also @ TechSpot: Adobe Creative Cloud apps now available; Photoshop CC includes new features

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

[A] Avast keeps giving me <malwere, rootkit, and trojan blocked>

Discussion in 'Virus and Malware Removal' started by megaboy1, Aug 16, 2012.

Page 2 of 3

Broni Malware Annihilator Posts: 40,051 +187

Post new aswMBR log.

Broni, Aug 19, 2012

#21
megaboy1 Newcomer, in training Posts: 59

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 20:50:49
-----------------------------
20:50:49.201 OS Version: Windows 6.1.7600
20:50:49.201 Number of processors: 4 586 0xF0B
20:50:49.202 ComputerName: 2ND_WINDOW-PC UserName: 2nd_Window
20:51:00.991 Initialize success
20:51:01.692 AVAST engine defs: 12081900
20:51:09.487 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2
20:51:09.489 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
20:51:09.493 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000072
20:51:09.495 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
20:51:09.499 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000073
20:51:09.502 Disk 2 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
20:51:09.534 Disk 2 MBR read successfully
20:51:09.537 Disk 2 MBR scan
20:51:09.542 Disk 2 Windows XP default MBR code
20:51:09.547 Disk 2 Partition 1 00 07 HPFS/NTFS NTFS 499999 MB offset 63
20:51:09.553 Disk 2 Partition - 00 0F Extended LBA 453859 MB offset 1023999165
20:51:09.574 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 453859 MB offset 1023999228
20:51:09.581 Disk 2 scanning sectors +1953504000
20:51:09.666 Disk 2 scanning C:\Windows\system32\drivers
20:51:18.375 Service scanning
20:51:39.823 Modules scanning
20:52:08.550 Module: C:\Windows\System32\user32.dll **SUSPICIOUS**
20:52:10.715 Disk 2 trace - called modules:
20:52:10.740 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
20:52:10.746 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x86e62030]
20:52:10.753 3 CLASSPNP.SYS[83bd559e] -> nt!IofCallDriver -> [0x8673ea38]
20:52:10.759 5 ACPI.sys[8b89e3b2] -> nt!IofCallDriver -> \Device\00000073[0x8673ec78]
20:52:12.405 AVAST engine scan C:\Windows
20:52:20.437 AVAST engine scan C:\Windows\system32
20:54:33.549 AVAST engine scan C:\Windows\system32\drivers
20:55:01.744 AVAST engine scan C:\Users\2nd_Window
20:57:03.689 File: C:\Users\2nd_Window\AppData\Local\Temp\~!#E0DE.tmp **INFECTED** Win32:Medfos-A [Trj]
20:57:15.111 File: C:\Users\2nd_Window\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5081d48-3d4f9e1b **INFECTED** Win32:Zbot-PEJ [Trj]
20:58:58.993 File: C:\Users\2nd_Window\AppData\Roaming\prolts.dll **INFECTED** Win32:Medfos-A [Trj]
21:39:58.029 Disk 2 MBR has been saved successfully to "C:\Users\2nd_Window\Desktop\MBR.dat"
21:39:58.056 The log file has been saved successfully to "C:\Users\2nd_Window\Desktop\aswMBR2.txt"

megaboy1, Aug 19, 2012

#22
Broni Malware Annihilator Posts: 40,051 +187

Post new FRST log.

In addition...

Re-run FRST again.
Type the following in the edit box after "Search:".

user32.dll

Click Search button and post the log (Search.txt) it makes in your reply.

Broni, Aug 19, 2012

#23
megaboy1 Newcomer, in training Posts: 59

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 18-08-2012
Ran by SYSTEM at 19-08-2012 22:42:54
Running from H:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-05] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-21] (RealNetworks, Inc.)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-02-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2008-10-13] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-02-28] (cyberlink)
HKLM\...\Run: [USADISK] C:\Program Files\USADISK\FsLauncher.exe [241664 2012-07-06] (USA DISK Inc.)
HKLM\...\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKU\2nd_Window\...\Run: [AdobeBridge] [x]
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser.2nd_Window-PC\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 64.71.255.198
Startup: C:\Users\2nd_Window\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
Startup: C:\Users\2nd_Window\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\2nd_Window\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Toon Boom Network Connections.lnk
ShortcutTarget: Toon Boom Network Connections.lnk -> C:\Program Files\Toon Boom Animation\Toon Boom Harmony 9.2\nt\bin\Toon Boom Harmony Network Connections.exe ()

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [95896 2008-12-12] (SiSoftware)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies)
2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6321016 2012-01-23] (Wacom Technology, Corp.)
2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [470904 2012-01-23] (Wacom Technology, Corp.)
2 USADISK_AGENT; C:\Program Files\USADISK\WEBHARD_Agent.exe /run USADISK_AGENT [155856 2011-06-13] ()
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

1 AMonTDLH; \??\C:\Windows\system32\Drivers\AMonTDLH.sys [90208 2011-05-26] (AhnLab, Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 CdmDrvNt; \??\C:\Windows\system32\Drivers\CdmDrvNt.sys [19616 2009-07-20] (AhnLab, Inc.)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2011-09-21] (CPUID)
3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-04-30] (DT Soft Ltd)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
3 JRSUKD25; \??\C:\Windows\system32\JRSUKD25.SYS [22480 2011-11-29] (Soft Security Corporation)
3 kcrtx86; \??\C:\Windows\system32\kcrtx86.sys [126048 2011-09-27] (Kings Information & Network)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-01] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-01] (Logitech, Inc.)
3 MfFWEnt; \??\C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [101368 2010-06-27] (AhnLab, Inc.)
3 MfIPSEnt; \??\C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [121536 2010-06-27] (AhnLab, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
3 scskusbf; C:\Windows\System32\drivers\scskusbf.sys [18696 2012-05-07] (SoftCamp)
3 scskusbs; C:\Windows\System32\drivers\scskusbs.sys [194792 2012-05-07] (SoftCamp)
0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-07-26] (AnchorFree Inc)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-02-28] (CyberLink Corp.)
3 ALSysIO; \??\C:\Users\2ND_WI~1\AppData\Local\Temp\ALSysIO.sys [x]
3 catchme; \??\C:\Users\2ND_WI~1\AppData\Local\Temp\catchme.sys [x]
3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-19 17:39 - 2012-08-19 17:39 - 00002652 ____A C:\Users\2nd_Window\Desktop\aswMBR2.txt
2012-08-19 14:23 - 2012-08-19 14:23 - 00000000 ____D C:\Users\2nd_Window\AppData\Roaming\.minecraft
2012-08-19 14:22 - 2012-08-19 14:22 - 00000000 ____D C:\Program Files\Oracle
2012-08-19 14:21 - 2012-07-05 18:06 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-19 14:21 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-19 14:06 - 2012-08-19 14:06 - 00893936 ____A (Oracle Corporation) C:\Users\2nd_Window\Desktop\jxpiinstall.exe
2012-08-19 13:44 - 2012-08-19 13:45 - 00000000 ___SD C:\ComboFix
2012-08-19 09:05 - 2012-08-19 09:05 - 00002091 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-19 09:05 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-19 09:05 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-19 09:05 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-19 09:05 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-19 09:05 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-19 09:05 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-19 09:04 - 2012-08-19 09:04 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-19 09:04 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-19 09:04 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-19 08:52 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-19 08:52 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-19 08:52 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-19 08:52 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-19 08:52 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-19 08:52 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-19 08:52 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-19 08:52 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-19 08:48 - 2012-08-19 08:52 - 00000000 ____D C:\Qoobox
2012-08-19 08:46 - 2012-08-19 08:46 - 04735580 ____R (Swearware) C:\Users\2nd_Window\Desktop\ComboFix.exe
2012-08-19 07:52 - 2012-08-19 07:52 - 89340632 ____A C:\Users\2nd_Window\Desktop\avast_free_antivirus_setup.exe
2012-08-19 07:18 - 2012-08-19 07:18 - 00001352 ____A C:\Users\2nd_Window\Documents\AutoHotkey.ahk
2012-08-19 06:10 - 2012-08-19 06:10 - 00000376 ____A C:\Users\2nd_Window\Desktop\fixlist.txt
2012-08-18 22:38 - 2009-08-19 20:50 - 00022872 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-08-18 20:17 - 2012-08-18 20:17 - 00000000 ____D C:\FRST
2012-08-18 15:34 - 2012-08-18 15:34 - 00000000 ____A C:\Users\2nd_Window\Desktop\New Text Document (2).txt
2012-08-18 15:11 - 2012-08-18 09:28 - 00897686 ____A (Farbar) C:\Users\2nd_Window\Desktop\FRST.exe
2012-08-18 11:56 - 2012-08-18 11:56 - 00001210 ____A C:\Users\2nd_Window\Desktop\Any Video Converter.lnk
2012-08-18 11:52 - 2012-08-18 11:56 - 00000000 ____D C:\Users\2nd_Window\AppData\Roaming\AnvSoft
2012-08-18 11:52 - 2012-08-18 11:52 - 29852304 ____A (Any-Video-Converter.com ) C:\Users\2nd_Window\Desktop\avc-free.exe
2012-08-18 11:52 - 2012-08-18 11:52 - 00001258 ____A C:\Users\2nd_Window\Desktop\Any Video Converter Ultimate.lnk
2012-08-18 11:51 - 2012-08-18 11:55 - 00000000 ____D C:\Program Files\AnvSoft
2012-08-18 11:49 - 2012-08-18 11:50 - 30455120 ____A (Any-Video-Converter.com ) C:\Users\2nd_Window\Desktop\avc-ultimate.exe
2012-08-17 20:45 - 2012-08-19 17:39 - 00000512 ____A C:\Users\2nd_Window\Desktop\MBR.dat
2012-08-17 20:45 - 2012-08-17 20:45 - 00002786 ____A C:\Users\2nd_Window\Desktop\aswMBR.txt
2012-08-17 20:06 - 2012-08-17 20:06 - 04731392 ____A (AVAST Software) C:\Users\2nd_Window\Desktop\aswMBR.exe
2012-08-17 20:04 - 2012-08-17 20:05 - 00003606 ____A C:\Users\2nd_Window\Desktop\Rkill.txt
2012-08-17 20:03 - 2012-08-17 20:03 - 01545120 ____A (Bleeping Computer, LLC) C:\Users\2nd_Window\Desktop\rkill.exe
2012-08-16 18:09 - 2012-08-16 18:09 - 01937260 ____A C:\Users\2nd_Window\Desktop\New Text Document.txt
2012-08-16 17:36 - 2012-08-16 17:36 - 00607260 ____R (Swearware) C:\Users\2nd_Window\Desktop\dds.com
2012-08-16 17:34 - 2012-08-16 18:36 - 00001409 ____A C:\Users\2nd_Window\Desktop\gmer.log
2012-08-16 16:01 - 2012-08-16 16:01 - 00302592 ____A C:\Users\2nd_Window\Desktop\82hdu87u.exe
2012-08-15 15:47 - 2012-08-15 15:47 - 00001083 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 15:47 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-15 15:46 - 2012-08-15 15:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\2nd_Window\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-14 10:03 - 2012-08-15 16:02 - 00000000 ____D C:\Users\All Users\6C82D124A26398738E1D86D34F147C45
2012-08-14 10:02 - 2012-08-14 10:02 - 00152064 __ASH C:\Users\2nd_Window\AppData\Roaming\prolts.dll
2012-08-07 09:32 - 2012-08-07 13:10 - 00011925 ____A C:\Users\2nd_Window\Desktop\Company Directories.xlsx
2012-08-06 07:56 - 2012-08-06 07:56 - 00000000 ____D C:\Users\2nd_Window\AppData\Local\cYo
2012-08-06 07:47 - 2012-08-06 07:54 - 11581288 ____A C:\Users\2nd_Window\Desktop\ComicRackSetup09155.exe
2012-08-05 12:45 - 2012-08-05 06:02 - 2587789312 ____A C:\Users\2nd_Window\Desktop\축구 남자 8강 대한민국 vs 영국 후반, 연장, 승부차기.120804.HDTV.x264.720p-HEAD.avi
2012-08-05 07:36 - 2012-08-05 06:16 - 1336045568 ____A C:\Users\2nd_Window\Desktop\축구 남자 8강 대한민국 vs 영국 전반.120804.HDTV.x264.720p-HEAD.avi
2012-08-04 10:35 - 2012-08-04 10:35 - 06955968 ____A (Microsoft Corporation) C:\Users\2nd_Window\Desktop\Silverlight.exe
2012-08-04 10:33 - 2012-08-04 10:33 - 06955968 ____A (Microsoft Corporation) C:\Users\2nd_Window\Downloads\Silverlight.exe
2012-08-01 16:26 - 2012-08-01 16:54 - 03591925 ____A C:\Users\2nd_Window\Desktop\BH_266.psd
2012-08-01 16:25 - 2012-08-01 16:41 - 04784596 ____A C:\Users\2nd_Window\Desktop\BH_275a.psd
2012-07-31 15:47 - 2012-07-31 15:47 - 01704389 ____A C:\Users\2nd_Window\Documents\human.ma
2012-07-31 15:46 - 2012-07-31 16:05 - 19884489 ____A C:\Users\2nd_Window\Documents\Waterdown.ma
2012-07-28 11:27 - 2012-07-28 11:27 - 00000759 ____A C:\Users\2nd_Window\Desktop\Icy Tower.lnk
2012-07-28 11:27 - 2012-07-28 11:27 - 00000000 ____D C:\games
2012-07-28 04:28 - 2012-07-28 04:28 - 00000000 ____D C:\Users\2nd_Window\AppData\Roaming\RealNetworks
2012-07-24 18:11 - 2012-07-24 18:11 - 00002091 ____A C:\Users\2nd_Window\Desktop\Aerial Fire.lnk
2012-07-24 18:11 - 2012-07-24 18:11 - 00000000 ____D C:\Program Files\FreeGamePick.com
2012-07-23 03:47 - 2012-07-23 19:37 - 01449684 ____A C:\Users\2nd_Window\Documents\face3.psd

