TechSpot

Crypt.AQLW and Cryptic.DYR infections cannot remove

Solved
By steve1965
Apr 10, 2012
  1. hi all
    I am having much grief with the 2 trojan infections, mentioned above, which AVG cannot eradicate. I have read the 5 point sticky and await further instructions before posting any logs from them.

    I am running a full AVG scan at the moment.

    many thanks in advance.
    steve
     
  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    logs

    Hi Broni

    my windows security centre is also hobbled and wont restart service.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.10.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Steve :: STEVE-PC [administrator]

    10/04/2012 16:43:31
    mbam-log-2012-04-10 (16-43-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 273348
    Time elapsed: 14 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 5
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKLM\System\CurrentControlSet\Services\ehstartTermService (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network|UID (Malware.Trace) -> Data: STEVE-PC_00366ECA -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Win32Update (Malware.Trace) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|Win32Update (Malware.Trace) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.
    HKLM\System\CurrentControlSet\Control\Lsa|Win32Update (LSP.Hijacker) -> Data: C:\Windows\system32\adsmsexto.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

    Folders Detected: 4
    C:\ProgramData\CrucialSoft Ltd (Rogue.AV2009) -> Quarantined and deleted successfully.
    C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.AV2009) -> Quarantined and deleted successfully.
    C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
    C:\Windows\System32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

    Files Detected: 8
    C:\Users\Steve\AppData\Local\Temp\Low\jar_cache7050.tmp (Trojan.FakeAlert.VGen) -> Quarantined and deleted successfully.
    C:\487656.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\st_1243326795.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Windows\st_1243327208.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Windows\st_1243345222.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Windows\st_1243345637.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-10 17:19:49
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HDT722525DLA380 rev.V44OA9BA
    Running: zykncpn9.exe; Driver: C:\Users\Steve\AppData\Local\Temp\kwtoypob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F3A1E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84F3A1E8
    Device \Driver\atapi \Device\Ide\IdePort0 84F3A1E8
    Device \Driver\atapi \Device\Ide\IdePort1 84F3A1E8
    Device \Driver\atapi \Device\Ide\IdePort2 84F3A1E8
    Device \Driver\atapi \Device\Ide\IdePort3 84F3A1E8
    Device \Driver\ampd0lrd \Device\Scsi\ampd0lrd1 86A671E8
    Device \Driver\ampd0lrd \Device\Scsi\ampd0lrd1Port6Path0Target0Lun0 86A671E8
    Device \FileSystem\Ntfs \Ntfs 84F3B1E8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 4892

