:51.0038 4852 Boot type: Normal boot
02:33:51.0038 4852 ================================================== ==========
02:33:55.0087 4852 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:33:55.0116 4852 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:33:55.0121 4852 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:33:55.0604 4852 \Device\Harddisk1\DR1:
02:33:55.0613 4852 MBR used
02:33:55.0613 4852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10BAF05
02:33:55.0613 4852 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x10BB000, BlocksNum 0xCED8800
02:33:55.0613 4852 \Device\Harddisk0\DR0:
02:33:55.0613 4852 MBR used
02:33:55.0613 4852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
02:33:55.0613 4852 \Device\Harddisk2\DR2:
02:33:55.0614 4852 MBR used
02:33:55.0614 4852 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
02:33:55.0701 4852 Initialize success
02:33:55.0701 4852 ================================================== ==========
02:34:05.0674 5212 ================================================== ==========
02:34:05.0675 5212 Scan started
02:34:05.0675 5212 Mode: Manual;
02:34:05.0675 5212 ================================================== ==========
02:34:08.0491 5212 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:34:08.0497 5212 ACPI - ok
02:34:08.0734 5212 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:34:08.0735 5212 AdobeARMservice - ok
02:34:08.0852 5212 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:34:08.0869 5212 adp94xx - ok
02:34:08.0896 5212 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:34:08.0911 5212 adpahci - ok
02:34:08.0947 5212 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:34:08.0949 5212 adpu160m - ok
02:34:08.0967 5212 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:34:08.0972 5212 adpu320 - ok
02:34:09.0024 5212 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
02:34:09.0025 5212 AeLookupSvc - ok
02:34:09.0092 5212 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:34:09.0099 5212 AFD - ok
02:34:09.0126 5212 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:34:09.0128 5212 agp440 - ok
02:34:09.0295 5212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:34:09.0308 5212 aic78xx - ok
02:34:09.0418 5212 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
02:34:09.0428 5212 ALG - ok
02:34:09.0473 5212 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
02:34:09.0474 5212 aliide - ok
02:34:09.0504 5212 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:34:09.0506 5212 amdagp - ok
02:34:09.0535 5212 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
02:34:09.0536 5212 amdide - ok
02:34:09.0562 5212 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:34:09.0564 5212 AmdK7 - ok
02:34:09.0586 5212 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:34:09.0588 5212 AmdK8 - ok
02:34:09.0645 5212 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
02:34:09.0646 5212 Appinfo - ok
02:34:09.0664 5212 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:34:09.0666 5212 arc - ok
02:34:09.0683 5212 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:34:09.0728 5212 arcsas - ok
02:34:09.0811 5212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:34:09.0812 5212 AsyncMac - ok
02:34:09.0892 5212 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:34:09.0893 5212 atapi - ok
02:34:10.0079 5212 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:34:10.0113 5212 AudioEndpointBuilder - ok
02:34:10.0126 5212 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:34:10.0132 5212 Audiosrv - ok
02:34:10.0201 5212 avipbb (c132c2f16a99c0ead91c600bb81a31f0) C:\Windows\system32\DRIVERS\avipbb.sys
02:34:10.0203 5212 avipbb - ok
02:34:10.0266 5212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:34:10.0268 5212 Beep - ok
02:34:10.0425 5212 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
02:34:10.0430 5212 BFE - ok
02:34:10.0680 5212 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20 120317.002\BHDrvx86.sys
02:34:10.0706 5212 BHDrvx86 - ok
02:34:10.0789 5212 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
02:34:10.0814 5212 BITS - ok
02:34:10.0871 5212 blbdrive - ok
02:34:10.0978 5212 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
02:34:10.0987 5212 Bonjour Service - ok
02:34:11.0056 5212 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:34:11.0058 5212 bowser - ok
02:34:11.0125 5212 BRDriver (b9dda31f6dc2229882d141b9a1d1057e) C:\programdata\bitraider\BRDriver.sys
02:34:11.0129 5212 BRDriver - ok
02:34:11.0353 5212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:34:11.0354 5212 BrFiltLo - ok
02:34:11.0376 5212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:34:11.0378 5212 BrFiltUp - ok
02:34:11.0435 5212 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
02:34:11.0437 5212 Browser - ok
02:34:11.0468 5212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:34:11.0471 5212 Brserid - ok
02:34:11.0490 5212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:34:11.0492 5212 BrSerWdm - ok
02:34:11.0575 5212 BRSptSvc (125fc827ae4f2d2582b6afec7f092c2d) C:\programdata\bitraider\BRSptSvc.exe
02:34:11.0601 5212 BRSptSvc - ok
02:34:11.0660 5212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:34:11.0669 5212 BrUsbMdm - ok
02:34:11.0684 5212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:34:11.0686 5212 BrUsbSer - ok
02:34:11.0714 5212 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:34:11.0716 5212 BTHMODEM - ok
02:34:11.0922 5212 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0601020.00A\ccSet x86.sys