============ 3 Months Modified Files ========================

2012-08-19 18:29 - 2012-06-21 09:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-19 18:29 - 2012-02-12 20:24 - 00050353 ____A C:\Windows\setupact.log
2012-08-19 18:29 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-19 18:26 - 2011-04-11 07:24 - 02061645 ____A C:\Windows\WindowsUpdate.log
2012-08-19 18:20 - 2012-06-21 09:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-19 17:39 - 2012-08-19 17:39 - 00002652 ____A C:\Users\2nd_Window\Desktop\aswMBR2.txt
2012-08-19 17:39 - 2012-08-17 20:45 - 00000512 ____A C:\Users\2nd_Window\Desktop\MBR.dat
2012-08-19 14:21 - 2012-03-07 11:28 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-19 14:21 - 2012-03-07 11:28 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-19 14:19 - 2012-02-12 20:23 - 00047532 ____A C:\Windows\PFRO.log
2012-08-19 14:06 - 2012-08-19 14:06 - 00893936 ____A (Oracle Corporation) C:\Users\2nd_Window\Desktop\jxpiinstall.exe
2012-08-19 09:20 - 2009-07-13 20:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-19 09:20 - 2009-07-13 20:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-19 09:05 - 2012-08-19 09:05 - 00002091 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-19 09:05 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-08-19 08:46 - 2012-08-19 08:46 - 04735580 ____R (Swearware) C:\Users\2nd_Window\Desktop\ComboFix.exe
2012-08-19 07:52 - 2012-08-19 07:52 - 89340632 ____A C:\Users\2nd_Window\Desktop\avast_free_antivirus_setup.exe
2012-08-19 07:18 - 2012-08-19 07:18 - 00001352 ____A C:\Users\2nd_Window\Documents\AutoHotkey.ahk
2012-08-19 06:10 - 2012-08-19 06:10 - 00000376 ____A C:\Users\2nd_Window\Desktop\fixlist.txt
2012-08-18 15:34 - 2012-08-18 15:34 - 00000000 ____A C:\Users\2nd_Window\Desktop\New Text Document (2).txt
2012-08-18 15:12 - 2010-12-22 13:35 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 11:56 - 2012-08-18 11:56 - 00001210 ____A C:\Users\2nd_Window\Desktop\Any Video Converter.lnk
2012-08-18 11:52 - 2012-08-18 11:52 - 29852304 ____A (Any-Video-Converter.com ) C:\Users\2nd_Window\Desktop\avc-free.exe
2012-08-18 11:52 - 2012-08-18 11:52 - 00001258 ____A C:\Users\2nd_Window\Desktop\Any Video Converter Ultimate.lnk
2012-08-18 11:50 - 2012-08-18 11:49 - 30455120 ____A (Any-Video-Converter.com ) C:\Users\2nd_Window\Desktop\avc-ultimate.exe
2012-08-18 09:28 - 2012-08-18 15:11 - 00897686 ____A (Farbar) C:\Users\2nd_Window\Desktop\FRST.exe
2012-08-17 20:45 - 2012-08-17 20:45 - 00002786 ____A C:\Users\2nd_Window\Desktop\aswMBR.txt
2012-08-17 20:06 - 2012-08-17 20:06 - 04731392 ____A (AVAST Software) C:\Users\2nd_Window\Desktop\aswMBR.exe
2012-08-17 20:05 - 2012-08-17 20:04 - 00003606 ____A C:\Users\2nd_Window\Desktop\Rkill.txt
2012-08-17 20:03 - 2012-08-17 20:03 - 01545120 ____A (Bleeping Computer, LLC) C:\Users\2nd_Window\Desktop\rkill.exe
2012-08-16 18:36 - 2012-08-16 17:34 - 00001409 ____A C:\Users\2nd_Window\Desktop\gmer.log
2012-08-16 18:09 - 2012-08-16 18:09 - 01937260 ____A C:\Users\2nd_Window\Desktop\New Text Document.txt
2012-08-16 17:37 - 2011-07-20 17:38 - 00360448 __ASH C:\Users\2nd_Window\Documents\Thumbs.db
2012-08-16 17:36 - 2012-08-16 17:36 - 00607260 ____R (Swearware) C:\Users\2nd_Window\Desktop\dds.com
2012-08-16 16:01 - 2012-08-16 16:01 - 00302592 ____A C:\Users\2nd_Window\Desktop\82hdu87u.exe
2012-08-15 15:47 - 2012-08-15 15:47 - 00001083 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-15 15:46 - 2012-08-15 15:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\2nd_Window\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-15 13:13 - 2012-06-21 09:53 - 00002302 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-14 10:02 - 2012-08-14 10:02 - 00152064 __ASH C:\Users\2nd_Window\AppData\Roaming\prolts.dll
2012-08-07 13:10 - 2012-08-07 09:32 - 00011925 ____A C:\Users\2nd_Window\Desktop\Company Directories.xlsx
2012-08-06 07:54 - 2012-08-06 07:47 - 11581288 ____A C:\Users\2nd_Window\Desktop\ComicRackSetup09155.exe
2012-08-05 06:16 - 2012-08-05 07:36 - 1336045568 ____A C:\Users\2nd_Window\Desktop\축구 남자 8강 대한민국 vs 영국 전반.120804.HDTV.x264.720p-HEAD.avi
2012-08-05 06:02 - 2012-08-05 12:45 - 2587789312 ____A C:\Users\2nd_Window\Desktop\축구 남자 8강 대한민국 vs 영국 후반, 연장, 승부차기.120804.HDTV.x264.720p-HEAD.avi
2012-08-04 10:35 - 2012-08-04 10:35 - 06955968 ____A (Microsoft Corporation) C:\Users\2nd_Window\Desktop\Silverlight.exe
2012-08-04 10:33 - 2012-08-04 10:33 - 06955968 ____A (Microsoft Corporation) C:\Users\2nd_Window\Downloads\Silverlight.exe
2012-08-01 16:54 - 2012-08-01 16:26 - 03591925 ____A C:\Users\2nd_Window\Desktop\BH_266.psd
2012-08-01 16:41 - 2012-08-01 16:25 - 04784596 ____A C:\Users\2nd_Window\Desktop\BH_275a.psd
2012-07-31 16:05 - 2012-07-31 15:46 - 19884489 ____A C:\Users\2nd_Window\Documents\Waterdown.ma
2012-07-31 15:47 - 2012-07-31 15:47 - 01704389 ____A C:\Users\2nd_Window\Documents\human.ma
2012-07-28 11:27 - 2012-07-28 11:27 - 00000759 ____A C:\Users\2nd_Window\Desktop\Icy Tower.lnk
2012-07-24 18:11 - 2012-07-24 18:11 - 00002091 ____A C:\Users\2nd_Window\Desktop\Aerial Fire.lnk
2012-07-23 19:37 - 2012-07-23 03:47 - 01449684 ____A C:\Users\2nd_Window\Documents\face3.psd
2012-07-20 03:49 - 2012-07-18 02:44 - 01387010 ____A C:\Users\2nd_Window\Documents\face2.psd
2012-07-17 03:49 - 2012-07-17 03:49 - 01559440 ____A C:\Users\2nd_Window\Documents\face1.psd
2012-07-16 16:00 - 2009-07-13 20:53 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 03:48 - 2012-07-16 03:48 - 00787077 ____A C:\Users\2nd_Window\Documents\Untitled-11.psd
2012-07-13 03:45 - 2012-07-13 03:45 - 00857459 ____A C:\Users\2nd_Window\Documents\Untitled-1.psd
2012-07-13 02:55 - 2012-07-13 02:55 - 00204952 ___AH C:\Windows\System32\mlfcache.dat
2012-07-10 17:26 - 2012-06-25 06:28 - 00001166 ____A C:\Users\2nd_Window\Desktop\GB04_ZOO_WRK.mov - Shortcut.lnk
2012-07-09 19:13 - 2012-03-11 07:43 - 00007324 ____A C:\Windows\LkmdfCoInst.log
2012-07-09 19:13 - 2012-02-05 10:48 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-07-09 19:12 - 2012-07-09 19:04 - 01549755 ____A C:\Users\2nd_Window\Documents\666666.psd
2012-07-08 06:25 - 2012-04-16 21:32 - 00000287 ____A C:\Users\2nd_Window\Desktop\Keyboard Remap_Storyboard.ahk
2012-07-05 18:06 - 2012-08-19 14:21 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-05 18:06 - 2012-08-19 14:21 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-05 18:06 - 2011-03-08 13:54 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-03 09:46 - 2012-08-15 15:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-08-19 09:05 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-19 09:04 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-19 09:04 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-29 10:09 - 2012-06-29 10:03 - 222609567 ____A C:\Users\2nd_Window\Desktop\ncloth.mov
2012-06-24 16:28 - 2012-06-24 16:28 - 00000796 ____A C:\Users\Public\Desktop\?????(??????).lnk
2012-06-24 09:34 - 2012-06-24 09:34 - 00002070 ____A C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk
2012-06-24 09:31 - 2012-06-24 09:32 - 00029480 ____A (Microsoft Corporation) C:\Windows\System32\msxml3a.dll
2012-06-24 09:31 - 2003-10-17 10:44 - 00505128 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-06-24 09:31 - 2003-10-17 10:44 - 00353576 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-06-21 09:54 - 2012-03-24 20:04 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-21 09:54 - 2012-03-24 20:03 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-21 09:54 - 2012-03-24 20:03 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-21 09:54 - 2011-07-20 14:55 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-16 14:06 - 2012-06-16 14:06 - 00002034 ____A C:\Users\Public\Desktop\Autodesk Maya 2010.lnk
2012-06-16 09:36 - 2012-06-16 09:36 - 00001293 ____A C:\Users\2nd_Window\Desktop\Vertigo.1958.CE.DVDrip.XviD.AC3.5.1CH.2CD-WAF.nfo
2012-06-02 14:19 - 2012-06-19 05:11 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 05:11 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 05:11 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 05:11 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 05:11 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 05:11 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 05:11 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 05:10 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-19 05:10 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3070.55 MB
Available physical RAM: 2577.48 MB
Total Pagefile: 3068.83 MB
Available Pagefile: 2587.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.6 MB