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by Steve at 17:28:30 on 2012-04-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2125 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Web\Apache2\bin\Apache.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Web\Apache2\bin\Apache.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Web\mysql\bin\mysqld-nt.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\System32\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Web\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Java\jdk1.6.0_03\bin\javaw.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
    uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
    uRun: [kdx] c:\program files\kontiki\KHost.exe -all
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Skytel] Skytel.exe
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [EPSON Stylus DX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibie.exe /fu "c:\windows\temp\E_SFDBE.tmp" /EF "HKCU"
    dRunServices: [Win32Update] c:\windows\system32\adsmsexto.exe
    StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\program files\java\jdk1.6.0_03\bin\javaw.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\web\apache2\bin\ApacheMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: localhost
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax65.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxps://download.yahoo.com/dl/installs/bt/yregucfg.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{43A44558-6C56-4CDA-80E8-358ED16E6DF9} : DhcpNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...-news/|http://promodeller.websitetoolbox.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc85cb29a-10cf-4480-9a00-01060b6e0c30%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2018%3A58%3A59&sap=ku&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}\components\schemval.dll
    FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\vfue9ge0.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}\components\xforms.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-23 21504]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    S2 AeLookupSvcMDM;Application Experience AeLookupSvcMDM;o% srv --> o% srv [?]
    S2 AeLookupSvcMDMCryptSvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMCryptSvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AeLookupSvcMDMehRecvr;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AeLookupSvcMDMehRecvrhkmsvcQWAVE;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;€û srv --> €û srv [?]
    S2 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;€û srv --> €û srv [?]
    S2 AeLookupSvcMDMehRecvrW32Timep2pimsvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrW32Timep2pimsvc;€s/ srv --> €s/ srv [?]
    S2 ALGmsvsmon80;Application Layer Gateway Service ALGmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 ALGmsvsmon80MSSQLServerADHelper;Application Layer Gateway Service ALGmsvsmon80 ALGmsvsmon80MSSQLServerADHelper;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 Apache2slsvc;Apache2 Apache2slsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AppinfoBFE;Application Information AppinfoBFE;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AppinfoBFEWPDBusEnum;Application Information AppinfoBFE AppinfoBFEWPDBusEnum;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AudioEndpointBuilderMSDTCLanmanServer;Windows Audio Endpoint Builder AudioEndpointBuilderMSDTCLanmanServer;àq% srv --> àq% srv [?]
    S2 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing;Windows Audio Endpoint Builder AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 AudiosrvMSSQLServerADHelperIKEEXT;Windows Audio AudiosrvMSSQLServerADHelperIKEEXT;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BFEDPSmsvsmon80;Base Filtering Engine BFEDPSmsvsmon80;@p srv --> @p srv [?]
    S2 BFEupnphostmsiserver;Base Filtering Engine BFEupnphostmsiserver;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSApache2;Background Intelligent Transfer Service BITSApache2;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSSENSSysMain;Background Intelligent Transfer Service BITSSENSSysMain;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSslsvc;Background Intelligent Transfer Service BITSslsvc;€û srv --> €û srv [?]
    S2 BITSslsvcAppinfoBFEWPDBusEnum;Background Intelligent Transfer Service BITSslsvc BITSslsvcAppinfoBFEWPDBusEnum;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSslsvcAppinfoBFEWPDBusEnumehSched;Background Intelligent Transfer Service BITSslsvc BITSslsvcAppinfoBFEWPDBusEnum BITSslsvcAppinfoBFEWPDBusEnumehSched;€û srv --> €û srv [?]
    S2 BITSslsvcp2pimsvc;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSslsvcp2pimsvcupnphostmsiserver;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BITSslsvcp2pimsvcupnphostmsiserverBrowser;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver BITSslsvcp2pimsvcupnphostmsiserverBrowser;€û srv --> €û srv [?]
    S2 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch;Background Intelligent Transfer Service BITSslsvc BITSslsvcp2pimsvc BITSslsvcp2pimsvcupnphostmsiserver BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch;€û srv --> €û srv [?]
    S2 BITSW32Timep2pimsvc;Background Intelligent Transfer Service BITSW32Timep2pimsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BrlAPIEventSystemwscsvcmsvsmon80;BrlAPI BrlAPIEventSystemwscsvcmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 Browserhkmsvc;Computer Browser Browserhkmsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BrowserhkmsvcNetTcpPortSharingnvsvc;Computer Browser Browserhkmsvc BrowserhkmsvcNetTcpPortSharingnvsvc;0q& srv --> 0q& srv [?]
    S2 BrowserhkmsvcNetTcpPortSharingnvsvchidserv;Computer Browser Browserhkmsvc BrowserhkmsvcNetTcpPortSharingnvsvc BrowserhkmsvcNetTcpPortSharingnvsvchidserv;€û srv --> €û srv [?]
    S2 BrowserhkmsvcPACSPTISVR;Computer Browser Browserhkmsvc BrowserhkmsvcPACSPTISVR;€û srv --> €û srv [?]
    S2 BrowserhkmsvcSLUINotify;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 BrowserhkmsvcSLUINotifynvsvcW32Time;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify BrowserhkmsvcSLUINotifynvsvcW32Time;€û srv --> €û srv [?]
    S2 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc;Computer Browser Browserhkmsvc BrowserhkmsvcSLUINotify BrowserhkmsvcSLUINotifynvsvcW32Time BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV;Microsoft .NET Framework NGEN v2.0.50727_X86 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV;€û srv --> €û srv [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 COMSysAppMMCSS;COM+ System Application COMSysAppMMCSS;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 DFSRWinHttpAutoProxySvc;DFS Replication DFSRWinHttpAutoProxySvc;o# srv --> o# srv [?]
    S2 DnscachewmiApSrv;DNS Client DnscachewmiApSrv;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 dot3svcSpooler;Wired AutoConfig dot3svcSpooler;Øo srv --> Øo srv [?]
    S2 DPSmsvsmon80;Diagnostic Policy Service DPSmsvsmon80;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 DPSmsvsmon80IDriverTBrowser;Diagnostic Policy Service DPSmsvsmon80 DPSmsvsmon80IDriverTBrowser;àq srv --> àq srv [?]
    S2 DPSmsvsmon80MSDTCSharedAccess;Diagnostic Policy Service DPSmsvsmon80 DPSmsvsmon80MSDTCSharedAccess;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 DPSSENSSysMain;Diagnostic Policy Service DPSSENSSysMain;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 DPSupnphostmsiserver;Diagnostic Policy Service DPSupnphostmsiserver;øo` srv --> øo` srv [?]
    S2 DPSupnphostmsiserverThemesNetTcpPortSharing;Diagnostic Policy Service DPSupnphostmsiserver DPSupnphostmsiserverThemesNetTcpPortSharing;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 EapHostLanmanServerfdPHostUI0DetectDFSR;Extensible Authentication Protocol EapHostLanmanServerfdPHostUI0DetectDFSR;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 EapHostTBS;Extensible Authentication Protocol EapHostTBS;øo srv --> øo srv [?]
    S2 ehSchedTrustedInstallerWinmgmt;Windows Media Center Scheduler Service ehSchedTrustedInstallerWinmgmt;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 ehstartMySQLWPDBusEnumBITS;Windows Media Center Service Launcher ehstartMySQLWPDBusEnumBITS;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 EMDMgmtplaWMPNetworkSvcehstart;ReadyBoost EMDMgmtplaWMPNetworkSvcehstart;¨p srv --> ¨p srv [?]
    S2 EventSystemMSiSCSI;COM+ Event System EventSystemMSiSCSI;@p) srv --> @p) srv [?]
    S2 EventSystemwscsvc;COM+ Event System EventSystemwscsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 EventSystemwscsvcmsvsmon80;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80;Èp% srv --> Èp% srv [?]
    S2 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost;w) srv --> w) srv [?]
    S2 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc;COM+ Event System EventSystemwscsvc EventSystemwscsvcmsvsmon80 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 fdPHostUI0DetectDFSR;Function Discovery Provider Host fdPHostUI0DetectDFSR;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 FontCache3.0.0.0 Back-End Service;Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0 Back-End Service;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 hkmsvcQWAVE;Health Key and Certificate Management hkmsvcQWAVE;€û srv --> €û srv [?]
    S2 hkmsvcQWAVEplaWMPNetworkSvcehstart;Health Key and Certificate Management hkmsvcQWAVE hkmsvcQWAVEplaWMPNetworkSvcehstart;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 hkmsvcWSearch;Health Key and Certificate Management hkmsvcWSearch;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 IDriverTBrowser;InstallDriver Table Manager IDriverTBrowser;øo# srv --> øo# srv [?]
    S2 IDriverTBrowserSQLBrowser;InstallDriver Table Manager IDriverTBrowser IDriverTBrowserSQLBrowser;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc;InstallDriver Table Manager IDriverTBrowser IDriverTBrowserSQLBrowser IDriverTBrowserSQLBrowserProtectedStorageusnjsvc;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 idsvcclr_optimization_v2.0.50727_32;Windows CardSpace idsvcclr_optimization_v2.0.50727_32;c:\windows\system32\adsmsexto.exe srv --> c:\windows\system32\adsmsexto.exe srv [?]
    S2 idsvcwcncsvc;Windows CardSpace idsvcwcncsvc;(o
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
    S3 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-3 1025352]
    S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
    S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
    .
    =============== Created Last 30 ================
    .
    2012-04-10 15:40:07 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
    2012-04-10 15:40:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-10 15:40:00 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-10 15:40:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-09 17:25:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-06 14:29:33 -------- d-----w- c:\program files\iPod
    2012-04-06 14:29:29 -------- d-----w- c:\program files\iTunes
    2012-04-01 12:02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-17 17:58:07 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-03-17 17:58:07 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-03-14 12:57:19 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 12:57:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-03-14 12:57:11 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 12:57:11 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 12:57:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 12:57:11 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:57:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 12:54:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 12:54:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 12:20:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-03-13 12:20:26 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    .
    ==================== Find3M ====================
    .
    2012-04-01 12:18:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 17:29:09.60 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 13/11/2007 15:17:49
    System Uptime: 10/04/2012 17:04:05 (0 hours ago)
    .
    Motherboard: Foxconn | | 45GM/45CM
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 539/49mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 226 GiB total, 38.728 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()
    L: is FIXED (NTFS) - 466 GiB total, 150.848 GiB free.
    S: is FIXED (NTFS) - 1 GiB total, 1.407 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 7.0.8
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11
    Adobe SING CS4
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AnyDVD
    Apache HTTP Server 2.0.63
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    AVG 2012
    Avidemux 2.4
    BBC iPlayer Desktop
    Bonjour
    BT Broadband Desktop Help
    Compatibility Pack for the 2007 Office system
    Connect
    COWON Media Center - jetAudio Basic VX
    DivX Codec
    DivX Converter
    DivX Web Player
    Duke Xtreme Command Center
    DVDx
    EPSON Printer Software
    EPSON Scan
    FinePixViewer Resource
    FinePixViewer Ver.5.4
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    J2SE Development Kit 5.0 Update 9
    J2SE Runtime Environment 5.0 Update 9
    Java 3D 1.5.2
    Java Auto Updater
    Java DB 10.6.2.1
    Java Media Framework 2.1.1e
    Java MP3 PlugIn
    Java Platform, Enterprise Edition 5 SDK
    Java(TM) 6 Update 27
    Java(TM) 6 Update 3
    Java(TM) SE Development Kit 6 Update 27
    Java(TM) SE Development Kit 6 Update 3
    jetVideo Basic VX
    kuler
    LADSPA_plugins-win-0.4.15
    LDraw
    M-Audio FastTrack Driver 6.0.6 (x86)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Compact Framework 1.0 SP3 Developer
    Microsoft .NET Compact Framework 2.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Device Emulator version 1.0 - ENU
    Microsoft Document Explorer 2005
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office Visio Professional 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (SQLEXPRESS)
    Microsoft SQL Server 2005 Books Online (English) (September 2007)
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server Management Studio Express
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Professional Edition - ENU
    Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
    Mozilla Firefox 11.0 (x86 en-GB)
    MySQL Server 5.0
    NVIDIA Control Panel 275.33
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Components
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    Oracle Data Provider for .NET Help
    Oracle Database 10g Express Edition
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    POV-Ray for Windows v3.1
    POV-Ray for Windows v3.5
    Power2Go 5.0
    QuickTime
    Quicktime Browser Plug-In
    RAW FILE CONVERTER LE
    RealPlayer
    Realtek High Definition Audio Driver
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2251481)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2538218)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2548826)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
    Sky Anytime
    SonicStage 4.3
    Suite Shared Configuration CS4
    Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
    SuperNZB v3.2.1
    Tile-based game
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
    VC80CRTRedist - 8.0.50727.762
    VLC media player 1.0.0
    Vodei Multimedia Processor 2.10
    Vuze
    Vuze_Remote Toolbar
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Player Firefox Plugin
    Windows Resource Kit Tools - SubInAcl.exe
    WinRAR archiver
    WinZip 15.0
    Xvid 1.1.3 final uninstall
    XviD MPEG4 Video Codec (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/04/2012 17:26:57, Error: Service Control Manager [7023] - The EIO service terminated with the following error: Access is denied.
    10/04/2012 17:07:57, Error: Service Control Manager [7023] - The Msmpsvc service terminated with the following error: Access is denied.
    10/04/2012 17:07:05, Error: Service Control Manager [7023] - The Nipxirmu service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The WaveFDE service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The VHidMinidrv service terminated with the following error: The specified module could not be found.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Pinetmgr service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: The specified module could not be found.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: The specified module could not be found.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The LVCap138 service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The JavaQuickStarterService service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: The specified module could not be found.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Cfosspeed service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: The specified module could not be found.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7023] - The Artdhcp service terminated with the following error: Access is denied.
    10/04/2012 17:07:02, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    10/04/2012 17:07:02, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1150 PCL 5e with shared resource name hp LaserJet 1150 PCL 5e. Error 1753. The printer cannot be used by others on the network.
    10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer EPSON Stylus DX6000 Series with shared resource name EPSON Stylus DX6000 Series. Error 1753. The printer cannot be used by others on the network.
    10/04/2012 17:05:06, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 1753. The printer cannot be used by others on the network.
    10/04/2012 17:04:36, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/04/2012 15:38:28, Error: Service Control Manager [7023] - The VHidMinidrv service terminated with the following error: Access is denied.
    10/04/2012 15:23:28, Error: Service Control Manager [7023] - The ESDCR service terminated with the following error: Access is denied.
    10/04/2012 15:08:29, Error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: Access is denied.
    10/04/2012 14:53:30, Error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: Access is denied.
    10/04/2012 14:52:54, Error: Service Control Manager [7023] - The MxlW2k service terminated with the following error: Access is denied.
    10/04/2012 14:51:41, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1150 PCL 5e with shared resource name hp LaserJet 1150 PCL 5e. Error 2114. The printer cannot be used by others on the network.
    09/04/2012 11:40:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
    09/04/2012 11:40:31, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/04/2012 18:03:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    08/04/2012 18:03:14, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/04/2012 18:03:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    06/04/2012 15:22:19, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    MBR & Boot Cleaner Logs