02:34:11.0927 5212 ccSet_N360 - ok
02:34:12.0108 5212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:34:12.0110 5212 cdfs - ok
02:34:12.0153 5212 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:34:12.0177 5212 cdrom - ok
02:34:12.0220 5212 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:34:12.0222 5212 CertPropSvc - ok
02:34:12.0284 5212 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:34:12.0286 5212 circlass - ok
02:34:12.0358 5212 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:34:12.0363 5212 CLFS - ok
02:34:12.0507 5212 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
02:34:12.0511 5212 clr_optimization_v2.0.50727_32 - ok
02:34:12.0577 5212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
02:34:12.0580 5212 clr_optimization_v4.0.30319_32 - ok
02:34:12.0649 5212 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
02:34:12.0652 5212 cmdide - ok
02:34:12.0682 5212 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
02:34:12.0683 5212 Compbatt - ok
02:34:12.0708 5212 COMSysApp - ok
02:34:12.0746 5212 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:34:12.0747 5212 crcdisk - ok
02:34:12.0769 5212 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:34:12.0772 5212 Crusoe - ok
02:34:12.0948 5212 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
02:34:12.0951 5212 CryptSvc - ok
02:34:13.0027 5212 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:34:13.0045 5212 DcomLaunch - ok
02:34:13.0098 5212 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:34:13.0102 5212 DfsC - ok
02:34:13.0175 5212 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
02:34:13.0179 5212 Dhcp - ok
02:34:13.0218 5212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:34:13.0220 5212 disk - ok
02:34:13.0298 5212 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
02:34:13.0300 5212 Dnscache - ok
02:34:13.0389 5212 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
02:34:13.0393 5212 dot3svc - ok
02:34:13.0487 5212 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
02:34:13.0490 5212 DPS - ok
02:34:13.0592 5212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:34:13.0593 5212 drmkaud - ok
02:34:13.0686 5212 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:34:13.0725 5212 DXGKrnl - ok
02:34:14.0033 5212 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
02:34:14.0044 5212 E100B - ok
02:34:14.0101 5212 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:34:14.0105 5212 E1G60 - ok
02:34:14.0161 5212 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
02:34:14.0164 5212 EapHost - ok
02:34:14.0228 5212 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:34:14.0233 5212 Ecache - ok
02:34:14.0355 5212 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:34:14.0535 5212 eeCtrl - ok
02:34:14.0739 5212 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:34:14.0851 5212 elxstor - ok
02:34:15.0072 5212 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
02:34:15.0089 5212 EMDMgmt - ok
02:34:15.0208 5212 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:34:15.0210 5212 EraserUtilRebootDrv - ok
02:34:15.0302 5212 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
02:34:15.0310 5212 EventSystem - ok
02:34:15.0435 5212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:34:15.0439 5212 exfat - ok
02:34:15.0506 5212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:34:15.0510 5212 fastfat - ok
02:34:15.0653 5212 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
02:34:15.0654 5212 fdc - ok
02:34:15.0725 5212 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
02:34:15.0727 5212 fdPHost - ok
02:34:15.0808 5212 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
02:34:15.0809 5212 FDResPub - ok
02:34:15.0869 5212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:34:15.0870 5212 FileInfo - ok
02:34:15.0926 5212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:34:15.0928 5212 Filetrace - ok
02:34:16.0006 5212 FirebirdGuardianDefaultInstance (b9963c336a2bf054520dc09ce7c81476) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
02:34:16.0009 5212 FirebirdGuardianDefaultInstance - ok
02:34:16.0180 5212 FirebirdServerDefaultInstance (db8ee43c90536a07d4ba481079ae214c) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
02:34:16.0257 5212 FirebirdServerDefaultInstance - ok
02:34:16.0335 5212 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
02:34:16.0336 5212 flpydisk - ok
02:34:16.0498 5212 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:34:16.0504 5212 FltMgr - ok
02:34:16.0591 5212 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
02:34:16.0615 5212 FontCache - ok
02:34:16.0754 5212 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
02:34:16.0756 5212 FontCache3.0.0.0 - ok
02:34:16.0824 5212 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:34:16.0825 5212 Fs_Rec - ok
02:34:16.0882 5212 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:34:16.0884 5212 gagp30kx - ok
02:34:17.0015 5212 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
02:34:17.0032 5212 gpsvc - ok
02:34:17.0091 5212 gupdate - ok
02:34:17.0116 5212 gupdatem - ok
02:34:17.0242 5212 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
02:34:17.0248 5212 HdAudAddService - ok
02:34:17.0399 5212 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:34:17.0415 5212 HDAudBus - ok
02:34:17.0444 5212 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:34:17.0445 5212 HidBth - ok
02:34:17.0477 5212 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:34:17.0479 5212 HidIr - ok
02:34:17.0553 5212 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