======================= Partitions =========================

2 Drive c: (Win 7 (Hitachi)) (Fixed) (Total:488.28 GB) (Free:70.63 GB) NTFS
3 Drive d: (Work Backup - Old Win 7 (HP)) (Fixed) (Total:335.35 GB) (Free:281.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Data N Movies (Hitachi) ) (Fixed) (Total:443.22 GB) (Free:150.45 GB) NTFS
5 Drive g: (fc-ole 20120609) (CDROM) (Total:4.33 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:7.46 GB) (Free:5.04 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (Downloads, Program Files (IDE)) (Fixed) (Total:57.27 GB) (Free:24.1 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 57 GB 0 B
Disk 1 Online 335 GB 0 B
Disk 2 Online 931 GB 8 MB
Disk 3 Online 7644 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 57 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Downloads, NTFS Partition 57 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 335 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Work Backup NTFS Partition 335 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 GB 31 KB
Partition 0 Extended 443 GB 488 GB
Partition 2 Logical 443 GB 488 GB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Win 7 (Hit NTFS Partition 488 GB Healthy

==================================================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Data N Movi NTFS Partition 443 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 1024 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7643 MB Healthy

==================================================================================

Last Boot: 2012-08-19 16:41

======================= End Of Log ==========================

megaboy1, Aug 19, 2012

#24
megaboy1 Newcomer, in training Posts: 59

Farbar Recovery Scan Tool Version: 18-08-2012
Ran by SYSTEM at 2012-08-19 22:47:45
Running from H:\

================== Search: "user32.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\System32\user32.dll
[2009-07-13 15:24] - [2011-01-24 18:04] - 0811520 ____A (Microsoft Corporation) 7BD7F45FF37FA0669CD32CA0EF46E22C

=== End Of Search ===

megaboy1, Aug 19, 2012

#25

megaboy1 Newcomer, in training Posts: 59

FYI, when I ran aswMBR .. it didn't show me "complete" message, but it didn't proceed at some point.. so I just saved the log...

megaboy1, Aug 19, 2012

#26

Broni Malware Annihilator Posts: 40,051 +187
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally and see if Combofix will run.
Attached Files:
- fixlist.txt
  
  File size:
  
  391 bytes
  
  Views:
  
  1
Broni, Aug 19, 2012

#27
megaboy1 Newcomer, in training Posts: 59

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 18-08-2012
Ran by SYSTEM at 2012-08-20 01:18:43 Run:2
Running from H:\

==============================================

C:\Users\2nd_Window\AppData\Local\Temp\~!#E0DE.tmp moved successfully.
C:\Users\2nd_Window\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5081d48-3d4f9e1b moved successfully.
C:\Users\2nd_Window\AppData\Roaming\prolts.dll moved successfully.
C:\Windows\System32\user32.dll moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll copied successfully to C:\Windows\System32\user32.dll

==== End of Fixlog ====

megaboy1, Aug 20, 2012

#28
megaboy1 Newcomer, in training Posts: 59

And no luck with Combofix...

megaboy1, Aug 20, 2012

#29
Broni Malware Annihilator Posts: 40,051 +187
Give me fresh aswMBR and rKill logs and....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Aug 20, 2012

#30
megaboy1 Newcomer, in training Posts: 59

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 07:26:11
-----------------------------
07:26:11.805 OS Version: Windows 6.1.7600
07:26:11.805 Number of processors: 4 586 0xF0B
07:26:11.805 ComputerName: 2ND_WINDOW-PC UserName: 2nd_Window
07:26:13.069 Initialize success
07:26:14.052 AVAST engine defs: 12082100
07:26:15.097 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
07:26:15.097 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
07:26:15.097 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
07:26:15.113 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
07:26:15.113 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000072
07:26:15.128 Disk 2 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
07:26:15.128 Disk 2 MBR read successfully
07:26:15.144 Disk 2 MBR scan
07:26:15.503 Disk 2 Windows XP default MBR code
07:26:15.534 Disk 2 Partition 1 00 07 HPFS/NTFS NTFS 499999 MB offset 63
07:26:15.877 Disk 2 Partition - 00 0F Extended LBA 453859 MB offset 1023999165
07:26:15.893 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 453859 MB offset 1023999228
07:26:16.017 Disk 2 scanning sectors +1953504000
07:26:16.361 Disk 2 scanning C:\Windows\system32\drivers
07:26:28.170 Service scanning
07:26:53.550 Modules scanning
07:27:12.952 Disk 2 trace - called modules:
07:27:12.963 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
07:27:12.963 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x860419f8]
07:27:12.963 3 CLASSPNP.SYS[8b25459e] -> nt!IofCallDriver -> [0x85dd7e00]
07:27:12.963 5 ACPI.sys[8aaa13b2] -> nt!IofCallDriver -> \Device\00000072[0x85918688]
07:27:14.528 AVAST engine scan C:\Windows
07:27:17.669 AVAST engine scan C:\Windows\system32
07:29:05.227 AVAST engine scan C:\Windows\system32\drivers
07:29:13.542 AVAST engine scan C:\Users\2nd_Window
07:46:48.363 Disk 2 MBR has been saved successfully to "C:\Users\2nd_Window\Desktop\MBR.dat"
07:46:48.409 The log file has been saved successfully to "C:\Users\2nd_Window\Desktop\aswMBR.txt"

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 07:18:27 AM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* MpsSvc [Missing Service]
* SharedAccess [Missing ImagePath]
* BITS [Missing Parameters Key]

Searching for Missing Digital Signatures:
* No issues found.

Program finished at: 08/21/2012 07:18:33 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