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-10 17:55:31
    -----------------------------
    17:55:31.414 OS Version: Windows 6.0.6002 Service Pack 2
    17:55:31.414 Number of processors: 2 586 0xF0D
    17:55:31.415 ComputerName: STEVE-PC UserName: Steve
    17:55:32.861 Initialize success
    17:56:45.963 AVAST engine defs: 12041002
    17:56:56.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    17:56:56.798 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3
    17:56:56.809 Disk 0 MBR read successfully
    17:56:56.812 Disk 0 MBR scan
    17:56:56.816 Disk 0 Windows VISTA default MBR code
    17:56:56.822 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
    17:56:56.835 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
    17:56:56.849 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231473 MB offset 14338048
    17:56:56.856 Disk 0 scanning sectors +488394752
    17:56:56.928 Disk 0 scanning C:\Windows\system32\drivers
    17:57:10.508 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Rootkit-gen [Rtk]
    17:57:14.770 Disk 0 trace - called modules:
    17:57:14.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86df3fd0]<<
    17:57:14.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b77ac8]
    17:57:14.808 3 CLASSPNP.SYS[8b3a48b3] -> nt!IofCallDriver -> [0x86b04578]
    17:57:14.815 \Driver\00000817[0x86b046b0] -> IRP_MJ_CREATE -> 0x86df3fd0
    17:57:16.621 AVAST engine scan C:\Windows
    17:57:23.880 AVAST engine scan C:\Windows\system32
    17:57:27.238 File: C:\Windows\system32\atiavaiw.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:57:28.419 File: C:\Windows\system32\authsyssvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:58:06.318 File: C:\Windows\system32\iolodmv.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:58:15.336 File: C:\Windows\system32\lxbs_device.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:58:19.266 File: C:\Windows\system32\mfebopk.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:58:35.679 File: C:\Windows\system32\ndis.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:04.659 File: C:\Windows\system32\osaio.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:26.691 File: C:\Windows\system32\Sntnlusb.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:40.782 File: C:\Windows\system32\VCAM.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:44.369 File: C:\Windows\system32\websenseclientdeployservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:51.826 File: C:\Windows\system32\wmp54gv4svc.dll **INFECTED** Win32:Sirefef-SM [Trj]
    17:59:58.904 File: C:\Windows\system32\wzcsvc.dll **INFECTED** Win32:Sirefef-SM [Trj]
    18:03:19.591 AVAST engine scan C:\Windows\system32\drivers
    18:03:37.649 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Rootkit-gen [Rtk]
    18:03:54.352 AVAST engine scan C:\Users\Steve
    19:18:47.536 File: C:\Users\Steve\AppData\Local\Temp\Low\jar_cache3594.tmp **INFECTED** Win32:Kryptik-HEY [Trj]
    21:25:17.751 AVAST engine scan C:\ProgramData
    21:37:47.118 Scan finished successfully
    21:39:31.233 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    21:39:31.233 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`b5900000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
  6. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    TDSSKiller log Part 1 (a-m)