02:34:17.0555 5212 hidserv - ok
02:34:17.0595 5212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:34:17.0597 5212 HidUsb - ok
02:34:17.0652 5212 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
02:34:17.0655 5212 hkmsvc - ok
02:34:17.0710 5212 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:34:17.0712 5212 HpCISSs - ok
02:34:17.0845 5212 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
02:34:17.0870 5212 HSF_DPV - ok
02:34:17.0897 5212 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
02:34:17.0905 5212 HSXHWBS2 - ok
02:34:17.0973 5212 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
02:34:17.0990 5212 HTTP - ok
02:34:18.0090 5212 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) F:\HWiNFO32\HWiNFO32.SYS
02:34:18.0091 5212 HWiNFO32 - ok
02:34:18.0289 5212 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:34:18.0290 5212 i2omp - ok
02:34:18.0353 5212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:34:18.0355 5212 i8042prt - ok
02:34:18.0380 5212 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:34:18.0397 5212 iaStorV - ok
02:34:18.0606 5212 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:34:18.0671 5212 idsvc - ok
02:34:19.0227 5212 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\201 20324.004\IDSvix86.sys
02:34:19.0342 5212 IDSVix86 - ok
02:34:19.0635 5212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:34:19.0637 5212 iirsp - ok
02:34:19.0709 5212 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
02:34:19.0726 5212 IKEEXT - ok
02:34:19.0790 5212 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:34:19.0792 5212 intelide - ok
02:34:19.0883 5212 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:34:19.0884 5212 intelppm - ok
02:34:19.0935 5212 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
02:34:19.0944 5212 IPBusEnum - ok
02:34:19.0996 5212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:34:19.0998 5212 IpFilterDriver - ok
02:34:20.0037 5212 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
02:34:20.0041 5212 iphlpsvc - ok
02:34:20.0052 5212 IpInIp - ok
02:34:20.0086 5212 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:34:20.0089 5212 IPMIDRV - ok
02:34:20.0147 5212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:34:20.0149 5212 IPNAT - ok
02:34:20.0199 5212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:34:20.0200 5212 IRENUM - ok
02:34:20.0316 5212 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:34:20.0318 5212 isapnp - ok
02:34:20.0414 5212 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:34:20.0419 5212 iScsiPrt - ok
02:34:20.0491 5212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:34:20.0493 5212 iteatapi - ok
02:34:20.0520 5212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:34:20.0522 5212 iteraid - ok
02:34:20.0580 5212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:34:20.0590 5212 kbdclass - ok
02:34:20.0640 5212 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:34:20.0643 5212 kbdhid - ok
02:34:20.0693 5212 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:34:20.0695 5212 KeyIso - ok
02:34:20.0794 5212 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:34:20.0811 5212 KSecDD - ok
02:34:20.0927 5212 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
02:34:21.0020 5212 KtmRm - ok
02:34:21.0230 5212 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\Windows\system32\DRIVERS\L8042Kbd.sys
02:34:21.0231 5212 L8042Kbd - ok
02:34:21.0278 5212 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
02:34:21.0282 5212 LanmanServer - ok
02:34:21.0362 5212 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
02:34:21.0368 5212 LanmanWorkstation - ok
02:34:21.0508 5212 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
02:34:21.0512 5212 LBTServ - ok
02:34:21.0559 5212 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:34:21.0560 5212 LHidFilt - ok
02:34:21.0625 5212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:34:21.0627 5212 lltdio - ok
02:34:21.0710 5212 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
02:34:21.0719 5212 lltdsvc - ok
02:34:21.0764 5212 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
02:34:21.0768 5212 lmhosts - ok
02:34:21.0809 5212 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:34:21.0811 5212 LMouFilt - ok
02:34:22.0027 5212 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:34:22.0030 5212 LSI_FC - ok
02:34:22.0069 5212 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:34:22.0072 5212 LSI_SAS - ok
02:34:22.0105 5212 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:34:22.0107 5212 LSI_SCSI - ok
02:34:22.0145 5212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:34:22.0147 5212 luafv - ok
02:34:22.0200 5212 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\Windows\system32\Drivers\LUsbFilt.Sys
02:34:22.0201 5212 LUsbFilt - ok
02:34:22.0342 5212 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files\Common Files\Motive\McciCMService.exe
02:34:22.0350 5212 McciCMService - ok
02:34:22.0449 5212 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:34:22.0464 5212 MDM - ok
02:34:22.0638 5212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:34:22.0639 5212 mdmxsdk - ok
02:34:22.0714 5212 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:34:22.0716 5212 megasas - ok
02:34:22.0775 5212 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:34:22.0777 5212 MMCSS - ok
02:34:22.0844 5212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:34:22.0845 5212 Modem - ok
02:34:22.0901 5212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:34:22.0902 5212 monitor - ok