megaboy1, Aug 21, 2012

#31
megaboy1 Newcomer, in training Posts: 59

07:52:50.0534 3976 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
07:52:50.0990 3976 ============================================================
07:52:50.0990 3976 Current date / time: 2012/08/21 07:52:50.0990
07:52:50.0990 3976 SystemInfo:
07:52:50.0990 3976
07:52:50.0990 3976 OS Version: 6.1.7600 ServicePack: 0.0
07:52:50.0990 3976 Product type: Workstation
07:52:50.0990 3976 ComputerName: 2ND_WINDOW-PC
07:52:50.0990 3976 UserName: 2nd_Window
07:52:50.0990 3976 Windows directory: C:\Windows
07:52:50.0990 3976 System windows directory: C:\Windows
07:52:50.0990 3976 Processor architecture: Intel x86
07:52:50.0990 3976 Number of processors: 4
07:52:50.0990 3976 Page size: 0x1000
07:52:50.0990 3976 Boot type: Normal boot
07:52:50.0990 3976 ============================================================
07:52:52.0912 3976 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:52:52.0934 3976 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:52:52.0936 3976 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:52:52.0941 3976 ============================================================
07:52:52.0941 3976 \Device\Harddisk0\DR0:
07:52:52.0945 3976 MBR partitions:
07:52:52.0945 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7289800
07:52:52.0945 3976 \Device\Harddisk1\DR1:
07:52:52.0945 3976 MBR partitions:
07:52:52.0945 3976 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29EB3000
07:52:52.0945 3976 \Device\Harddisk2\DR2:
07:52:52.0945 3976 MBR partitions:
07:52:52.0945 3976 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D08FC7E
07:52:52.0961 3976 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x3D08FCFC, BlocksNum 0x37671E04
07:52:52.0961 3976 ============================================================
07:52:52.0977 3976 C: <-> \Device\Harddisk2\DR2\Partition1
07:52:52.0990 3976 D: <-> \Device\Harddisk0\DR0\Partition1
07:52:53.0000 3976 E: <-> \Device\Harddisk1\DR1\Partition1
07:52:53.0030 3976 F: <-> \Device\Harddisk2\DR2\Partition2
07:52:53.0030 3976 ============================================================
07:52:53.0030 3976 Initialize success
07:52:53.0030 3976 ============================================================
07:52:58.0060 4416 ============================================================
07:52:58.0060 4416 Scan started
07:52:58.0060 4416 Mode: Manual;
07:52:58.0060 4416 ============================================================
07:52:59.0318 4416 ================ Scan system memory ========================
07:52:59.0318 4416 System memory - ok
07:52:59.0319 4416 ================ Scan services =============================
07:52:59.0475 4416 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
07:52:59.0478 4416 1394ohci - ok
07:52:59.0502 4416 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
07:52:59.0505 4416 ACPI - ok
07:52:59.0524 4416 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
07:52:59.0525 4416 AcpiPmi - ok
07:52:59.0644 4416 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:52:59.0645 4416 AdobeARMservice - ok
07:52:59.0677 4416 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:52:59.0682 4416 adp94xx - ok
07:52:59.0723 4416 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:52:59.0727 4416 adpahci - ok
07:52:59.0745 4416 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:52:59.0748 4416 adpu320 - ok
07:52:59.0784 4416 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:52:59.0795 4416 AeLookupSvc - ok
07:52:59.0904 4416 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
07:52:59.0911 4416 AFD - ok
07:52:59.0957 4416 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
07:52:59.0967 4416 agp440 - ok
07:52:59.0998 4416 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:53:00.0006 4416 aic78xx - ok
07:53:00.0083 4416 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:53:00.0094 4416 ALG - ok
07:53:00.0115 4416 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
07:53:00.0116 4416 aliide - ok
07:53:00.0261 4416 ALSysIO - ok
07:53:00.0291 4416 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
07:53:00.0293 4416 amdagp - ok
07:53:00.0307 4416 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
07:53:00.0308 4416 amdide - ok
07:53:00.0327 4416 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:53:00.0329 4416 AmdK8 - ok
07:53:00.0346 4416 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:53:00.0347 4416 AmdPPM - ok
07:53:00.0361 4416 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
07:53:00.0362 4416 amdsata - ok
07:53:00.0378 4416 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:53:00.0381 4416 amdsbs - ok
07:53:00.0390 4416 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
07:53:00.0391 4416 amdxata - ok
07:53:00.0448 4416 [ FEC7A4E71710D4776F32F8700190B9EB ] AMonTDLH C:\Windows\system32\Drivers\AMonTDLH.sys
07:53:00.0449 4416 AMonTDLH - ok
07:53:00.0475 4416 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
07:53:00.0477 4416 AppID - ok
07:53:00.0513 4416 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:53:00.0514 4416 AppIDSvc - ok
07:53:00.0527 4416 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
07:53:00.0529 4416 Appinfo - ok
07:53:00.0541 4416 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
07:53:00.0544 4416 AppMgmt - ok
07:53:00.0584 4416 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:53:00.0586 4416 arc - ok
07:53:00.0598 4416 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:53:00.0599 4416 arcsas - ok
07:53:00.0703 4416 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:53:00.0719 4416 aspnet_state - ok
07:53:00.0763 4416 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
07:53:00.0764 4416 aswFsBlk - ok
07:53:00.0777 4416 [ A48D8015AF2A0D8B4937613FFBFD28DE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:53:00.0778 4416 aswMonFlt - ok
07:53:00.0797 4416 [ 4A951BEBA9E49410CDE478B6F6ABB252 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
07:53:00.0798 4416 aswRdr - ok
07:53:00.0831 4416 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:53:00.0836 4416 aswSnx - ok
07:53:00.0870 4416 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:53:00.0872 4416 aswSP - ok
07:53:00.0906 4416 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:53:00.0907 4416 aswTdi - ok
07:53:00.0926 4416 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:53:00.0928 4416 AsyncMac - ok
07:53:00.0966 4416 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
07:53:00.0966 4416 atapi - ok
07:53:01.0024 4416 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:53:01.0035 4416 AudioEndpointBuilder - ok
07:53:01.0052 4416 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:53:01.0055 4416 Audiosrv - ok
07:53:01.0148 4416 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:53:01.0149 4416 avast! Antivirus - ok
07:53:01.0185 4416 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:53:01.0187 4416 AxInstSV - ok
07:53:01.0227 4416 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:53:01.0233 4416 b06bdrv - ok
07:53:01.0254 4416 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:53:01.0257 4416 b57nd60x - ok
07:53:01.0278 4416 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:53:01.0280 4416 BDESVC - ok
07:53:01.0294 4416 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:53:01.0295 4416 Beep - ok
07:53:01.0372 4416 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
07:53:01.0402 4416 BFE - ok
07:53:01.0442 4416 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:53:01.0443 4416 blbdrive - ok
07:53:01.0481 4416 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:53:01.0484 4416 Bonjour Service - ok
07:53:01.0517 4416 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:53:01.0519 4416 bowser - ok
07:53:01.0548 4416 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:53:01.0549 4416 BrFiltLo - ok
07:53:01.0562 4416 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:53:01.0564 4416 BrFiltUp - ok
07:53:01.0590 4416 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:53:01.0592 4416 BridgeMP - ok
07:53:01.0627 4416 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
07:53:01.0629 4416 Browser - ok
07:53:01.0648 4416 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:53:01.0651 4416 Brserid - ok
07:53:01.0659 4416 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:53:01.0661 4416 BrSerWdm - ok
07:53:01.0678 4416 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:53:01.0680 4416 BrUsbMdm - ok
07:53:01.0689 4416 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:53:01.0690 4416 BrUsbSer - ok
07:53:01.0695 4416 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:53:01.0697 4416 BTHMODEM - ok
07:53:01.0722 4416 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:53:01.0724 4416 bthserv - ok
07:53:01.0740 4416 catchme - ok
07:53:01.0758 4416 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:53:01.0759 4416 cdfs - ok
07:53:01.0823 4416 [ 21C0133490FC6AFB1FBDC7ED9EE32312 ] CdmDrvNt C:\Windows\system32\Drivers\CdmDrvNt.sys
07:53:01.0825 4416 CdmDrvNt - ok
07:53:01.0889 4416 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:53:01.0897 4416 cdrom - ok
07:53:01.0945 4416 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
07:53:01.0952 4416 CertPropSvc - ok
07:53:01.0983 4416 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:53:01.0992 4416 circlass - ok
07:53:02.0014 4416 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:53:02.0029 4416 CLFS - ok
07:53:02.0186 4416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:53:02.0242 4416 clr_optimization_v2.0.50727_32 - ok
07:53:02.0400 4416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:53:02.0716 4416 clr_optimization_v4.0.30319_32 - ok
07:53:02.0749 4416 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:53:02.0750 4416 CmBatt - ok
07:53:02.0792 4416 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
07:53:02.0793 4416 cmdide - ok
07:53:02.0833 4416 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
07:53:02.0837 4416 CNG - ok
07:53:02.0860 4416 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:53:02.0862 4416 Compbatt - ok
07:53:02.0882 4416 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:53:02.0883 4416 CompositeBus - ok
07:53:02.0899 4416 COMSysApp - ok
07:53:02.0941 4416 [ 3411FDF098AA20193EEE5FFA36BA43B2 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
07:53:02.0942 4416 cpuz135 - ok
07:53:02.0976 4416 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:53:02.0977 4416 crcdisk - ok
07:53:03.0015 4416 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:53:03.0018 4416 CryptSvc - ok
07:53:03.0063 4416 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
07:53:03.0064 4416 CrystalSysInfo - ok
07:53:03.0098 4416 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
07:53:03.0103 4416 CSC - ok
07:53:03.0134 4416 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
07:53:03.0140 4416 CscService - ok
07:53:03.0177 4416 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
07:53:03.0184 4416 DcomLaunch - ok
07:53:03.0220 4416 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:53:03.0224 4416 defragsvc - ok
07:53:03.0256 4416 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:53:03.0258 4416 DfsC - ok
07:53:03.0282 4416 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:53:03.0286 4416 Dhcp - ok
07:53:03.0311 4416 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:53:03.0313 4416 discache - ok
07:53:03.0335 4416 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:53:03.0336 4416 Disk - ok
07:53:03.0370 4416 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:53:03.0373 4416 Dnscache - ok
07:53:03.0392 4416 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
07:53:03.0395 4416 dot3svc - ok
07:53:03.0434 4416 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:53:03.0437 4416 Dot4 - ok
07:53:03.0467 4416 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:53:03.0469 4416 Dot4Print - ok
07:53:03.0485 4416 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:53:03.0487 4416 dot4usb - ok
07:53:03.0502 4416 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
07:53:03.0505 4416 DPS - ok
07:53:03.0542 4416 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:53:03.0544 4416 drmkaud - ok
07:53:03.0570 4416 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:53:03.0572 4416 dtsoftbus01 - ok
07:53:03.0602 4416 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:53:03.0607 4416 DXGKrnl - ok
07:53:03.0635 4416 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:53:03.0638 4416 EapHost - ok
07:53:03.0758 4416 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:53:03.0791 4416 ebdrv - ok
07:53:03.0824 4416 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
07:53:03.0827 4416 EFS - ok