    16:35:14.0020 7156 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    16:35:14.0212 7156 ============================================================
    16:35:14.0212 7156 Current date / time: 2012/04/11 16:35:14.0212
    16:35:14.0212 7156 SystemInfo:
    16:35:14.0212 7156
    16:35:14.0212 7156 OS Version: 6.0.6002 ServicePack: 2.0
    16:35:14.0212 7156 Product type: Workstation
    16:35:14.0212 7156 ComputerName: STEVE-PC
    16:35:14.0212 7156 UserName: Steve
    16:35:14.0212 7156 Windows directory: C:\Windows
    16:35:14.0212 7156 System windows directory: C:\Windows
    16:35:14.0212 7156 Processor architecture: Intel x86
    16:35:14.0212 7156 Number of processors: 2
    16:35:14.0212 7156 Page size: 0x1000
    16:35:14.0212 7156 Boot type: Normal boot
    16:35:14.0212 7156 ============================================================
    16:35:15.0456 7156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    16:35:15.0523 7156 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:35:15.0536 7156 \Device\Harddisk0\DR0:
    16:35:15.0537 7156 MBR used
    16:35:15.0537 7156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
    16:35:15.0537 7156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
    16:35:15.0537 7156 \Device\Harddisk5\DR5:
    16:35:15.0538 7156 MBR used
    16:35:15.0538 7156 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    16:35:15.0763 7156 Initialize success
    16:35:15.0763 7156 ============================================================
    16:35:39.0081 7084 ============================================================
    16:35:39.0081 7084 Scan started
    16:35:39.0081 7084 Mode: Manual;
    16:35:39.0081 7084 ============================================================
    16:35:41.0369 7084 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    16:35:41.0375 7084 ACPI - ok
    16:35:41.0448 7084 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    16:35:41.0468 7084 adfs - ok
    16:35:41.0565 7084 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    16:35:41.0570 7084 Adobe Version Cue CS4 - ok
    16:35:41.0763 7084 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:35:41.0767 7084 AdobeFlashPlayerUpdateSvc - ok
    16:35:41.0831 7084 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    16:35:41.0840 7084 adp94xx - ok
    16:35:41.0945 7084 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    16:35:41.0956 7084 adpahci - ok
    16:35:42.0034 7084 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    16:35:42.0038 7084 adpu160m - ok
    16:35:42.0082 7084 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    16:35:42.0087 7084 adpu320 - ok
    16:35:42.0171 7084 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    16:35:42.0172 7084 AeLookupSvc - ok
    16:35:42.0185 7084 AeLookupSvcMDM - ok
    16:35:42.0259 7084 AeLookupSvcMDMCryptSvc - ok
    16:35:42.0283 7084 AeLookupSvcMDMehRecvr - ok
    16:35:42.0348 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVE - ok
    16:35:42.0358 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01 - ok
    16:35:42.0366 7084 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso - ok
    16:35:42.0376 7084 AeLookupSvcMDMehRecvrW32Timep2pimsvc - ok
    16:35:42.0440 7084 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    16:35:42.0445 7084 AFD - ok
    16:35:42.0607 7084 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
    16:35:42.0622 7084 AgereSoftModem - ok
    16:35:42.0665 7084 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    16:35:42.0667 7084 agp440 - ok
    16:35:43.0023 7084 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    16:35:43.0034 7084 aic78xx - ok
    16:35:43.0166 7084 alcxsens (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\afd.dll
    16:35:43.0178 7084 Suspicious file (NoAccess): C:\Windows\system32\afd.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:43.0179 7084 alcxsens ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:43.0179 7084 alcxsens - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:43.0366 7084 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    16:35:43.0368 7084 ALG - ok
    16:35:43.0437 7084 ALGmsvsmon80 - ok
    16:35:43.0457 7084 ALGmsvsmon80MSSQLServerADHelper - ok
    16:35:43.0515 7084 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    16:35:43.0516 7084 aliide - ok
    16:35:43.0632 7084 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    16:35:43.0634 7084 amdagp - ok
    16:35:43.0679 7084 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    16:35:43.0689 7084 amdide - ok
    16:35:43.0757 7084 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    16:35:43.0774 7084 AmdK7 - ok
    16:35:43.0792 7084 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    16:35:43.0793 7084 AmdK8 - ok
    16:35:43.0893 7084 ANC (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wmp54gv4svc.dll
    16:35:43.0927 7084 Suspicious file (NoAccess): C:\Windows\system32\wmp54gv4svc.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:43.0927 7084 ANC ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:43.0927 7084 ANC - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:44.0133 7084 AnyDVD (4f0e198fd3d5cd8bee02e0f014601bc5) C:\Windows\system32\Drivers\AnyDVD.sys
    16:35:44.0148 7084 AnyDVD - ok
    16:35:44.0211 7084 Apache2 (3c8b7e1e3f136c000c96690ac008c799) C:\Web\Apache2\bin\Apache.exe
    16:35:44.0212 7084 Apache2 - ok
    16:35:44.0264 7084 Apache2slsvc - ok
    16:35:44.0336 7084 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    16:35:44.0337 7084 Appinfo - ok
    16:35:44.0373 7084 AppinfoBFE - ok
    16:35:44.0403 7084 AppinfoBFEWPDBusEnum - ok
    16:35:44.0505 7084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:35:44.0521 7084 Apple Mobile Device - ok
    16:35:44.0756 7084 AppServer9PE - ok
    16:35:44.0916 7084 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    16:35:44.0918 7084 arc - ok
    16:35:44.0964 7084 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    16:35:44.0966 7084 arcsas - ok
    16:35:45.0016 7084 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:35:45.0017 7084 AsyncMac - ok
    16:35:45.0182 7084 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    16:35:45.0183 7084 atapi - ok
    16:35:45.0232 7084 atmarpc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\authsyssvc.dll
    16:35:45.0241 7084 Suspicious file (NoAccess): C:\Windows\system32\authsyssvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:45.0242 7084 atmarpc ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:45.0242 7084 atmarpc - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:45.0292 7084 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    16:35:45.0298 7084 AudioEndpointBuilder - ok
    16:35:45.0302 7084 AudioEndpointBuilderMSDTCLanmanServer - ok
    16:35:45.0359 7084 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:35:45.0406 7084 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    16:35:45.0409 7084 Audiosrv - ok
    16:35:45.0431 7084 AudiosrvMSSQLServerADHelperIKEEXT - ok
    16:35:45.0674 7084 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    16:35:45.0690 7084 AVG Security Toolbar Service - ok
    16:35:45.0859 7084 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    16:35:45.0971 7084 AVGIDSAgent - ok
    16:35:46.0175 7084 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    16:35:46.0180 7084 AVGIDSDriver - ok
    16:35:46.0221 7084 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    16:35:46.0225 7084 AVGIDSEH - ok
    16:35:46.0245 7084 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    16:35:46.0246 7084 AVGIDSFilter - ok
    16:35:46.0296 7084 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    16:35:46.0297 7084 AVGIDSShim - ok
    16:35:46.0408 7084 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    16:35:46.0412 7084 Avgldx86 - ok
    16:35:46.0488 7084 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    16:35:46.0489 7084 Avgmfx86 - ok
    16:35:46.0588 7084 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    16:35:46.0593 7084 Avgrkx86 - ok
    16:35:46.0667 7084 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    16:35:46.0672 7084 Avgtdix - ok
    16:35:46.0775 7084 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    16:35:46.0778 7084 avgwd - ok
    16:35:46.0874 7084 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    16:35:46.0886 7084 Beep - ok
    16:35:46.0891 7084 BFEDPSmsvsmon80 - ok
    16:35:46.0908 7084 BFEupnphostmsiserver - ok
    16:35:47.0014 7084 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    16:35:47.0028 7084 BITS - ok
    16:35:47.0349 7084 BITSApache2 - ok
    16:35:47.0398 7084 BITSSENSSysMain - ok
    16:35:47.0412 7084 BITSslsvc - ok
    16:35:47.0437 7084 BITSslsvcAppinfoBFEWPDBusEnum - ok
    16:35:47.0465 7084 BITSslsvcAppinfoBFEWPDBusEnumehSched - ok
    16:35:47.0505 7084 BITSslsvcp2pimsvc - ok
    16:35:47.0520 7084 BITSslsvcp2pimsvcupnphostmsiserver - ok
    16:35:47.0529 7084 BITSslsvcp2pimsvcupnphostmsiserverBrowser - ok
    16:35:47.0540 7084 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch - ok
    16:35:47.0558 7084 BITSW32Timep2pimsvc - ok
    16:35:47.0581 7084 blbdrive - ok
    16:35:47.0683 7084 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    16:35:47.0692 7084 Bonjour Service - ok
    16:35:47.0764 7084 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    16:35:47.0785 7084 bowser - ok
    16:35:47.0855 7084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    16:35:47.0857 7084 BrFiltLo - ok