02:34:22.0959 5212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:34:22.0961 5212 mouclass - ok
02:34:23.0003 5212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:34:23.0004 5212 mouhid - ok
02:34:23.0070 5212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:34:23.0087 5212 MountMgr - ok
02:34:23.0295 5212 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:34:23.0297 5212 mpio - ok
02:34:23.0350 5212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:34:23.0352 5212 mpsdrv - ok
02:34:23.0413 5212 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
02:34:23.0431 5212 MpsSvc - ok
02:34:23.0465 5212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:34:23.0466 5212 Mraid35x - ok
02:34:23.0624 5212 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\Program Files\Common Files\Motive\MREMP50.sys
02:34:23.0625 5212 MREMP50 - ok
02:34:23.0638 5212 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\Program Files\Common Files\Motive\MRESP50.sys
02:34:23.0639 5212 MRESP50 - ok
02:34:23.0699 5212 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:34:23.0702 5212 MRxDAV - ok
02:34:23.0758 5212 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:34:23.0760 5212 mrxsmb - ok
02:34:23.0938 5212 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:34:23.0942 5212 mrxsmb10 - ok
02:34:23.0996 5212 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:34:23.0998 5212 mrxsmb20 - ok
02:34:24.0057 5212 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
02:34:24.0060 5212 msahci - ok
02:34:24.0095 5212 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:34:24.0097 5212 msdsm - ok
02:34:24.0154 5212 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
02:34:24.0159 5212 MSDTC - ok
02:34:24.0332 5212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:34:24.0334 5212 Msfs - ok
02:34:24.0397 5212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:34:24.0399 5212 msisadrv - ok
02:34:24.0451 5212 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
02:34:24.0455 5212 MSiSCSI - ok
02:34:24.0466 5212 msiserver - ok
02:34:24.0531 5212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:34:24.0533 5212 MSKSSRV - ok
02:34:24.0611 5212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:34:24.0612 5212 MSPCLOCK - ok
02:34:24.0792 5212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:34:24.0794 5212 MSPQM - ok
02:34:24.0856 5212 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:34:24.0860 5212 MsRPC - ok
02:34:24.0901 5212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:34:24.0902 5212 mssmbios - ok
02:34:24.0918 5212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:34:24.0920 5212 MSTEE - ok
02:34:24.0990 5212 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:34:24.0992 5212 Mup - ok
02:34:25.0197 5212 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
02:34:25.0201 5212 N360 - ok
02:34:25.0250 5212 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
02:34:25.0258 5212 napagent - ok
02:34:25.0409 5212 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:34:25.0412 5212 NativeWifiP - ok
02:34:25.0643 5212 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\2 0120326.019\NAVENG.SYS
02:34:25.0646 5212 NAVENG - ok
02:34:25.0835 5212 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\2 0120326.019\NAVEX15.SYS
02:34:25.0986 5212 NAVEX15 - ok
02:34:26.0053 5212 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:34:26.0069 5212 NDIS - ok
02:34:26.0128 5212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:34:26.0130 5212 NdisTapi - ok
02:34:26.0357 5212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:34:26.0358 5212 Ndisuio - ok
02:34:26.0411 5212 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:34:26.0414 5212 NdisWan - ok
02:34:26.0477 5212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:34:26.0479 5212 NDProxy - ok
02:34:26.0533 5212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:34:26.0535 5212 NetBIOS - ok
02:34:26.0595 5212 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:34:26.0598 5212 netbt - ok
02:34:26.0664 5212 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:34:26.0667 5212 Netlogon - ok
02:34:26.0761 5212 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
02:34:26.0767 5212 Netman - ok
02:34:26.0826 5212 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
02:34:26.0831 5212 netprofm - ok
02:34:26.0997 5212 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:34:27.0000 5212 NetTcpPortSharing - ok
02:34:27.0062 5212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:34:27.0088 5212 nfrd960 - ok
02:34:27.0370 5212 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
02:34:27.0387 5212 NlaSvc - ok
02:34:27.0501 5212 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:34:27.0503 5212 Npfs - ok
02:34:27.0569 5212 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
02:34:27.0572 5212 nsi - ok
02:34:27.0627 5212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:34:27.0629 5212 nsiproxy - ok
02:34:27.0715 5212 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:34:27.0742 5212 Ntfs - ok
02:34:27.0802 5212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:34:27.0840 5212 ntrigdigi - ok
02:34:28.0021 5212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:34:28.0023 5212 Null - ok
02:34:28.0374 5212 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:34:28.0624 5212 nvlddmkm - ok
02:34:28.0699 5212 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:34:28.0703 5212 nvraid - ok
02:34:28.0733 5212 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
02:34:28.0735 5212 nvstor - ok