07:53:03.0895 4416 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:53:03.0903 4416 ehRecvr - ok
07:53:03.0941 4416 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:53:03.0947 4416 ehSched - ok
07:53:03.0993 4416 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:53:04.0005 4416 elxstor - ok
07:53:04.0023 4416 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
07:53:04.0024 4416 ErrDev - ok
07:53:04.0080 4416 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:53:04.0084 4416 EventSystem - ok
07:53:04.0118 4416 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:53:04.0121 4416 exfat - ok
07:53:04.0144 4416 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:53:04.0147 4416 fastfat - ok
07:53:04.0177 4416 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
07:53:04.0184 4416 Fax - ok
07:53:04.0212 4416 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:53:04.0213 4416 fdc - ok
07:53:04.0223 4416 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:53:04.0225 4416 fdPHost - ok
07:53:04.0249 4416 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:53:04.0252 4416 FDResPub - ok
07:53:04.0277 4416 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:53:04.0278 4416 FileInfo - ok
07:53:04.0291 4416 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:53:04.0292 4416 Filetrace - ok
07:53:04.0343 4416 [ D94B4EEC9205656BA26C9A2376758893 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:53:04.0355 4416 FLEXnet Licensing Service - ok
07:53:04.0364 4416 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:53:04.0365 4416 flpydisk - ok
07:53:04.0384 4416 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:53:04.0386 4416 FltMgr - ok
07:53:04.0430 4416 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
07:53:04.0440 4416 FontCache - ok
07:53:04.0499 4416 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:53:04.0501 4416 FontCache3.0.0.0 - ok
07:53:04.0528 4416 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:53:04.0537 4416 FsDepends - ok
07:53:04.0551 4416 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:53:04.0552 4416 Fs_Rec - ok
07:53:04.0591 4416 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:53:04.0594 4416 fvevol - ok
07:53:04.0614 4416 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:53:04.0624 4416 gagp30kx - ok
07:53:04.0660 4416 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
07:53:04.0662 4416 giveio - ok
07:53:04.0725 4416 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
07:53:04.0738 4416 gpsvc - ok
07:53:04.0899 4416 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:53:04.0901 4416 gupdate - ok
07:53:04.0945 4416 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:53:04.0946 4416 gupdatem - ok
07:53:04.0987 4416 [ 89364CC2A694364F4AA148B7CB802D57 ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
07:53:05.0002 4416 HCW85BDA - ok
07:53:05.0029 4416 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:53:05.0030 4416 hcw85cir - ok
07:53:05.0071 4416 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:53:05.0074 4416 HdAudAddService - ok
07:53:05.0096 4416 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:53:05.0106 4416 HDAudBus - ok
07:53:05.0120 4416 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:53:05.0122 4416 HidBatt - ok
07:53:05.0136 4416 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:53:05.0138 4416 HidBth - ok
07:53:05.0172 4416 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:53:05.0174 4416 HidIr - ok
07:53:05.0202 4416 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
07:53:05.0204 4416 hidserv - ok
07:53:05.0232 4416 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:53:05.0233 4416 HidUsb - ok
07:53:05.0266 4416 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:53:05.0269 4416 hkmsvc - ok
07:53:05.0280 4416 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:53:05.0284 4416 HomeGroupListener - ok
07:53:05.0321 4416 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:53:05.0326 4416 HomeGroupProvider - ok
07:53:05.0357 4416 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
07:53:05.0359 4416 HpSAMD - ok
07:53:05.0388 4416 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:53:05.0394 4416 HTTP - ok
07:53:05.0407 4416 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:53:05.0408 4416 hwpolicy - ok
07:53:05.0435 4416 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:53:05.0437 4416 i8042prt - ok
07:53:05.0461 4416 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
07:53:05.0473 4416 iaStorV - ok
07:53:05.0519 4416 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:53:05.0522 4416 IDriverT - ok
07:53:05.0575 4416 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:53:05.0586 4416 idsvc - ok
07:53:05.0606 4416 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:53:05.0607 4416 iirsp - ok
07:53:05.0653 4416 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
07:53:05.0662 4416 IKEEXT - ok
07:53:05.0698 4416 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
07:53:05.0699 4416 intelide - ok
07:53:05.0718 4416 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:53:05.0719 4416 intelppm - ok
07:53:05.0729 4416 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:53:05.0732 4416 IPBusEnum - ok
07:53:05.0746 4416 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:53:05.0747 4416 IpFilterDriver - ok
07:53:05.0770 4416 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:53:05.0777 4416 iphlpsvc - ok
07:53:05.0795 4416 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:53:05.0797 4416 IPMIDRV - ok
07:53:05.0818 4416 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:53:05.0820 4416 IPNAT - ok
07:53:05.0846 4416 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:53:05.0847 4416 IRENUM - ok
07:53:05.0864 4416 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
07:53:05.0866 4416 isapnp - ok
07:53:05.0889 4416 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:53:05.0892 4416 iScsiPrt - ok
07:53:05.0921 4416 JRSKD24 - ok
07:53:05.0949 4416 [ 139D9D538284EC721D759DF7238B8850 ] JRSUKD25 C:\Windows\system32\JRSUKD25.SYS
07:53:05.0951 4416 JRSUKD25 - ok
07:53:05.0988 4416 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:53:05.0989 4416 kbdclass - ok
07:53:06.0009 4416 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:53:06.0011 4416 kbdhid - ok
07:53:06.0042 4416 [ CBBC332B9A94D9EB16E3328B50760587 ] kcrtx86 C:\Windows\system32\kcrtx86.sys
07:53:06.0045 4416 kcrtx86 - ok
07:53:06.0074 4416 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
07:53:06.0077 4416 KeyIso - ok
07:53:06.0103 4416 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:53:06.0105 4416 KSecDD - ok
07:53:06.0134 4416 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:53:06.0136 4416 KSecPkg - ok
07:53:06.0176 4416 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:53:06.0182 4416 KtmRm - ok
07:53:06.0207 4416 [ 7175434625B350D7F2F53E82A16C45AE ] L8042mou C:\Windows\system32\DRIVERS\L8042mou.Sys
07:53:06.0209 4416 L8042mou - ok
07:53:06.0244 4416 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
07:53:06.0251 4416 LanmanServer - ok
07:53:06.0271 4416 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:53:06.0277 4416 LanmanWorkstation - ok
07:53:06.0372 4416 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:53:06.0376 4416 LBTServ - ok
07:53:06.0412 4416 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:53:06.0413 4416 LHidFilt - ok
07:53:06.0459 4416 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:53:06.0460 4416 lltdio - ok
07:53:06.0495 4416 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:53:06.0499 4416 lltdsvc - ok
07:53:06.0514 4416 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:53:06.0517 4416 lmhosts - ok
07:53:06.0543 4416 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:53:06.0543 4416 LMouFilt - ok
07:53:06.0575 4416 [ 435F23FC9B93D46720A0E9D43EC80DD0 ] LMouKE C:\Windows\system32\DRIVERS\LMouKE.Sys
07:53:06.0610 4416 LMouKE - ok
07:53:06.0679 4416 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:53:06.0682 4416 LSI_FC - ok
07:53:06.0693 4416 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:53:06.0695 4416 LSI_SAS - ok
07:53:06.0708 4416 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:53:06.0710 4416 LSI_SAS2 - ok
07:53:06.0721 4416 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:53:06.0723 4416 LSI_SCSI - ok
07:53:06.0746 4416 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:53:06.0749 4416 luafv - ok
07:53:06.0785 4416 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
07:53:06.0786 4416 LUsbFilt - ok
07:53:06.0824 4416 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:53:06.0827 4416 Mcx2Svc - ok
07:53:06.0858 4416 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:53:06.0860 4416 megasas - ok
07:53:06.0878 4416 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:53:06.0882 4416 MegaSR - ok
07:53:06.0987 4416 [ 5A60A55F6B8AF51A6B7642B8981FD834 ] MfFWEnt C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
07:53:07.0007 4416 MfFWEnt - ok
07:53:07.0074 4416 [ 99C7209B747E4D25AFAF241A140E4BE5 ] MfIPSEnt C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
07:53:07.0087 4416 MfIPSEnt - ok
07:53:07.0131 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:53:07.0140 4416 MMCSS - ok
07:53:07.0173 4416 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:53:07.0184 4416 Modem - ok
07:53:07.0239 4416 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:53:07.0240 4416 monitor - ok
07:53:07.0269 4416 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:53:07.0270 4416 mouclass - ok
07:53:07.0301 4416 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:53:07.0302 4416 mouhid - ok
07:53:07.0344 4416 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:53:07.0345 4416 mountmgr - ok
07:53:07.0361 4416 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
07:53:07.0364 4416 mpio - ok
07:53:07.0380 4416 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:53:07.0382 4416 mpsdrv - ok
07:53:07.0400 4416 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:53:07.0402 4416 MRxDAV - ok
07:53:07.0443 4416 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:53:07.0445 4416 mrxsmb - ok
07:53:07.0463 4416 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:53:07.0467 4416 mrxsmb10 - ok
07:53:07.0478 4416 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:53:07.0480 4416 mrxsmb20 - ok
07:53:07.0510 4416 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
07:53:07.0511 4416 msahci - ok
07:53:07.0520 4416 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
07:53:07.0522 4416 msdsm - ok
07:53:07.0540 4416 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:53:07.0545 4416 MSDTC - ok
07:53:07.0575 4416 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:53:07.0577 4416 Msfs - ok
07:53:07.0585 4416 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:53:07.0587 4416 mshidkmdf - ok
07:53:07.0591 4416 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
07:53:07.0592 4416 msisadrv - ok
07:53:07.0644 4416 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:53:07.0648 4416 MSiSCSI - ok
07:53:07.0656 4416 msiserver - ok
07:53:07.0672 4416 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:53:07.0673 4416 MSKSSRV - ok
07:53:07.0689 4416 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:53:07.0690 4416 MSPCLOCK - ok
07:53:07.0717 4416 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:53:07.0718 4416 MSPQM - ok
07:53:07.0730 4416 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:53:07.0732 4416 MsRPC - ok
07:53:07.0741 4416 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:53:07.0742 4416 mssmbios - ok
07:53:07.0747 4416 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:53:07.0748 4416 MSTEE - ok
07:53:07.0765 4416 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:53:07.0767 4416 MTConfig - ok
07:53:07.0810 4416 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
07:53:07.0811 4416 MTsensor - ok
07:53:07.0819 4416 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:53:07.0820 4416 Mup - ok
07:53:07.0856 4416 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
07:53:07.0863 4416 napagent - ok
07:53:07.0897 4416 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:53:07.0901 4416 NativeWifiP - ok
07:53:07.0925 4416 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:53:07.0933 4416 NDIS - ok
07:53:07.0954 4416 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:53:07.0955 4416 NdisCap - ok
07:53:07.0973 4416 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:53:07.0974 4416 NdisTapi - ok
07:53:07.0986 4416 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:53:07.0987 4416 Ndisuio - ok
07:53:07.0999 4416 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