    16:35:47.0879 7084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    16:35:47.0880 7084 BrFiltUp - ok
    16:35:47.0896 7084 BrlAPI - ok
    16:35:47.0947 7084 BrlAPIEventSystemwscsvcmsvsmon80 - ok
    16:35:48.0118 7084 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    16:35:48.0121 7084 Browser - ok
    16:35:48.0148 7084 Browserhkmsvc - ok
    16:35:48.0159 7084 BrowserhkmsvcNetTcpPortSharingnvsvc - ok
    16:35:48.0167 7084 BrowserhkmsvcNetTcpPortSharingnvsvchidserv - ok
    16:35:48.0178 7084 BrowserhkmsvcPACSPTISVR - ok
    16:35:48.0193 7084 BrowserhkmsvcSLUINotify - ok
    16:35:48.0202 7084 BrowserhkmsvcSLUINotifynvsvcW32Time - ok
    16:35:48.0218 7084 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc - ok
    16:35:48.0294 7084 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    16:35:48.0297 7084 Brserid - ok
    16:35:48.0337 7084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    16:35:48.0361 7084 BrSerWdm - ok
    16:35:48.0398 7084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    16:35:48.0399 7084 BrUsbMdm - ok
    16:35:48.0422 7084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    16:35:48.0426 7084 BrUsbSer - ok
    16:35:48.0508 7084 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    16:35:48.0510 7084 BTHMODEM - ok
    16:35:48.0584 7084 bwsvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\lvckap.dll
    16:35:48.0621 7084 Suspicious file (NoAccess): C:\Windows\system32\lvckap.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:48.0622 7084 bwsvc ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:48.0622 7084 bwsvc - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:48.0662 7084 cbidf2k (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\pavreport.dll
    16:35:48.0668 7084 Suspicious file (NoAccess): C:\Windows\system32\pavreport.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:48.0669 7084 cbidf2k ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:48.0669 7084 cbidf2k - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:48.0747 7084 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:35:48.0749 7084 cdfs - ok
    16:35:48.0816 7084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    16:35:48.0818 7084 cdrom - ok
    16:35:48.0919 7084 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    16:35:48.0935 7084 CertPropSvc - ok
    16:35:49.0000 7084 changer (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\avp.dll
    16:35:49.0074 7084 Suspicious file (NoAccess): C:\Windows\system32\avp.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:49.0075 7084 changer ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:49.0075 7084 changer - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:49.0388 7084 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    16:35:49.0403 7084 circlass - ok
    16:35:49.0464 7084 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    16:35:49.0468 7084 CLFS - ok
    16:35:49.0509 7084 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:35:49.0547 7084 clr_optimization_v2.0.50727_32 - ok
    16:35:49.0554 7084 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV - ok
    16:35:49.0648 7084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:35:49.0652 7084 clr_optimization_v4.0.30319_32 - ok
    16:35:49.0732 7084 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:35:49.0733 7084 CmBatt - ok
    16:35:49.0772 7084 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    16:35:49.0774 7084 cmdide - ok
    16:35:49.0832 7084 cmudau (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SerTVOutCtlr.dll
    16:35:49.0927 7084 Suspicious file (NoAccess): C:\Windows\system32\SerTVOutCtlr.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:49.0927 7084 cmudau ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:49.0927 7084 cmudau - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:49.0997 7084 cobbmservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\iolodmv.dll
    16:35:50.0005 7084 Suspicious file (NoAccess): C:\Windows\system32\iolodmv.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:50.0006 7084 cobbmservice ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:50.0006 7084 cobbmservice - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:50.0208 7084 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    16:35:50.0224 7084 Compbatt - ok
    16:35:50.0266 7084 COMSysApp - ok
    16:35:50.0279 7084 COMSysAppMMCSS - ok
    16:35:50.0321 7084 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    16:35:50.0322 7084 crcdisk - ok
    16:35:50.0371 7084 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    16:35:50.0373 7084 Crusoe - ok
    16:35:50.0447 7084 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    16:35:50.0449 7084 CryptSvc - ok
    16:35:50.0524 7084 DCamUSBGrandTek (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Sntnlusb.dll
    16:35:50.0571 7084 Suspicious file (NoAccess): C:\Windows\system32\Sntnlusb.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:50.0571 7084 DCamUSBGrandTek ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:50.0571 7084 DCamUSBGrandTek - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:50.0655 7084 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    16:35:50.0668 7084 DcomLaunch - ok
    16:35:50.0752 7084 DcPTP (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\VCAM.dll
    16:35:50.0763 7084 Suspicious file (NoAccess): C:\Windows\system32\VCAM.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:50.0764 7084 DcPTP ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:50.0764 7084 DcPTP - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:50.0812 7084 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    16:35:50.0813 7084 DfsC - ok
    16:35:51.0025 7084 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    16:35:51.0083 7084 DFSR - ok
    16:35:51.0088 7084 DFSRWinHttpAutoProxySvc - ok
    16:35:51.0411 7084 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    16:35:51.0415 7084 Dhcp - ok
    16:35:51.0526 7084 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    16:35:51.0563 7084 disk - ok
    16:35:51.0656 7084 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    16:35:51.0663 7084 Dnscache - ok
    16:35:51.0701 7084 DnscachewmiApSrv - ok
    16:35:51.0752 7084 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    16:35:51.0756 7084 dot3svc - ok
    16:35:51.0765 7084 dot3svcSpooler - ok
    16:35:51.0980 7084 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    16:35:51.0983 7084 dot4 - ok
    16:35:52.0178 7084 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    16:35:52.0210 7084 Dot4Print - ok
    16:35:52.0332 7084 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:35:52.0334 7084 dot4usb - ok
    16:35:52.0410 7084 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    16:35:52.0416 7084 DPS - ok
    16:35:52.0471 7084 DPSmsvsmon80 - ok
    16:35:52.0484 7084 DPSmsvsmon80IDriverTBrowser - ok
    16:35:52.0515 7084 DPSmsvsmon80MSDTCSharedAccess - ok
    16:35:52.0529 7084 DPSSENSSysMain - ok
    16:35:52.0542 7084 DPSupnphostmsiserver - ok
    16:35:52.0592 7084 DPSupnphostmsiserverThemesNetTcpPortSharing - ok
    16:35:52.0656 7084 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    16:35:52.0665 7084 drmkaud - ok
    16:35:52.0762 7084 dwmrcs (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\raysat3_4_6_18server.dll
    16:35:52.0803 7084 Suspicious file (NoAccess): C:\Windows\system32\raysat3_4_6_18server.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:52.0804 7084 dwmrcs ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:52.0804 7084 dwmrcs - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:52.0996 7084 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    16:35:53.0035 7084 DXGKrnl - ok
    16:35:53.0110 7084 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    16:35:53.0127 7084 E1G60 - ok
    16:35:53.0360 7084 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    16:35:53.0361 7084 EapHost - ok
    16:35:53.0404 7084 EapHostLanmanServerfdPHostUI0DetectDFSR - ok
    16:35:53.0414 7084 EapHostTBS - ok
    16:35:53.0532 7084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    16:35:53.0535 7084 Ecache - ok
    16:35:53.0597 7084 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    16:35:53.0613 7084 ehRecvr - ok
    16:35:53.0644 7084 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    16:35:53.0646 7084 ehSched - ok
    16:35:53.0680 7084 ehSchedTrustedInstallerWinmgmt - ok
    16:35:53.0697 7084 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    16:35:53.0698 7084 ehstart - ok
    16:35:53.0723 7084 ehstartMySQLWPDBusEnumBITS - ok
    16:35:53.0758 7084 elagopro - ok
    16:35:53.0842 7084 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
    16:35:53.0845 7084 ElbyCDIO - ok
    16:35:53.0962 7084 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    16:35:53.0970 7084 elxstor - ok
    16:35:54.0251 7084 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    16:35:54.0261 7084 EMDMgmt - ok
    16:35:54.0266 7084 EMDMgmtplaWMPNetworkSvcehstart - ok
    16:35:54.0504 7084 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    16:35:54.0527 7084 EPSON_PM_RPCV4_01 - ok
    16:35:54.0764 7084 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    16:35:54.0794 7084 EventSystem - ok
    16:35:54.0800 7084 EventSystemMSiSCSI - ok
    16:35:54.0880 7084 EventSystemwscsvc - ok
    16:35:54.0889 7084 EventSystemwscsvcmsvsmon80 - ok
    16:35:55.0054 7084 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc - ok