02:34:28.0884 5212 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
02:34:28.0916 5212 nvsvc - ok
02:34:29.0223 5212 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:34:29.0281 5212 nvUpdatusService - ok
02:34:29.0484 5212 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:34:29.0487 5212 nv_agp - ok
02:34:29.0520 5212 NwlnkFlt - ok
02:34:29.0537 5212 NwlnkFwd - ok
02:34:29.0641 5212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:34:29.0658 5212 odserv - ok
02:34:29.0711 5212 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
02:34:29.0713 5212 ohci1394 - ok
02:34:29.0818 5212 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:34:29.0918 5212 ose - ok
02:34:30.0073 5212 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:34:30.0098 5212 p2pimsvc - ok
02:34:30.0130 5212 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:34:30.0139 5212 p2psvc - ok
02:34:30.0224 5212 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
02:34:30.0227 5212 Parport - ok
02:34:30.0307 5212 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:34:30.0309 5212 partmgr - ok
02:34:30.0329 5212 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
02:34:30.0330 5212 Parvdm - ok
02:34:30.0378 5212 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
02:34:30.0384 5212 PcaSvc - ok
02:34:30.0423 5212 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:34:30.0427 5212 pci - ok
02:34:30.0576 5212 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
02:34:30.0580 5212 pciide - ok
02:34:30.0602 5212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:34:30.0607 5212 pcmcia - ok
02:34:30.0651 5212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:34:30.0675 5212 PEAUTH - ok
02:34:30.0781 5212 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
02:34:30.0840 5212 pla - ok
02:34:30.0903 5212 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
02:34:30.0920 5212 PlugPlay - ok
02:34:31.0023 5212 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:34:31.0031 5212 PNRPAutoReg - ok
02:34:31.0054 5212 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:34:31.0062 5212 PNRPsvc - ok
02:34:31.0116 5212 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
02:34:31.0135 5212 PolicyAgent - ok
02:34:31.0197 5212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:34:31.0199 5212 PptpMiniport - ok
02:34:31.0346 5212 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:34:31.0348 5212 Processor - ok
02:34:31.0442 5212 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
02:34:31.0447 5212 ProfSvc - ok
02:34:31.0503 5212 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:34:31.0506 5212 ProtectedStorage - ok
02:34:31.0555 5212 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
02:34:31.0564 5212 ProtexisLicensing - ok
02:34:31.0629 5212 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:34:31.0631 5212 PSched - ok
02:34:31.0704 5212 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
02:34:31.0706 5212 PSI - ok
02:34:31.0767 5212 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
02:34:31.0768 5212 PxHelp20 - ok
02:34:31.0817 5212 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:34:31.0865 5212 ql2300 - ok
02:34:31.0910 5212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b)
Reply With Quote
  #15  
Old March 27th, 2012, 11:41 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 32-bit
Location: california
Posts: 1,311
C:\Windows\system32\drivers\ql40xx.sys
02:34:31.0913 5212 ql40xx - ok
02:34:31.0999 5212 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
02:34:32.0015 5212 QWAVE - ok
02:34:32.0062 5212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:34:32.0064 5212 QWAVEdrv - ok
02:34:32.0109 5212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:34:32.0110 5212 RasAcd - ok
02:34:32.0165 5212 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
02:34:32.0171 5212 RasAuto - ok
02:34:32.0333 5212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:34:32.0336 5212 Rasl2tp - ok
02:34:32.0397 5212 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
02:34:32.0403 5212 RasMan - ok
02:34:32.0454 5212 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:34:32.0456 5212 RasPppoe - ok
02:34:32.0527 5212 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:34:32.0530 5212 RasSstp - ok
02:34:32.0592 5212 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:34:32.0597 5212 rdbss - ok
02:34:32.0653 5212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:34:32.0655 5212 RDPCDD - ok
02:34:32.0715 5212 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:34:32.0720 5212 rdpdr - ok
02:34:32.0773 5212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:34:32.0774 5212 RDPENCDD - ok
02:34:32.0829 5212 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
02:34:32.0833 5212 RDPWD - ok
02:34:32.0914 5212 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
02:34:32.0917 5212 RemoteAccess - ok
02:34:32.0964 5212 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
02:34:32.0969 5212 RemoteRegistry - ok
02:34:33.0039 5212 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
02:34:33.0041 5212 RpcLocator - ok
02:34:33.0106 5212 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:34:33.0113 5212 RpcSs - ok
02:34:33.0156 5212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:34:33.0158 5212 rspndr - ok
02:34:33.0210 5212 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:34:33.0213 5212 SamSs - ok
02:34:33.0341 5212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:34:33.0343 5212 sbp2port - ok
02:34:33.0393 5212 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