megaboy1, Aug 21, 2012

#32
megaboy1 Newcomer, in training Posts: 59

07:53:08.0001 4416 NdisWan - ok
07:53:08.0013 4416 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:53:08.0014 4416 NDProxy - ok
07:53:08.0021 4416 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:53:08.0022 4416 NetBIOS - ok
07:53:08.0049 4416 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:53:08.0077 4416 NetBT - ok
07:53:08.0107 4416 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
07:53:08.0110 4416 Netlogon - ok
07:53:08.0162 4416 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:53:08.0168 4416 Netman - ok
07:53:08.0227 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:53:08.0256 4416 NetMsmqActivator - ok
07:53:08.0270 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:53:08.0271 4416 NetPipeActivator - ok
07:53:08.0279 4416 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:53:08.0294 4416 netprofm - ok
07:53:08.0302 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:53:08.0303 4416 NetTcpActivator - ok
07:53:08.0307 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:53:08.0309 4416 NetTcpPortSharing - ok
07:53:08.0353 4416 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:53:08.0355 4416 nfrd960 - ok
07:53:08.0371 4416 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
07:53:08.0376 4416 NlaSvc - ok
07:53:08.0384 4416 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:53:08.0386 4416 Npfs - ok
07:53:08.0410 4416 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:53:08.0414 4416 nsi - ok
07:53:08.0425 4416 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:53:08.0426 4416 nsiproxy - ok
07:53:08.0453 4416 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:53:08.0467 4416 Ntfs - ok
07:53:08.0482 4416 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:53:08.0484 4416 Null - ok
07:53:08.0528 4416 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
07:53:08.0532 4416 NVENETFD - ok
07:53:08.0561 4416 [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
07:53:08.0563 4416 NVHDA - ok
07:53:08.0762 4416 [ E891B3979F0CF2740C1B073F834221FE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:53:08.0827 4416 nvlddmkm - ok
07:53:08.0868 4416 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
07:53:08.0870 4416 nvraid - ok
07:53:08.0881 4416 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
07:53:08.0882 4416 nvstor - ok
07:53:08.0935 4416 [ AE2DE8E165DCB93A66B21748E6F913DF ] NVSvc C:\Windows\system32\nvvsvc.exe
07:53:08.0944 4416 NVSvc - ok
07:53:09.0052 4416 [ C78581C14699C46FE0F0817416383134 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:53:09.0066 4416 nvUpdatusService - ok
07:53:09.0084 4416 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
07:53:09.0086 4416 nv_agp - ok
07:53:09.0110 4416 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:53:09.0112 4416 ohci1394 - ok
07:53:09.0147 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:53:09.0154 4416 p2pimsvc - ok
07:53:09.0171 4416 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:53:09.0178 4416 p2psvc - ok
07:53:09.0210 4416 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:53:09.0211 4416 Parport - ok
07:53:09.0221 4416 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:53:09.0222 4416 partmgr - ok
07:53:09.0234 4416 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:53:09.0236 4416 Parvdm - ok
07:53:09.0250 4416 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:53:09.0255 4416 PcaSvc - ok
07:53:09.0266 4416 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
07:53:09.0269 4416 pci - ok
07:53:09.0283 4416 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
07:53:09.0285 4416 pciide - ok
07:53:09.0301 4416 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:53:09.0313 4416 pcmcia - ok
07:53:09.0359 4416 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:53:09.0360 4416 pcw - ok
07:53:09.0412 4416 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:53:09.0424 4416 PEAUTH - ok
07:53:09.0502 4416 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:53:09.0516 4416 PeerDistSvc - ok
07:53:09.0564 4416 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
07:53:09.0583 4416 pla - ok
07:53:09.0613 4416 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:53:09.0621 4416 PlugPlay - ok
07:53:09.0634 4416 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:53:09.0639 4416 PNRPAutoReg - ok
07:53:09.0655 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:53:09.0660 4416 PNRPsvc - ok
07:53:09.0694 4416 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:53:09.0700 4416 PolicyAgent - ok
07:53:09.0729 4416 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
07:53:09.0735 4416 Power - ok
07:53:09.0777 4416 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:53:09.0778 4416 PptpMiniport - ok
07:53:09.0789 4416 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:53:09.0791 4416 Processor - ok
07:53:09.0822 4416 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
07:53:09.0827 4416 ProfSvc - ok
07:53:09.0840 4416 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:53:09.0843 4416 ProtectedStorage - ok
07:53:09.0858 4416 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:53:09.0859 4416 Psched - ok
07:53:09.0909 4416 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
07:53:09.0910 4416 PSI - ok
07:53:09.0953 4416 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
07:53:09.0955 4416 PSI_SVC_2 - ok
07:53:09.0984 4416 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:53:09.0999 4416 ql2300 - ok
07:53:10.0038 4416 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:53:10.0040 4416 ql40xx - ok
07:53:10.0082 4416 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:53:10.0088 4416 QWAVE - ok
07:53:10.0107 4416 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:53:10.0108 4416 QWAVEdrv - ok
07:53:10.0137 4416 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:53:10.0139 4416 RasAcd - ok
07:53:10.0157 4416 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:53:10.0158 4416 RasAgileVpn - ok
07:53:10.0165 4416 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:53:10.0170 4416 RasAuto - ok
07:53:10.0201 4416 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:53:10.0202 4416 Rasl2tp - ok
07:53:10.0222 4416 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
07:53:10.0229 4416 RasMan - ok
07:53:10.0254 4416 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:53:10.0255 4416 RasPppoe - ok
07:53:10.0290 4416 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:53:10.0292 4416 RasSstp - ok
07:53:10.0304 4416 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:53:10.0307 4416 rdbss - ok
07:53:10.0343 4416 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:53:10.0345 4416 rdpbus - ok
07:53:10.0355 4416 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:53:10.0356 4416 RDPCDD - ok
07:53:10.0372 4416 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:53:10.0374 4416 RDPDR - ok
07:53:10.0391 4416 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:53:10.0392 4416 RDPENCDD - ok
07:53:10.0409 4416 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:53:10.0410 4416 RDPREFMP - ok
07:53:10.0430 4416 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:53:10.0433 4416 RDPWD - ok
07:53:10.0457 4416 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:53:10.0459 4416 rdyboost - ok
07:53:10.0494 4416 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:53:10.0497 4416 RemoteAccess - ok
07:53:10.0529 4416 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:53:10.0534 4416 RemoteRegistry - ok
07:53:10.0544 4416 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:53:10.0548 4416 RpcEptMapper - ok
07:53:10.0556 4416 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:53:10.0559 4416 RpcLocator - ok
07:53:10.0576 4416 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
07:53:10.0582 4416 RpcSs - ok
07:53:10.0617 4416 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:53:10.0619 4416 rspndr - ok
07:53:10.0646 4416 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
07:53:10.0651 4416 RTL8187B - ok
07:53:10.0666 4416 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
07:53:10.0667 4416 s3cap - ok
07:53:10.0682 4416 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
07:53:10.0684 4416 SamSs - ok
07:53:10.0755 4416 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\Sandra.sys
07:53:10.0758 4416 SANDRA - ok
07:53:10.0770 4416 [ 96F6F3E594D780B7E20FDC94504D4D89 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe
07:53:10.0773 4416 SandraAgentSrv - ok
07:53:10.0815 4416 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
07:53:10.0817 4416 sbp2port - ok
07:53:10.0841 4416 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:53:10.0846 4416 SCardSvr - ok
07:53:10.0858 4416 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:53:10.0859 4416 scfilter - ok
07:53:10.0901 4416 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
07:53:10.0912 4416 Schedule - ok
07:53:10.0927 4416 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:53:10.0928 4416 SCPolicySvc - ok
07:53:10.0971 4416 [ FD0C8A2AACC788D415F1957099827F80 ] scskusbf C:\Windows\system32\drivers\scskusbf.sys
07:53:10.0972 4416 scskusbf - ok
07:53:11.0006 4416 [ 47C0A9E02BD4832ED4E522F906CCE724 ] scskusbs C:\Windows\system32\drivers\scskusbs.sys
07:53:11.0009 4416 scskusbs - ok
07:53:11.0043 4416 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:53:11.0048 4416 SDRSVC - ok
07:53:11.0084 4416 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:53:11.0086 4416 secdrv - ok
07:53:11.0095 4416 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:53:11.0099 4416 seclogon - ok
07:53:11.0162 4416 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
07:53:11.0169 4416 Secunia PSI Agent - ok
07:53:11.0191 4416 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
07:53:11.0193 4416 Secunia Update Agent - ok
07:53:11.0228 4416 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
07:53:11.0232 4416 SENS - ok
07:53:11.0244 4416 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:53:11.0248 4416 SensrSvc - ok
07:53:11.0289 4416 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:53:11.0291 4416 Serenum - ok
07:53:11.0306 4416 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:53:11.0308 4416 Serial - ok
07:53:11.0323 4416 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:53:11.0324 4416 sermouse - ok
07:53:11.0345 4416 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
07:53:11.0350 4416 SessionEnv - ok
07:53:11.0365 4416 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:53:11.0366 4416 sffdisk - ok
07:53:11.0373 4416 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:53:11.0375 4416 sffp_mmc - ok
07:53:11.0385 4416 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:53:11.0387 4416 sffp_sd - ok
07:53:11.0391 4416 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:53:11.0393 4416 sfloppy - ok
07:53:11.0429 4416 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:53:11.0436 4416 ShellHWDetection - ok
07:53:11.0455 4416 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
07:53:11.0457 4416 sisagp - ok
07:53:11.0505 4416 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:53:11.0508 4416 SiSRaid2 - ok
07:53:11.0526 4416 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:53:11.0530 4416 SiSRaid4 - ok
07:53:11.0612 4416 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:53:11.0613 4416 SkypeUpdate - ok
07:53:11.0656 4416 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:53:11.0662 4416 Smb - ok
07:53:11.0722 4416 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:53:11.0729 4416 SNMPTRAP - ok
07:53:11.0784 4416 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
07:53:11.0788 4416 speedfan - ok
07:53:11.0823 4416 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:53:11.0824 4416 spldr - ok
07:53:11.0872 4416 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
07:53:11.0883 4416 Spooler - ok
07:53:12.0012 4416 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
07:53:12.0049 4416 sppsvc - ok
07:53:12.0108 4416 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:53:12.0113 4416 sppuinotify - ok
07:53:12.0170 4416 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:53:12.0174 4416 srv - ok
07:53:12.0191 4416 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:53:12.0195 4416 srv2 - ok
07:53:12.0207 4416 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:53:12.0209 4416 srvnet - ok
07:53:12.0236 4416 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:53:12.0242 4416 SSDPSRV - ok
07:53:12.0281 4416 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
07:53:12.0282 4416 SSPORT - ok
07:53:12.0295 4416 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:53:12.0300 4416 SstpSvc - ok
07:53:12.0374 4416 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:53:12.0378 4416 Stereo Service - ok
07:53:12.0405 4416 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:53:12.0406 4416 stexstor - ok
07:53:12.0445 4416 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
07:53:12.0454 4416 StiSvc - ok
07:53:12.0471 4416 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
07:53:12.0473 4416 storflt - ok
07:53:12.0482 4416 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
07:53:12.0483 4416 storvsc - ok
07:53:12.0498 4416 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:53:12.0498 4416 swenum - ok
07:53:12.0620 4416 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:53:12.0624 4416 SwitchBoard - ok
07:53:12.0653 4416 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:53:12.0661 4416 swprv - ok
07:53:12.0695 4416 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
07:53:12.0711 4416 SysMain - ok
07:53:12.0725 4416 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:53:12.0730 4416 TabletInputService - ok
07:53:12.0877 4416 [ 77E974834B9C246DE54DE4F430315B09 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
07:53:12.0942 4416 TabletServiceWacom - ok
07:53:12.0973 4416 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
07:53:12.0975 4416 taphss - ok
07:53:13.0004 4416 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
07:53:13.0010 4416 TapiSrv - ok
07:53:13.0020 4416 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:53:13.0025 4416 TBS - ok
07:53:13.0067 4416 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:53:13.0081 4416 Tcpip - ok
07:53:13.0107 4416 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:53:13.0115 4416 TCPIP6 - ok
07:53:13.0150 4416 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:53:13.0152 4416 tcpipreg - ok
07:53:13.0163 4416 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:53:13.0164 4416 TDPIPE - ok
07:53:13.0176 4416 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:53:13.0177 4416 TDTCP - ok
07:53:13.0199 4416 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:53:13.0200 4416 tdx - ok
07:53:13.0214 4416 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:53:13.0215 4416 TermDD - ok
07:53:13.0254 4416 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
07:53:13.0263 4416 TermService - ok
07:53:13.0276 4416 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:53:13.0281 4416 Themes - ok
07:53:13.0289 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:53:13.0291 4416 THREADORDER - ok
07:53:13.0346 4416 [ 7496F4C86CAC98CA7A24586570E214AA ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
07:53:13.0351 4416 TouchServiceWacom - ok
07:53:13.0374 4416 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:53:13.0379 4416 TrkWks - ok
07:53:13.0434 4416 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:53:13.0437 4416 TrustedInstaller - ok
07:53:13.0449 4416 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:53:13.0451 4416 tssecsrv - ok
07:53:13.0493 4416 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:53:13.0495 4416 tunnel - ok
07:53:13.0505 4416 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:53:13.0507 4416 uagp35 - ok
07:53:13.0527 4416 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:53:13.0531 4416 udfs - ok
07:53:13.0570 4416 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:53:13.0574 4416 UI0Detect - ok
07:53:13.0584 4416 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
07:53:13.0586 4416 uliagpkx - ok
07:53:13.0609 4416 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:53:13.0610 4416 umbus - ok
07:53:13.0626 4416 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:53:13.0627 4416 UmPass - ok
07:53:13.0647 4416 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
07:53:13.0653 4416 UmRdpService - ok
07:53:13.0665 4416 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:53:13.0672 4416 upnphost - ok
07:53:13.0731 4416 USADISK_AGENT - ok
07:53:13.0764 4416 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:53:13.0766 4416 usbccgp - ok
07:53:13.0800 4416 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
07:53:13.0802 4416 usbcir - ok
07:53:13.0834 4416 [ FF32D4F3EC3C68B2CA61782C7964F54E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:53:13.0835 4416 usbehci - ok
07:53:13.0858 4416 [ B0DFC7B484E0CA0C27BDA5433B82D94A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:53:13.0862 4416 usbhub - ok
07:53:13.0877 4416 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:53:13.0879 4416 usbohci - ok
07:53:13.0895 4416 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:53:13.0897 4416 usbprint - ok
07:53:13.0913 4416 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:53:13.0914 4416 usbscan - ok
07:53:13.0929 4416 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:53:13.0947 4416 USBSTOR - ok
07:53:13.0965 4416 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:53:13.0993 4416 usbuhci - ok
07:53:14.0049 4416 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:53:14.0097 4416 UxSms - ok
07:53:14.0148 4416 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
07:53:14.0150 4416 VaultSvc - ok
07:53:14.0191 4416 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
07:53:14.0201 4416 vdrvroot - ok
07:53:14.0241 4416 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
07:53:14.0250 4416 vds - ok
07:53:14.0289 4416 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:53:14.0291 4416 vga - ok
07:53:14.0301 4416 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:53:14.0303 4416 VgaSave - ok
07:53:14.0322 4416 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
07:53:14.0325 4416 vhdmp - ok
07:53:14.0349 4416 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
07:53:14.0363 4416 viaagp - ok
07:53:14.0383 4416 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:53:14.0385 4416 ViaC7 - ok
07:53:14.0415 4416 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
07:53:14.0417 4416 viaide - ok
07:53:14.0453 4416 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
07:53:14.0456 4416 vmbus - ok
07:53:14.0474 4416 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
07:53:14.0476 4416 VMBusHID - ok
07:53:14.0487 4416 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
07:53:14.0488 4416 volmgr - ok
07:53:14.0501 4416 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:53:14.0504 4416 volmgrx - ok
07:53:14.0520 4416 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
07:53:14.0524 4416 volsnap - ok
07:53:14.0540 4416 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:53:14.0542 4416 vsmraid - ok
07:53:14.0587 4416 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
07:53:14.0602 4416 VSS - ok
07:53:14.0632 4416 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:53:14.0634 4416 vwifibus - ok
07:53:14.0654 4416 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:53:14.0662 4416 W32Time - ok
07:53:14.0682 4416 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
07:53:14.0683 4416 wacommousefilter - ok
07:53:14.0694 4416 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:53:14.0696 4416 WacomPen - ok
07:53:14.0731 4416 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
07:53:14.0732 4416 wacomvhid - ok
07:53:14.0744 4416 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:53:14.0746 4416 WANARP - ok
07:53:14.0750 4416 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:53:14.0751 4416 Wanarpv6 - ok
07:53:14.0809 4416 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:53:14.0823 4416 WatAdminSvc - ok
07:53:14.0874 4416 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
07:53:14.0891 4416 wbengine - ok
07:53:14.0907 4416 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:53:14.0913 4416 WbioSrvc - ok
07:53:14.0939 4416 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:53:14.0946 4416 wcncsvc - ok
07:53:14.0963 4416 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:53:14.0968 4416 WcsPlugInService - ok
07:53:15.0002 4416 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:53:15.0004 4416 Wd - ok
07:53:15.0018 4416 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:53:15.0023 4416 Wdf01000 - ok
07:53:15.0056 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:53:15.0061 4416 WdiServiceHost - ok
07:53:15.0065 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:53:15.0069 4416 WdiSystemHost - ok
07:53:15.0087 4416 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
07:53:15.0093 4416 WebClient - ok
07:53:15.0111 4416 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:53:15.0117 4416 Wecsvc - ok
07:53:15.0132 4416 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:53:15.0137 4416 wercplsupport - ok
07:53:15.0160 4416 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:53:15.0165 4416 WerSvc - ok
07:53:15.0188 4416 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:53:15.0190 4416 WfpLwf - ok
07:53:15.0206 4416 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:53:15.0208 4416 WIMMount - ok
07:53:15.0281 4416 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:53:15.0289 4416 WinDefend - ok
07:53:15.0305 4416 WinHttpAutoProxySvc - ok
07:53:15.0358 4416 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:53:15.0361 4416 Winmgmt - ok
07:53:15.0414 4416 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
07:53:15.0431 4416 WinRM - ok
07:53:15.0473 4416 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:53:15.0475 4416 WinUsb - ok
07:53:15.0496 4416 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:53:15.0508 4416 Wlansvc - ok
07:53:15.0572 4416 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:53:15.0583 4416 wlidsvc - ok
07:53:15.0616 4416 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:53:15.0617 4416 WmiAcpi - ok
07:53:15.0655 4416 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:53:15.0658 4416 wmiApSrv - ok
07:53:15.0717 4416 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:53:15.0724 4416 WMPNetworkSvc - ok
07:53:15.0753 4416 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:53:15.0758 4416 WPCSvc - ok
07:53:15.0768 4416 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:53:15.0773 4416 WPDBusEnum - ok
07:53:15.0787 4416 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:53:15.0788 4416 ws2ifsl - ok
07:53:15.0801 4416 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
07:53:15.0807 4416 wscsvc - ok
07:53:15.0811 4416 WSearch - ok
07:53:15.0870 4416 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:53:15.0896 4416 wuauserv - ok
07:53:15.0928 4416 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:53:15.0930 4416 WudfPf - ok
07:53:15.0952 4416 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:53:15.0955 4416 WUDFRd - ok
07:53:15.0988 4416 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:53:15.0994 4416 wudfsvc - ok
07:53:16.0012 4416 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:53:16.0019 4416 WwanSvc - ok
07:53:16.0101 4416 [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files\CyberLink\PowerDVD9\000.fcl
07:53:16.0102 4416 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
07:53:16.0106 4416 ================ Scan global ===============================
07:53:16.0147 4416 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
07:53:16.0175 4416 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
07:53:16.0186 4416 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
07:53:16.0219 4416 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:53:16.0249 4416 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:53:16.0254 4416 [Global] - ok
07:53:16.0273 4416 ================ Scan MBR ==================================
07:53:16.0291 4416 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:53:16.0363 4416 \Device\Harddisk0\DR0 - ok
07:53:16.0390 4416 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
07:53:16.0566 4416 \Device\Harddisk1\DR1 - ok
07:53:16.0575 4416 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
07:53:16.0578 4416 \Device\Harddisk2\DR2 - ok
07:53:16.0579 4416 ================ Scan VBR ==================================
07:53:16.0583 4416 [ 60B4F17CAB3AA2BB6B90D217B6996728 ] \Device\Harddisk0\DR0\Partition1
07:53:16.0584 4416 \Device\Harddisk0\DR0\Partition1 - ok
07:53:16.0590 4416 [ 4BE64327A8E0661588982428E4FB61CE ] \Device\Harddisk1\DR1\Partition1
07:53:16.0591 4416 \Device\Harddisk1\DR1\Partition1 - ok
07:53:16.0596 4416 [ 325C37512A99D9AA35EC347DEAB82D62 ] \Device\Harddisk2\DR2\Partition1
07:53:16.0597 4416 \Device\Harddisk2\DR2\Partition1 - ok
07:53:16.0616 4416 [ 3A91685AA1CB3EC61B735C5F8AF1D558 ] \Device\Harddisk2\DR2\Partition2
07:53:16.0617 4416 \Device\Harddisk2\DR2\Partition2 - ok
07:53:16.0617 4416 ============================================================
07:53:16.0617 4416 Scan finished
07:53:16.0617 4416 ============================================================
07:53:16.0630 4352 Detected object count: 0
07:53:16.0630 4352 Actual detected object count: 0

megaboy1, Aug 21, 2012

#33
Broni Malware Annihilator Posts: 40,051 +187
All look good.