    16:35:55.0061 7084 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost - ok
    16:35:55.0271 7084 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:35:55.0387 7084 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    16:35:55.0420 7084 exfat - ok
    16:35:55.0509 7084 fallback (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\osaio.dll
    16:35:55.0530 7084 Suspicious file (NoAccess): C:\Windows\system32\osaio.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:35:55.0531 7084 fallback ( Backdoor.Multi.ZAccess.gen ) - infected
    16:35:55.0531 7084 fallback - detected Backdoor.Multi.ZAccess.gen (0)
    16:35:55.0600 7084 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    16:35:55.0603 7084 fastfat - ok
    16:35:55.0676 7084 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    16:35:55.0694 7084 fdc - ok
    16:35:55.0766 7084 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    16:35:55.0768 7084 fdPHost - ok
    16:35:55.0779 7084 fdPHostUI0DetectDFSR - ok
    16:35:55.0811 7084 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    16:35:55.0828 7084 FDResPub - ok
    16:35:55.0912 7084 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    16:35:55.0914 7084 FileInfo - ok
    16:35:56.0053 7084 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    16:35:56.0070 7084 Filetrace - ok
    16:35:56.0137 7084 firesvc - ok
    16:35:56.0400 7084 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    16:35:56.0411 7084 FLEXnet Licensing Service - ok
    16:35:56.0760 7084 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:35:56.0782 7084 flpydisk - ok
    16:35:56.0899 7084 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    16:35:56.0903 7084 FltMgr - ok
    16:35:57.0000 7084 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    16:35:57.0120 7084 FontCache - ok
    16:35:57.0291 7084 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:35:57.0305 7084 FontCache3.0.0.0 - ok
    16:35:57.0479 7084 FontCache3.0.0.0 Back-End Service - ok
    16:35:57.0676 7084 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    16:35:57.0679 7084 Fs_Rec - ok
    16:35:57.0708 7084 FXDrv32 - ok
    16:35:57.0797 7084 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    16:35:57.0807 7084 gagp30kx - ok
    16:35:57.0871 7084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:35:57.0872 7084 GEARAspiWDM - ok
    16:35:57.0956 7084 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    16:35:57.0975 7084 gpsvc - ok
    16:35:58.0084 7084 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    16:35:58.0106 7084 HdAudAddService - ok
    16:35:58.0351 7084 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:35:58.0361 7084 HDAudBus - ok
    16:35:58.0446 7084 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    16:35:58.0448 7084 HidBth - ok
    16:35:58.0480 7084 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    16:35:58.0487 7084 HidIr - ok
    16:35:58.0520 7084 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    16:35:58.0522 7084 hidserv - ok
    16:35:58.0566 7084 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    16:35:58.0584 7084 HidUsb - ok
    16:35:58.0640 7084 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    16:35:58.0643 7084 hkmsvc - ok
    16:35:58.0648 7084 hkmsvcQWAVE - ok
    16:35:58.0687 7084 hkmsvcQWAVEplaWMPNetworkSvcehstart - ok
    16:35:58.0711 7084 hkmsvcWSearch - ok
    16:35:58.0771 7084 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    16:35:58.0772 7084 HpCISSs - ok
    16:35:58.0864 7084 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    16:35:58.0872 7084 HTTP - ok
    16:35:58.0904 7084 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    16:35:58.0905 7084 i2omp - ok
    16:35:58.0982 7084 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:35:58.0986 7084 i8042prt - ok
    16:35:59.0338 7084 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:35:59.0359 7084 ialm - ok
    16:35:59.0511 7084 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    16:35:59.0515 7084 iaStorV - ok
    16:35:59.0633 7084 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    16:35:59.0636 7084 IDriverT - ok
    16:35:59.0643 7084 IDriverTBrowser - ok
    16:35:59.0729 7084 IDriverTBrowserSQLBrowser - ok
    16:35:59.0751 7084 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc - ok
    16:35:59.0857 7084 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:35:59.0871 7084 idsvc - ok
    16:35:59.0929 7084 idsvcclr_optimization_v2.0.50727_32 - ok
    16:35:59.0942 7084 idsvcwcncsvc - ok
    16:35:59.0993 7084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    16:35:59.0995 7084 iirsp - ok
    16:36:00.0099 7084 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    16:36:00.0106 7084 IKEEXT - ok
    16:36:00.0112 7084 IKEEXTehstart - ok
    16:36:00.0287 7084 IKEEXTOracleXEClrAgentMpsSvc - ok
    16:36:00.0349 7084 imonitor (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\USRpdA.dll
    16:36:00.0459 7084 Suspicious file (NoAccess): C:\Windows\system32\USRpdA.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:00.0459 7084 imonitor ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:00.0459 7084 imonitor - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:00.0680 7084 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
    16:36:00.0709 7084 IntcAzAudAddService - ok
    16:36:00.0797 7084 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    16:36:00.0798 7084 intelide - ok
    16:36:00.0827 7084 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    16:36:00.0842 7084 intelppm - ok
    16:36:00.0898 7084 iomegaaccess (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\vmkbd.dll
    16:36:00.0906 7084 Suspicious file (NoAccess): C:\Windows\system32\vmkbd.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:00.0907 7084 iomegaaccess ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:00.0907 7084 iomegaaccess - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:00.0955 7084 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    16:36:00.0958 7084 IPBusEnum - ok
    16:36:01.0068 7084 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:36:01.0072 7084 IpFilterDriver - ok
    16:36:01.0077 7084 iphlpsvciphlpsvc - ok
    16:36:01.0087 7084 iphlpsvcPolicyAgent - ok
    16:36:01.0205 7084 iphlpsvcRemoteAccessPNRPAutoReg - ok
    16:36:01.0216 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:36:01.0230 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeKService - ok
    16:36:01.0251 7084 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeMSCSPTISRVTapiSrvMSCSPTISRV - ok
    16:36:01.0268 7084 IpInIp - ok
    16:36:01.0300 7084 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    16:36:01.0302 7084 IPMIDRV - ok
    16:36:01.0337 7084 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    16:36:01.0339 7084 IPNAT - ok
    16:36:01.0491 7084 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    16:36:01.0505 7084 iPod Service - ok
    16:36:01.0631 7084 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    16:36:01.0635 7084 irda - ok
    16:36:01.0655 7084 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    16:36:01.0662 7084 IRENUM - ok
    16:36:01.0733 7084 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
    16:36:01.0737 7084 Irmon - ok
    16:36:01.0743 7084 IrmonShellHWDetection - ok
    16:36:01.0844 7084 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
    16:36:01.0845 7084 irsir - ok
    16:36:01.0875 7084 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    16:36:01.0876 7084 isapnp - ok
    16:36:01.0917 7084 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:36:01.0936 7084 iScsiPrt - ok
    16:36:01.0983 7084 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    16:36:01.0984 7084 iteatapi - ok
    16:36:02.0100 7084 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    16:36:02.0101 7084 iteraid - ok
    16:36:02.0135 7084 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:36:02.0138 7084 kbdclass - ok
    16:36:02.0372 7084 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:36:02.0373 7084 kbdhid - ok
    16:36:02.0455 7084 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:36:02.0457 7084 KeyIso - ok
    16:36:02.0517 7084 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    16:36:02.0526 7084 KSecDD - ok
    16:36:02.0714 7084 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe
    16:36:02.0761 7084 KService - ok
    16:36:02.0869 7084 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    16:36:02.0888 7084 KtmRm - ok
    16:36:02.0938 7084 KtmRmp2pimsvc - ok
    16:36:02.0948 7084 KtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:03.0006 7084 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    16:36:03.0011 7084 LanmanServer - ok
    16:36:03.0016 7084 LanmanServerfdPHostUI0DetectDFSR - ok
    16:36:03.0071 7084 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    16:36:03.0077 7084 LanmanWorkstation - ok
    16:36:03.0439 7084 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:36:03.0441 7084 lltdio - ok
    16:36:03.0491 7084 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    16:36:03.0496 7084 lltdsvc - ok
    16:36:03.0548 7084 lltdsvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:36:03.0554 7084 lltdsvcidsvc - ok
    16:36:03.0565 7084 lltdsvcSQLWriter - ok
    16:36:03.0589 7084 lltdsvcSQLWriterSstpSvcoseSPTISRV - ok
    16:36:03.0621 7084 lltdsvcSQLWriterSstpSvcoseSPTISRVpla - ok
    16:36:03.0637 7084 lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc - ok