02:34:33.0398 5212 SCardSvr - ok
02:34:33.0452 5212 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
02:34:33.0468 5212 Schedule - ok
02:34:33.0540 5212 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:34:33.0541 5212 SCPolicySvc - ok
02:34:33.0588 5212 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
02:34:33.0590 5212 SCREAMINGBDRIVER - ok
02:34:33.0651 5212 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
02:34:33.0657 5212 SDRSVC - ok
02:34:33.0707 5212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:34:33.0708 5212 secdrv - ok
02:34:33.0776 5212 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
02:34:33.0779 5212 seclogon - ok
02:34:33.0839 5212 Secunia PSI Agent - ok
02:34:33.0852 5212 Secunia Update Agent - ok
02:34:33.0972 5212 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
02:34:33.0975 5212 SENS - ok
02:34:34.0094 5212 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
02:34:34.0097 5212 Serenum - ok
02:34:34.0228 5212 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
02:34:34.0270 5212 Serial - ok
02:34:34.0466 5212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:34:34.0468 5212 sermouse - ok
02:34:34.0551 5212 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
02:34:34.0556 5212 SessionEnv - ok
02:34:34.0597 5212 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
02:34:34.0599 5212 sffdisk - ok
02:34:34.0634 5212 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:34:34.0635 5212 sffp_mmc - ok
02:34:34.0663 5212 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
02:34:34.0665 5212 sffp_sd - ok
02:34:34.0682 5212 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:34:34.0683 5212 sfloppy - ok
02:34:34.0737 5212 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
02:34:34.0763 5212 SharedAccess - ok
02:34:34.0855 5212 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
02:34:34.0871 5212 ShellHWDetection - ok
02:34:34.0935 5212 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:34:34.0937 5212 sisagp - ok
02:34:34.0971 5212 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:34:34.0976 5212 SiSRaid2 - ok
02:34:35.0020 5212 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:34:35.0023 5212 SiSRaid4 - ok
02:34:35.0207 5212 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
02:34:35.0297 5212 slsvc - ok
02:34:35.0341 5212 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
02:34:35.0347 5212 SLUINotify - ok
02:34:35.0399 5212 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:34:35.0403 5212 Smb - ok
02:34:35.0474 5212 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
02:34:35.0478 5212 SNMPTRAP - ok
02:34:35.0678 5212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:34:35.0682 5212 spldr - ok
02:34:35.0744 5212 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
02:34:35.0751 5212 Spooler - ok
02:34:35.0838 5212 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys
02:34:35.0855 5212 sptd - ok
02:34:35.0982 5212 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP .SYS
02:34:36.0007 5212 SRTSP - ok
02:34:36.0050 5212 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\N360\0601020.00A\SRTSP X.SYS
02:34:36.0052 5212 SRTSPX - ok
02:34:36.0135 5212 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:34:36.0143 5212 srv - ok
02:34:36.0193 5212 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:34:36.0199 5212 srv2 - ok
02:34:36.0266 5212 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:34:36.0269 5212 srvnet - ok
02:34:36.0304 5212 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
02:34:36.0309 5212 SSDPSRV - ok
02:34:36.0461 5212 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\Windows\system32\DRIVERS\ssmdrv.sys
02:34:36.0463 5212 ssmdrv - ok
02:34:36.0545 5212 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
02:34:36.0549 5212 SstpSvc - ok
02:34:36.0700 5212 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:34:36.0716 5212 Stereo Service - ok
02:34:36.0787 5212 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
02:34:36.0806 5212 stisvc - ok
02:34:36.0872 5212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:34:36.0874 5212 swenum - ok
02:34:36.0975 5212 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
02:34:37.0008 5212 swprv - ok
02:34:37.0177 5212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:34:37.0179 5212 Symc8xx - ok
02:34:37.0283 5212 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0601020.00A\SYMDS .SYS
02:34:37.0307 5212 SymDS - ok
02:34:37.0355 5212 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0601020.00A\SYMEF A.SYS
02:34:37.0380 5212 SymEFA - ok
02:34:37.0436 5212 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
02:34:37.0440 5212 SymEvent - ok
02:34:37.0529 5212 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
02:34:37.0531 5212 SymIM - ok
02:34:37.0589 5212 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0601020.00A\Ironx 86.SYS
02:34:37.0594 5212 SymIRON - ok
02:34:37.0649 5212 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0601020.00A\SYMTD IV.SYS
02:34:37.0654 5212 SYMTDIv - ok
02:34:37.0672 5212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:34:37.0676 5212 Sym_hi - ok
02:34:37.0692 5212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:34:37.0694 5212 Sym_u3 - ok
02:34:37.0797 5212 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
02:34:37.0814 5212 SysMain - ok
02:34:37.0971 5212 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
02:34:37.0988 5212 TabletInputService - ok
02:34:38.0051 5212 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