How is computer doing?

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Aug 21, 2012

#34
megaboy1 Newcomer, in training Posts: 59

I don't see any problem in my computer.
The constant Avast warning stopped since your very first FRST fix.

OTL logfile created on: 22/08/2012 12:10:20 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\2nd_Window\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.39% Memory free
6.00 Gb Paging File | 5.01 Gb Available in Paging File | 83.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488.28 Gb Total Space | 62.60 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 57.27 Gb Total Space | 24.10 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 281.47 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive F: | 443.22 Gb Total Space | 150.45 Gb Free Space | 33.95% Space Free | Partition Type: NTFS
Drive G: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 12:09:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/21 13:54:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/02/29 16:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2012/01/23 08:38:24 | 003,591,544 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2012/01/23 08:38:24 | 001,609,080 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 12:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/07/06 03:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/06/13 05:05:28 | 000,155,856 | ---- | M] () -- C:\Program Files\USADISK\WEBHARD_Agent.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/28 20:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/02/16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/05/02 13:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 08:38:24 | 000,963,448 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/07/06 03:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2010/11/21 10:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/16 18:06:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/13 05:05:28 | 000,155,856 | ---- | M] () [Auto | Running] -- C:\Program Files\USADISK\WEBHARD_Agent.exe -- (USADISK_AGENT)
SRV - [2011/01/24 00:46:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/12 04:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\2ND_WI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\2ND_WI~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 12:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/07 20:25:12 | 000,194,792 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2012/05/07 20:25:12 | 000,018,696 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/17 08:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/11/30 02:18:42 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2011/11/14 11:29:44 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/11/14 11:29:42 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011/09/27 21:05:04 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/09/02 02:31:28 | 000,081,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,065,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2011/07/26 13:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/26 12:23:00 | 000,090,208 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmonTDLh.sys -- (AMonTDLH)
DRV - [2011/04/30 17:33:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/10/14 21:41:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/28 03:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2010/06/28 03:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/07/20 21:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/06/24 13:34:23] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 3E 36 1B E7 60 CD 01 [binary data]
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{51AAF215-731A-4D51-8CE2-8F6FC3872DBE}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.freegamepick.com/start-search.html"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files\Interezen\Plugins\NPI3GManager.dll (Interezen (c) Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 13:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/19 13:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 14:31:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 18:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 14:31:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 18:21:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}: C:\Users\2nd_Window\AppData\Local\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}

[2011/01/25 11:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Extensions
[2012/08/01 22:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions
[2012/03/09 00:24:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/05 12:53:45 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/05/03 16:55:14 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/08/01 22:56:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\foxyproxy@eric.h.jung
[2012/03/16 03:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 14:31:22 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/21 13:54:20 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/02/04 08:58:50 | 000,090,112 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxecure.dll
[2010/02/04 08:58:48 | 000,073,728 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxwfile.dll
[2012/03/09 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/09 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: XecureWeb Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npxecure.dll
CHR - plugin: XecureWeb File Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npxwfile.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPI3GManager (c) Interezen. plugin (Enabled) = C:\Program Files\Interezen\Plugins\NPI3GManager.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: SoftForum XecureWeb Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
CHR - plugin: SoftForum XecureWeb File Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: TouchEn Key for Multi-Browser (Enabled) = C:\Windows\system32\npKeyPro.dll
CHR - Extension: YouTube = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: General Crawler = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\
CHR - Extension: Gmail = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

megaboy1, Aug 22, 2012

#35
megaboy1 Newcomer, in training Posts: 59

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 12:09:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
[2012/08/22 08:23:36 | 000,000,000 | R--D | C] -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012/08/21 07:52:45 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
[2012/08/20 01:22:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/20 00:38:47 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/08/20 00:38:47 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\IrfanView
[2012/08/20 00:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/08/20 00:37:51 | 001,539,072 | ---- | C] (Irfan Skiljan) -- C:\Users\2nd_Window\Desktop\iview433_setup.exe
[2012/08/19 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\.minecraft
[2012/08/19 18:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/19 13:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/19 13:05:23 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/19 13:05:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/19 13:05:20 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/19 13:05:13 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/19 13:05:13 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/19 13:05:12 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/19 13:04:53 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/19 13:04:52 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/19 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/19 12:52:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/19 12:52:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/19 12:52:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/19 12:48:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/19 12:46:15 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\ComboFix.exe
[2012/08/19 00:17:45 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/18 19:11:38 | 000,897,686 | ---- | C] (Farbar) -- C:\Users\2nd_Window\Desktop\FRST.exe
[2012/08/18 15:56:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/18 15:52:24 | 029,852,304 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\2nd_Window\Desktop\avc-free.exe
[2012/08/18 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\AnvSoft
[2012/08/18 15:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2012/08/18 15:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2012/08/18 15:49:49 | 030,455,120 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\2nd_Window\Desktop\avc-ultimate.exe
[2012/08/18 00:06:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
[2012/08/18 00:03:00 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\2nd_Window\Desktop\rkill.exe
[2012/08/16 21:36:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.com
[2012/08/15 19:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/15 19:47:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/15 19:46:05 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/14 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\6C82D124A26398738E1D86D34F147C45
[2012/08/06 11:56:17 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\cYo
[2012/07/28 15:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design
[2012/07/28 15:27:39 | 000,000,000 | ---D | C] -- C:\games
[2012/07/28 08:28:16 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\RealNetworks
[2012/07/24 22:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGamePick.com
[2012/07/24 22:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\FreeGamePick.com
[2011/04/07 19:56:54 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\2nd_Window\AppData\Local\ixu.exe
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2012/08/22 12:09:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
[2012/08/22 12:06:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 12:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 08:23:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 08:23:07 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 02:10:49 | 001,001,224 | ---- | M] () -- C:\Users\2nd_Window\Documents\face.psd
[2012/08/21 20:16:42 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/21 07:51:56 | 002,193,345 | ---- | M] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
[2012/08/21 07:46:48 | 000,000,512 | ---- | M] () -- C:\Users\2nd_Window\Desktop\MBR.dat
[2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
[2012/08/20 00:38:47 | 000,001,864 | ---- | M] () -- C:\Users\2nd_Window\Desktop\IrfanView Thumbnails.lnk
[2012/08/20 00:37:53 | 001,539,072 | ---- | M] (Irfan Skiljan) -- C:\Users\2nd_Window\Desktop\iview433_setup.exe
[2012/08/20 00:29:36 | 000,469,359 | ---- | M] () -- C:\Users\2nd_Window\Documents\Statement.pdf
[2012/08/19 13:20:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 13:20:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 13:05:24 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/19 13:05:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/19 12:46:22 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\ComboFix.exe
[2012/08/19 11:52:57 | 089,340,632 | ---- | M] () -- C:\Users\2nd_Window\Desktop\avast_free_antivirus_setup.exe
[2012/08/19 11:18:21 | 000,001,352 | ---- | M] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
[2012/08/18 19:12:03 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/18 19:12:03 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/18 15:56:05 | 000,001,210 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Any Video Converter.lnk
[2012/08/18 15:52:37 | 029,852,304 | ---- | M] (Any-Video-Converter.com ) -- C:\Users\2nd_Window\Desktop\avc-free.exe
[2012/08/18 15:52:13 | 000,001,258 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Any Video Converter Ultimate.lnk
[2012/08/18 15:50:02 | 030,455,120 | ---- | M] (Any-Video-Converter.com ) -- C:\Users\2nd_Window\Desktop\avc-ultimate.exe
[2012/08/18 13:28:25 | 000,897,686 | ---- | M] (Farbar) -- C:\Users\2nd_Window\Desktop\FRST.exe
[2012/08/18 00:06:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
[2012/08/18 00:03:07 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\2nd_Window\Desktop\rkill.exe
[2012/08/16 21:36:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.com
[2012/08/16 20:01:53 | 000,302,592 | ---- | M] () -- C:\Users\2nd_Window\Desktop\82hdu87u.exe
[2012/08/15 19:47:58 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 19:46:13 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/13 23:08:16 | 000,116,857 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Receipt.pdf
[2012/08/13 23:07:30 | 000,121,071 | ---- | M] () -- C:\Users\2nd_Window\Desktop\HP Warranty - Warranty information.pdf
[2012/08/13 22:57:52 | 000,328,764 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Correspondence_2011792.pdf
[2012/08/07 07:43:32 | 000,112,764 | ---- | M] () -- C:\Users\2nd_Window\Documents\Scan008.pdf
[2012/08/06 11:54:03 | 011,581,288 | ---- | M] () -- C:\Users\2nd_Window\Desktop\ComicRackSetup09155.exe
[2012/08/05 10:16:43 | 1336,045,568 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Ãà±¸ ³²ÀÚ 8° ´ëÇÑ¹Î±¹ vs ¿µ±¹ Àü¹Ý.120804.HDTV.x264.720p-HEAD.avi
[2012/08/05 10:02:39 | 2587,789,312 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Ãà±¸ ³²ÀÚ 8° ´ëÇÑ¹Î±¹ vs ¿µ±¹ ÈÄ¹Ý, ¿¬Àå, ½ÂºÎÂ÷±â.120804.HDTV.x264.720p-HEAD.avi
[2012/08/01 20:54:49 | 003,591,925 | ---- | M] () -- C:\Users\2nd_Window\Desktop\BH_266.psd
[2012/08/01 20:41:47 | 004,784,596 | ---- | M] () -- C:\Users\2nd_Window\Desktop\BH_275a.psd
[2012/07/31 20:05:04 | 019,884,489 | ---- | M] () -- C:\Users\2nd_Window\Documents\Waterdown.ma
[2012/07/31 19:47:11 | 001,704,389 | ---- | M] () -- C:\Users\2nd_Window\Documents\human.ma
[2012/07/28 15:27:40 | 000,000,759 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Icy Tower.lnk
[2012/07/24 22:11:24 | 000,002,091 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Aerial Fire.lnk
[2012/07/23 23:37:21 | 001,449,684 | ---- | M] () -- C:\Users\2nd_Window\Documents\face3.psd