    16:36:03.0666 7084 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    16:36:03.0668 7084 lmhosts - ok
    16:36:03.0682 7084 lmhostsALGmsvsmon80 - ok
    16:36:03.0691 7084 lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:03.0708 7084 lmhostsALGmsvsmon80vds - ok
    16:36:03.0726 7084 lmhostshkmsvc - ok
    16:36:03.0771 7084 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    16:36:03.0775 7084 LSI_FC - ok
    16:36:03.0818 7084 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    16:36:03.0835 7084 LSI_SAS - ok
    16:36:03.0884 7084 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    16:36:03.0886 7084 LSI_SCSI - ok
    16:36:03.0944 7084 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    16:36:03.0946 7084 luafv - ok
    16:36:03.0991 7084 lvselsus (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\atiavaiw.dll
    16:36:04.0009 7084 Suspicious file (NoAccess): C:\Windows\system32\atiavaiw.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:04.0009 7084 lvselsus ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:04.0009 7084 lvselsus - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:04.0060 7084 lvuvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Sus2pl.dll
    16:36:04.0081 7084 Suspicious file (NoAccess): C:\Windows\system32\Sus2pl.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:04.0081 7084 lvuvc ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:04.0081 7084 lvuvc - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:04.0301 7084 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    16:36:04.0305 7084 Macromedia Licensing Service - ok
    16:36:04.0509 7084 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
    16:36:04.0513 7084 MAUSBFASTTRACK - ok
    16:36:04.0607 7084 McciCMService (a19444bed5aa69e4dbe7a68cc334591f) C:\Program Files\Common Files\Motive\McciCMService.exe
    16:36:04.0613 7084 McciCMService - ok
    16:36:04.0726 7084 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    16:36:04.0729 7084 mcdbus - ok
    16:36:04.0792 7084 mclserviceatl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\timounter.dll
    16:36:04.0855 7084 Suspicious file (NoAccess): C:\Windows\system32\timounter.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:04.0855 7084 mclserviceatl ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:04.0856 7084 mclserviceatl - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:04.0946 7084 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
    16:36:04.0949 7084 Mcx2Svc - ok
    16:36:04.0959 7084 Mcx2SvcDhcp - ok
    16:36:04.0992 7084 Mcx2SvcSDRSVC - ok
    16:36:05.0008 7084 Mcx2SvcShellHWDetectionupnphostpla - ok
    16:36:05.0024 7084 Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc - ok
    16:36:05.0040 7084 Mcx2SvcTHREADORDER - ok
    16:36:05.0075 7084 Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0 - ok
    16:36:05.0092 7084 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDM - ok
    16:36:05.0119 7084 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv - ok
    16:36:05.0430 7084 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    16:36:05.0435 7084 MDM - ok
    16:36:05.0548 7084 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    16:36:05.0549 7084 megasas - ok
    16:36:05.0592 7084 mfcom (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\websenseclientdeployservice.dll
    16:36:05.0603 7084 Suspicious file (NoAccess): C:\Windows\system32\websenseclientdeployservice.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:05.0603 7084 mfcom ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:05.0603 7084 mfcom - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:05.0661 7084 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    16:36:05.0664 7084 MMCSS - ok
    16:36:05.0736 7084 MMCSSMMCSSWdiSystemHost - ok
    16:36:05.0748 7084 MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:05.0757 7084 MMCSSWdiSystemHost - ok
    16:36:05.0769 7084 MMCSSWdiSystemHostnvsvc - ok
    16:36:05.0822 7084 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    16:36:05.0824 7084 Modem - ok
    16:36:05.0859 7084 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    16:36:05.0861 7084 monitor - ok
    16:36:05.0911 7084 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    16:36:05.0913 7084 mouclass - ok
    16:36:06.0005 7084 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
    16:36:06.0007 7084 moufiltr - ok
    16:36:06.0025 7084 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    16:36:06.0029 7084 mouhid - ok
    16:36:06.0051 7084 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    16:36:06.0056 7084 MountMgr - ok
    16:36:06.0104 7084 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    16:36:06.0121 7084 mpio - ok
    16:36:06.0326 7084 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    16:36:06.0332 7084 mpsdrv - ok
    16:36:06.0338 7084 MpsSvcBrlAPI - ok
    16:36:06.0357 7084 MpsSvcNlaSvc - ok
    16:36:06.0376 7084 MpsSvcNlaSvcCertPropSvc - ok
    16:36:06.0399 7084 MpsSvcSCPolicySvc - ok
    16:36:06.0418 7084 MpsSvcSCPolicySvclmhostshkmsvc - ok
    16:36:06.0431 7084 MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc - ok
    16:36:06.0470 7084 MpsSvcSPTISRV - ok
    16:36:06.0515 7084 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    16:36:06.0516 7084 Mraid35x - ok
    16:36:06.0629 7084 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    16:36:06.0639 7084 MREMP50 - ok
    16:36:06.0687 7084 MREMPR5 - ok
    16:36:06.0720 7084 MRENDIS5 - ok
    16:36:06.0746 7084 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    16:36:06.0749 7084 MRESP50 - ok
    16:36:06.0844 7084 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    16:36:06.0847 7084 MRxDAV - ok
    16:36:06.0900 7084 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:36:06.0903 7084 mrxsmb - ok
    16:36:06.0924 7084 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:36:06.0928 7084 mrxsmb10 - ok
    16:36:06.0967 7084 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:36:06.0970 7084 mrxsmb20 - ok
    16:36:07.0073 7084 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    16:36:07.0100 7084 msahci - ok
    16:36:07.0306 7084 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    16:36:07.0386 7084 MSCSPTISRV - ok
    16:36:07.0392 7084 MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:36:07.0403 7084 MSCSPTISRVTapiSrvMSCSPTISRV - ok
    16:36:07.0494 7084 MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc - ok
    16:36:07.0613 7084 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    16:36:07.0630 7084 msdsm - ok
    16:36:07.0671 7084 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    16:36:07.0675 7084 MSDTC - ok
    16:36:07.0769 7084 MSDTCLanmanServer - ok
    16:36:07.0789 7084 MSDTCSharedAccess - ok
    16:36:07.0855 7084 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    16:36:07.0866 7084 Msfs - ok
    16:36:07.0962 7084 msftesql$SQLEXPRESS (54819fc5c79e4b2c6e896f9de440494d) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    16:36:07.0964 7084 msftesql$SQLEXPRESS - ok
    16:36:07.0970 7084 msftesql$SQLEXPRESSseclogon - ok
    16:36:08.0061 7084 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    16:36:08.0064 7084 msisadrv - ok
    16:36:08.0128 7084 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    16:36:08.0142 7084 MSiSCSI - ok
    16:36:08.0176 7084 MSiSCSIPACSPTISVR - ok
    16:36:08.0193 7084 MSiSCSISSScsiSVSENS - ok
    16:36:08.0224 7084 MSiSCSISSScsiSVSENSMSDTCSharedAccess - ok
    16:36:08.0241 7084 msiserver - ok
    16:36:08.0286 7084 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    16:36:08.0288 7084 MSKSSRV - ok
    16:36:08.0405 7084 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:36:08.0408 7084 MSPCLOCK - ok
    16:36:08.0438 7084 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    16:36:08.0440 7084 MSPQM - ok
    16:36:08.0488 7084 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    16:36:08.0491 7084 MsRPC - ok
    16:36:08.0572 7084 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:36:08.0577 7084 mssmbios - ok
    16:36:08.0692 7084 MSSQL$SQLEXPRESS - ok
    16:36:08.0717 7084 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    16:36:08.0742 7084 MSSQLServerADHelper - ok
    16:36:08.0748 7084 MSSQLServerADHelperIKEEXT - ok
    16:36:08.0814 7084 MSSQLServerADHelperMDM - ok
    16:36:08.0862 7084 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    16:36:08.0863 7084 MSTEE - ok
    16:36:09.0061 7084 msvsmon80 (211fc58c9dbd1f3a824e34023d16babc) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
    16:36:09.0111 7084 msvsmon80 - ok
    16:36:09.0368 7084 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    16:36:09.0369 7084 Mup - ok
    16:36:09.0426 7084 MXOPSWD (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\ndis.dll
    16:36:09.0437 7084 Suspicious file (NoAccess): C:\Windows\system32\ndis.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:09.0437 7084 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:09.0437 7084 MXOPSWD - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:09.0491 7084 MySQL - ok
    16:36:09.0635 7084 MySQLmsftesql$SQLEXPRESS - ok
    16:36:09.0645 7084 MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay - ok
    16:36:09.0666 7084 MySQLWPDBusEnum - ok
    16:36:09.0720 7084 MySQLWPDBusEnumBITS - ok
    16:36:09.0762 7084 MySQLWPDBusEnumBITSDPSupnphostmsiserver - ok
    16:36:09.0771 7084 MySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
     