02:34:38.0057 5212 TapiSrv - ok
02:34:38.0113 5212 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
02:34:38.0118 5212 TBS - ok
02:34:38.0248 5212 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
02:34:38.0272 5212 Tcpip - ok
02:34:38.0334 5212 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
02:34:38.0340 5212 Tcpip6 - ok
02:34:38.0410 5212 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:34:38.0411 5212 tcpipreg - ok
02:34:38.0473 5212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:34:38.0475 5212 TDPIPE - ok
02:34:38.0537 5212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:34:38.0539 5212 TDTCP - ok
02:34:38.0569 5212 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:34:38.0572 5212 tdx - ok
02:34:38.0615 5212 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:34:38.0617 5212 TermDD - ok
02:34:38.0679 5212 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
02:34:38.0695 5212 TermService - ok
02:34:38.0735 5212 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
02:34:38.0742 5212 Themes - ok
02:34:38.0890 5212 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:34:38.0892 5212 THREADORDER - ok
02:34:38.0995 5212 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
02:34:39.0004 5212 TrkWks - ok
02:34:39.0174 5212 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
02:34:39.0177 5212 TrustedInstaller - ok
02:34:39.0254 5212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:34:39.0256 5212 tssecsrv - ok
02:34:39.0299 5212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:34:39.0456 5212 tunmp - ok
02:34:39.0489 5212 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:34:39.0491 5212 tunnel - ok
02:34:39.0547 5212 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:34:39.0582 5212 uagp35 - ok
02:34:39.0638 5212 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:34:39.0643 5212 udfs - ok
02:34:39.0702 5212 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
02:34:39.0707 5212 UI0Detect - ok
02:34:39.0739 5212 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:34:39.0741 5212 uliagpkx - ok
02:34:39.0795 5212 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:34:39.0800 5212 uliahci - ok
02:34:39.0828 5212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:34:39.0838 5212 UlSata - ok
02:34:39.0884 5212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:34:39.0964 5212 ulsata2 - ok
02:34:40.0043 5212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:34:40.0047 5212 umbus - ok
02:34:40.0204 5212 Updater Service for StartNow Toolbar (70eb41a4417ba0aa36ae12bf2b4d98f6) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
02:34:40.0266 5212 Updater Service for StartNow Toolbar - ok
02:34:40.0501 5212 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
02:34:40.0512 5212 upnphost - ok
02:34:40.0581 5212 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
02:34:40.0583 5212 usbaudio - ok
02:34:40.0640 5212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:34:40.0644 5212 usbccgp - ok
02:34:40.0667 5212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:34:40.0670 5212 usbcir - ok
02:34:40.0704 5212 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:34:40.0706 5212 usbehci - ok
02:34:40.0743 5212 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:34:40.0747 5212 usbhub - ok
02:34:40.0808 5212 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:34:40.0810 5212 usbohci - ok
02:34:40.0885 5212 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:34:40.0888 5212 usbprint - ok
02:34:40.0982 5212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:34:40.0984 5212 usbscan - ok
02:34:41.0081 5212 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:34:41.0083 5212 USBSTOR - ok
02:34:41.0143 5212 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:34:41.0146 5212 usbuhci - ok
02:34:41.0203 5212 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
02:34:41.0207 5212 UxSms - ok
02:34:41.0271 5212 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
02:34:41.0287 5212 vds - ok
02:34:41.0324 5212 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
02:34:41.0326 5212 vga - ok
02:34:41.0384 5212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:34:41.0388 5212 VgaSave - ok
02:34:41.0415 5212 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:34:41.0419 5212 viaagp - ok
02:34:41.0452 5212 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:34:41.0454 5212 ViaC7 - ok
02:34:41.0485 5212 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
02:34:41.0487 5212 viaide - ok
02:34:41.0546 5212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:34:41.0549 5212 volmgr - ok
02:34:41.0607 5212 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:34:41.0614 5212 volmgrx - ok
02:34:41.0715 5212 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:34:41.0719 5212 volsnap - ok
02:34:41.0780 5212 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:34:41.0783 5212 vsmraid - ok
02:34:41.0881 5212 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
02:34:41.0915 5212 VSS - ok
02:34:41.0982 5212 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
02:34:41.0995 5212 W32Time - ok
02:34:42.0051 5212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:34:42.0053 5212 WacomPen - ok
02:34:42.0118 5212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:42.0120 5212 Wanarp - ok
02:34:42.0128 5212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:42.0129 5212 Wanarpv6 - ok
02:34:42.0199 5212 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
02:34:42.0216 5212 wcncsvc - ok