========== Files Created - No Company Name ==========

[2012/08/22 02:10:47 | 001,001,224 | ---- | C] () -- C:\Users\2nd_Window\Documents\face.psd
[2012/08/21 07:51:50 | 002,193,345 | ---- | C] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
[2012/08/20 00:38:47 | 000,001,864 | ---- | C] () -- C:\Users\2nd_Window\Desktop\IrfanView Thumbnails.lnk
[2012/08/19 13:05:24 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/19 12:52:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/19 12:52:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/19 12:52:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/19 12:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/19 12:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/19 11:52:17 | 089,340,632 | ---- | C] () -- C:\Users\2nd_Window\Desktop\avast_free_antivirus_setup.exe
[2012/08/19 11:18:21 | 000,001,352 | ---- | C] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
[2012/08/18 15:56:05 | 000,001,210 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Any Video Converter.lnk
[2012/08/18 15:52:13 | 000,001,258 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Any Video Converter Ultimate.lnk
[2012/08/18 00:45:31 | 000,000,512 | ---- | C] () -- C:\Users\2nd_Window\Desktop\MBR.dat
[2012/08/16 22:08:17 | 000,469,359 | ---- | C] () -- C:\Users\2nd_Window\Documents\Statement.pdf
[2012/08/16 20:01:52 | 000,302,592 | ---- | C] () -- C:\Users\2nd_Window\Desktop\82hdu87u.exe
[2012/08/15 19:47:58 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 23:08:16 | 000,116,857 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Receipt.pdf
[2012/08/13 23:07:29 | 000,121,071 | ---- | C] () -- C:\Users\2nd_Window\Desktop\HP Warranty - Warranty information.pdf
[2012/08/13 22:41:27 | 000,328,764 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Correspondence_2011792.pdf
[2012/08/07 07:43:32 | 000,112,764 | ---- | C] () -- C:\Users\2nd_Window\Documents\Scan008.pdf
[2012/08/06 11:47:29 | 011,581,288 | ---- | C] () -- C:\Users\2nd_Window\Desktop\ComicRackSetup09155.exe
[2012/08/05 16:45:59 | 2587,789,312 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Ãà±¸ ³²ÀÚ 8° ´ëÇÑ¹Î±¹ vs ¿µ±¹ ÈÄ¹Ý, ¿¬Àå, ½ÂºÎÂ÷±â.120804.HDTV.x264.720p-HEAD.avi
[2012/08/05 11:36:31 | 1336,045,568 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Ãà±¸ ³²ÀÚ 8° ´ëÇÑ¹Î±¹ vs ¿µ±¹ Àü¹Ý.120804.HDTV.x264.720p-HEAD.avi
[2012/08/01 20:26:10 | 003,591,925 | ---- | C] () -- C:\Users\2nd_Window\Desktop\BH_266.psd
[2012/08/01 20:25:56 | 004,784,596 | ---- | C] () -- C:\Users\2nd_Window\Desktop\BH_275a.psd
[2012/07/31 19:47:10 | 001,704,389 | ---- | C] () -- C:\Users\2nd_Window\Documents\human.ma
[2012/07/31 19:46:26 | 019,884,489 | ---- | C] () -- C:\Users\2nd_Window\Documents\Waterdown.ma
[2012/07/28 15:27:40 | 000,000,759 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Icy Tower.lnk
[2012/07/24 22:11:24 | 000,002,091 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Aerial Fire.lnk
[2012/07/13 06:55:21 | 000,204,952 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/07 20:31:57 | 000,015,512 | ---- | C] () -- C:\Windows\System32\IRTrace.dll
[2012/05/07 20:25:12 | 000,000,024 | ---- | C] () -- C:\Windows\System32\scskConfigEH.ini
[2012/04/18 09:41:55 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/03/05 14:44:21 | 011,296,768 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.mdb
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/10 13:10:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/10 13:10:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\53958F55BF.sys
[2012/01/25 01:56:22 | 000,000,218 | ---- | C] () -- C:\Users\2nd_Window\.recently-used.xbel
[2012/01/18 20:18:20 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/01/18 20:17:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp8ml3.dll
[2012/01/16 22:00:48 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll
[2011/11/02 20:29:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/09/26 13:30:56 | 000,024,576 | ---- | C] () -- C:\Windows\INIUpdateAdmin.dll
[2011/07/20 23:46:40 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/20 23:46:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/20 23:46:36 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/20 23:46:36 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/20 23:46:36 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/05 17:49:38 | 000,000,686 | ---- | C] () -- C:\Windows\cedt.INI
[2011/06/20 00:00:49 | 000,072,272 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2011/05/19 12:01:24 | 001,266,880 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2011/03/29 23:52:58 | 000,000,398 | ---- | C] () -- C:\Windows\miniMBC.INI
[2011/03/07 23:41:06 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/07 23:40:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2011/02/22 16:24:26 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2011/02/15 23:54:42 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/01/18 12:56:27 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin

========== LOP Check ==========

[2012/08/19 18:23:45 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\.minecraft
[2011/09/27 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\AhnLab
[2012/08/18 15:56:44 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\AnvSoft
[2012/02/10 13:00:37 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Autodesk
[2012/02/10 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/10 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\ClientKeeper
[2011/07/02 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Clunet
[2011/10/30 00:54:29 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\cYo
[2011/04/30 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\DAEMON Tools Lite
[2012/08/22 08:23:52 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Dropbox
[2011/01/18 13:01:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\EPSON
[2012/08/13 22:47:55 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\FileZilla
[2012/01/25 01:56:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\gtk-2.0
[2011/03/29 23:48:05 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\iMBC
[2012/08/20 00:38:47 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\IrfanView
[2012/02/05 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Leadertech
[2011/04/28 22:31:26 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Lingoes
[2012/01/28 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Media Finder
[2011/03/08 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\OpenOffice.org
[2012/02/02 12:23:04 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Samsung
[2012/01/30 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Softarium.com
[2012/02/10 02:07:46 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/29 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Toon Boom Animation
[2012/07/16 20:00:26 | 000,032,668 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BC359956

< End of report >

megaboy1, Aug 22, 2012

#36
megaboy1 Newcomer, in training Posts: 59

OTL Extras logfile created on: 22/08/2012 12:10:20 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\2nd_Window\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.39% Memory free
6.00 Gb Paging File | 5.01 Gb Available in Paging File | 83.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488.28 Gb Total Space | 62.60 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 57.27 Gb Total Space | 24.10 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 281.47 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive F: | 443.22 Gb Total Space | 150.45 Gb Free Space | 33.95% Space Free | Partition Type: NTFS
Drive G: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E56FBDB-28F6-49E5-829F-E42FE3616743}" = mini
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5E4ADF05-F045-4F82-9E98-422B2FCB944C}" = StudioTax 2011
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7288831E-1418-40E5-A70A-A55D0AA6657B}" = Simply Accounting by Sage 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-1048-8780-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7F653CF-1BE5-4F40-BA4A-E3BBC6869116}" = Æ÷Æ®¸®½º2 Forever
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{C7822DAD-D89C-4CC2-87F4-D28AA719905E}" = NetFolder
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E417A85A-EA99-4307-B5FC-99A800AE361E}" = Toon Boom Harmony 9.2
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B27584-72DD-4CED-A329-57C7F91586C0}" = Autodesk SketchBookPro 2011
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Aerial Fire_is1" = Aerial Fire
"AhnLab Online Security" = AhnLab Online Security
"ALUpdate_is1" = 알툴즈 업데이트
"ALZip_is1" = 알집 8.52
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.4.2
"Any Video Converter_is1" = Any Video Converter 3.4.2
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast" = avast! Free Antivirus
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CacaoEncoder" = CacaoEncoder 삭제
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComicRack" = ComicRack v0.9.155
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"Crimson Editor SVN286" = Crimson Editor SVN286
"DAEMON Tools Lite" = DAEMON Tools Lite
"Design-Lib.Com - Batch PSD to JPG 1.5" = Design-Lib.Com - Batch PSD to JPG 1.5
"DeskPins" = DeskPins (remove only)
"DtsFilter" = DTS+AC3 Filter
"EasyBCD" = EasyBCD 2.1
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"GOM Player" = GOM Player
"GomTV Launcher Plugin" = GOMTV Plug-in
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Icy Tower v1.5.1_is1" = Icy Tower v1.5.1
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaCoder" = MediaCoder 0.6.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.6 (x86 en-US)" = Mozilla Firefox 10.0.6 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PS3 Media Server" = PS3 Media Server
"RealPlayer 15.0" = RealPlayer
"Samsung ML-1865W Series" = Samsung ML-1865W Series
"SDM WebHard" = SDM WebHard Program
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"StuffPlug3" = StuffPlug 3
"UnINISafeWeb7" = INISafeWeb 7.0 (SFilter v1.0)
"USADISK" = 미주디스크 프로그램 삭제
"VeraPort" = VeraPort (보안모듈관리 프로그램)
"VLC media player" = VLC media player 1.1.9
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"XecureCK" = TouchEn Key with E2E for 32bit
"XecureWeb Control" = XecureWeb Control

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fec6edc179e1ea07" = OhCASTra

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/08/2012 3:29:27 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 20/08/2012 3:29:30 PM | Computer Name = 2nd_Window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Faulting module name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Exception code: 0xc0000005 Fault offset: 0x0027ec8a Faulting process
id: 0x85c Faulting application start time: 0x01cd7f0a1cc83600 Faulting application
path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe Faulting module path: C:\Program
Files\Tablet\Wacom\Wacom_Tablet.exe Report Id: 5c1c75a0-eafd-11e1-818a-485b3910853a

Error - 20/08/2012 9:43:20 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 21/08/2012 4:56:51 AM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 21/08/2012 7:13:50 AM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 21/08/2012 7:49:38 AM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 21/08/2012 7:49:39 AM | Computer Name = 2nd_Window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Faulting module name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Exception code: 0xc0000005 Fault offset: 0x00315341 Faulting process
id: 0x850 Faulting application start time: 0x01cd7f9306ee8760 Faulting application
path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe Faulting module path: C:\Program
Files\Tablet\Wacom\Wacom_Tablet.exe Report Id: 49460480-eb86-11e1-9fc2-485b3910853a

Error - 22/08/2012 6:13:20 AM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 22/08/2012 6:13:21 AM | Computer Name = 2nd_Window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Faulting module name: Wacom_Tablet.exe, version: 6.2.0.5, time
stamp: 0x4f1a0d84 Exception code: 0xc0000005 Fault offset: 0x00315341 Faulting process
id: 0x850 Faulting application start time: 0x01cd804ebfca1220 Faulting application
path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe Faulting module path: C:\Program
Files\Tablet\Wacom\Wacom_Tablet.exe Report Id: ff6cdf20-ec41-11e1-8733-485b3910853a

Error - 22/08/2012 8:23:29 AM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Media Center Events ]
Error - 07/06/2012 10:12:32 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 10:12:32 PM - Failed to retrieve Directory (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 21/06/2012 7:17:20 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 7:17:20 AM - Error connecting to the internet. 7:17:20 AM - Unable
to contact server..

Error - 21/06/2012 7:18:01 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 7:17:50 AM - Error connecting to the internet. 7:17:50 AM - Unable
to contact server..

Error - 21/06/2012 10:59:10 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 10:59:10 AM - Error connecting to the internet. 10:59:10 AM - Unable
to contact server..

Error - 21/06/2012 10:59:26 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 10:59:16 AM - Error connecting to the internet. 10:59:16 AM - Unable
to contact server..

Error - 21/06/2012 1:04:20 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 1:04:20 PM - Error connecting to the internet. 1:04:20 PM - Unable
to contact server..

Error - 21/06/2012 1:04:47 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 1:04:25 PM - Error connecting to the internet. 1:04:25 PM - Unable
to contact server..

Error - 06/07/2012 11:08:12 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 11:08:02 AM - Error connecting to the internet. 11:08:02 AM - Unable
to contact server..

Error - 06/07/2012 2:37:10 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 2:37:01 PM - Error connecting to the internet. 2:37:01 PM - Unable
to contact server..

Error - 18/07/2012 8:57:54 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:57:40 AM - Error connecting to the internet. 8:57:41 AM - Unable
to contact server..

[ System Events ]
Error - 22/08/2012 6:13:21 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 22/08/2012 6:13:44 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 22/08/2012 6:13:44 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 22/08/2012 6:16:08 AM | Computer Name = 2nd_Window-PC | Source = DCOM | ID = 10001
Description =

Error - 22/08/2012 8:23:28 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 22/08/2012 8:23:33 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 22/08/2012 8:23:44 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 22/08/2012 8:23:44 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 22/08/2012 12:06:38 PM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 22/08/2012 12:06:38 PM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

< End of report >

megaboy1, Aug 22, 2012

#37
Broni Malware Annihilator Posts: 40,051 +187
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL [2011/04/07 19:56:54 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\2nd_Window\AppData\Local\ixu.exe @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BC359956 :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Aug 22, 2012

#38
megaboy1 Newcomer, in training Posts: 59

All processes killed
========== OTL ==========
C:\Users\2nd_Window\AppData\Local\ixu.exe moved successfully.
ADS C:\ProgramData\Temp:BC359956 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 2nd_Window
->Temp folder emptied: 1917214802 bytes
->Temporary Internet Files folder emptied: 363742283 bytes
->Java cache emptied: 395878 bytes
->FireFox cache emptied: 251343551 bytes
->Google Chrome cache emptied: 15060774 bytes
->Flash cache emptied: 164505 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26925924 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 223261 bytes

Total Files Cleaned = 2,456.00 mb

[EMPTYJAVA]

User: 2nd_Window
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.2nd_Window-PC

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: 2nd_Window
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 08252012_133906

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

megaboy1, Aug 25, 2012

#39
megaboy1 Newcomer, in training Posts: 59

Results of screen317's Security Check version 0.99.46
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 10.0.6 Firefox out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

megaboy1, Aug 25, 2012

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.