02:34:42.0324 5212 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
02:34:42.0329 5212 WcsPlugInService - ok
02:34:42.0429 5212 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:34:42.0431 5212 Wd - ok
02:34:42.0494 5212 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:34:42.0510 5212 Wdf01000 - ok
02:34:42.0572 5212 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:34:42.0576 5212 WdiServiceHost - ok
02:34:42.0591 5212 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:34:42.0595 5212 WdiSystemHost - ok
02:34:42.0661 5212 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
02:34:42.0669 5212 WebClient - ok
02:34:42.0733 5212 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
02:34:42.0746 5212 Wecsvc - ok
02:34:42.0803 5212 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
02:34:42.0808 5212 wercplsupport - ok
02:34:42.0941 5212 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
02:34:42.0947 5212 WerSvc - ok
02:34:43.0073 5212 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
02:34:43.0102 5212 winachsf - ok
02:34:43.0251 5212 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
02:34:43.0256 5212 WinDefend - ok
02:34:43.0269 5212 WinHttpAutoProxySvc - ok
02:34:43.0368 5212 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
02:34:43.0371 5212 Winmgmt - ok
02:34:43.0523 5212 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
02:34:43.0564 5212 WinRM - ok
02:34:43.0649 5212 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
02:34:43.0665 5212 Wlansvc - ok
02:34:43.0760 5212 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
02:34:43.0762 5212 WmiAcpi - ok
02:34:43.0939 5212 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
02:34:43.0942 5212 wmiApSrv - ok
02:34:44.0106 5212 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:34:44.0130 5212 WMPNetworkSvc - ok
02:34:44.0334 5212 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
02:34:44.0341 5212 WPCSvc - ok
02:34:44.0462 5212 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
02:34:44.0467 5212 WPDBusEnum - ok
02:34:44.0565 5212 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:34:44.0567 5212 WpdUsb - ok
02:34:44.0756 5212 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
02:34:44.0780 5212 WPFFontCache_v0400 - ok
02:34:44.0935 5212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:34:44.0937 5212 ws2ifsl - ok
02:34:45.0064 5212 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
02:34:45.0070 5212 wscsvc - ok
02:34:45.0219 5212 WSearch - ok
02:34:45.0351 5212 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
02:34:45.0926 5212 wuauserv - ok
02:34:46.0280 5212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:34:46.0293 5212 WUDFRd - ok
02:34:46.0346 5212 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
02:34:46.0354 5212 wudfsvc - ok
02:34:46.0523 5212 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
02:34:46.0545 5212 XAudio - ok
02:34:46.0640 5212 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
02:34:46.0693 5212 XAudioService - ok
02:34:46.0782 5212 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk1\DR1
02:34:46.0820 5212 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
02:34:46.0820 5212 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
02:34:46.0827 5212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:34:47.0295 5212 \Device\Harddisk0\DR0 - ok
02:34:47.0765 5212 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR2
02:34:47.0777 5212 \Device\Harddisk2\DR2 - ok
02:34:47.0802 5212 Boot (0x1200) (328e5cd29644aa15944306e81540a98d) \Device\Harddisk1\DR1\Partition0
02:34:47.0803 5212 \Device\Harddisk1\DR1\Partition0 - ok
02:34:47.0863 5212 Boot (0x1200) (8d4c72649abef52f6730f0537a34d409) \Device\Harddisk1\DR1\Partition1
02:34:47.0865 5212 \Device\Harddisk1\DR1\Partition1 - ok
02:34:47.0916 5212 Boot (0x1200) (a91a4f35474cee6e1b7ce93d9fb2039f) \Device\Harddisk0\DR0\Partition0
02:34:47.0918 5212 \Device\Harddisk0\DR0\Partition0 - ok
02:34:47.0976 5212 Boot (0x1200) (c14b367cac8aa165d4fc3296d3cebedd) \Device\Harddisk2\DR2\Partition0
02:34:48.0034 5212 \Device\Harddisk2\DR2\Partition0 - ok
02:34:48.0052 5212 ================================================== ==========
02:34:48.0052 5212 Scan finished
02:34:48.0052 5212 ================================================== ==========
02:34:49.0480 5092 Detected object count: 1
02:34:49.0480 5092 Actual detected object count: 1
02:37:38.0164 5092 \Device\Harddisk1\DR1\# - copied to quarantine
02:37:38.0165 5092 \Device\Harddisk1\DR1 - copied to quarantine
02:37:38.0191 5092 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
02:37:38.0201 5092 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
02:37:38.0206 5092 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
02:37:38.0212 5092 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
02:37:38.0218 5092 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
02:37:38.0229 5092 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
02:37:38.0237 5092 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
02:37:38.0242 5092 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
02:37:38.0246 5092 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
02:37:38.0250 5092 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
02:37:38.0255 5092 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
02:37:38.0260 5092 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
02:37:38.0262 5092 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Quarantine
02:38:00.0632 0988 Deinitialize success
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:15 AM.