  8. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    TDSSKIller log part 2 (n-s)

    16:36:09.0827 7084 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    16:36:09.0837 7084 napagent - ok
    16:36:09.0888 7084 napagentBFE - ok
    16:36:09.0948 7084 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    16:36:09.0954 7084 NativeWifiP - ok
    16:36:10.0026 7084 naveng (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wg3n.dll
    16:36:10.0091 7084 Suspicious file (NoAccess): C:\Windows\system32\wg3n.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:10.0092 7084 naveng ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:10.0092 7084 naveng - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:10.0246 7084 nbservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\rpaservice.dll
    16:36:10.0256 7084 Suspicious file (NoAccess): C:\Windows\system32\rpaservice.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:10.0256 7084 nbservice ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:10.0256 7084 nbservice - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:10.0539 7084 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    16:36:10.0550 7084 NDIS - ok
    16:36:10.0600 7084 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:36:10.0601 7084 NdisTapi - ok
    16:36:10.0644 7084 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:36:10.0645 7084 Ndisuio - ok
    16:36:10.0730 7084 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:36:10.0776 7084 NdisWan - ok
    16:36:10.0823 7084 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    16:36:10.0825 7084 NDProxy - ok
    16:36:10.0866 7084 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    16:36:10.0867 7084 NetBIOS - ok
    16:36:10.0981 7084 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    16:36:11.0005 7084 netbt - ok
    16:36:11.0061 7084 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:36:11.0063 7084 Netlogon - ok
    16:36:11.0069 7084 NetlogonNetlogon - ok
    16:36:11.0124 7084 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    16:36:11.0145 7084 Netman - ok
    16:36:11.0413 7084 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    16:36:11.0419 7084 netprofm - ok
    16:36:11.0489 7084 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:36:11.0495 7084 NetTcpPortSharing - ok
    16:36:11.0552 7084 NetTcpPortSharingnvsvc - ok
    16:36:11.0564 7084 NetTcpPortSharingnvsvcSamSs - ok
    16:36:11.0582 7084 NetTcpPortSharingnvsvcWinmgmt - ok
    16:36:11.0599 7084 NetTcpPortSharingPcaSvcMMCSS - ok
    16:36:11.0728 7084 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    16:36:11.0761 7084 NETw3v32 - ok
    16:36:11.0848 7084 netw4x32 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\lxbs_device.dll
    16:36:11.0872 7084 Suspicious file (NoAccess): C:\Windows\system32\lxbs_device.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:11.0872 7084 netw4x32 ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:11.0872 7084 netw4x32 - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:11.0935 7084 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    16:36:11.0936 7084 nfrd960 - ok
    16:36:11.0984 7084 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    16:36:11.0989 7084 NlaSvc - ok
    16:36:12.0038 7084 NlaSvcSENSswprv - ok
    16:36:12.0047 7084 NlaSvcswprvCOMSysApp - ok
    16:36:12.0067 7084 NlaSvcwscsvcSCPolicySvc - ok
    16:36:12.0159 7084 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    16:36:12.0193 7084 Npfs - ok
    16:36:12.0270 7084 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    16:36:12.0273 7084 nsi - ok
    16:36:12.0366 7084 nsinapagentBFE - ok
    16:36:12.0372 7084 nsinapagentBFEDnscachewmiApSrv - ok
    16:36:12.0382 7084 nsinapagentBFEDnscachewmiApSrvupnphostmsiserver - ok
    16:36:12.0391 7084 nsinapagentBFETHREADORDER - ok
    16:36:12.0504 7084 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
    16:36:12.0512 7084 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain - ok
    16:36:12.0552 7084 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    16:36:12.0554 7084 nsiproxy - ok
    16:36:12.0582 7084 nsiSENSSysMain - ok
    16:36:12.0639 7084 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    16:36:12.0659 7084 Ntfs - ok
    16:36:12.0726 7084 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    16:36:12.0740 7084 ntrigdigi - ok
    16:36:12.0811 7084 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    16:36:12.0813 7084 Null - ok
    16:36:12.0863 7084 nuvaud2 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\CBN.dll
    16:36:12.0894 7084 Suspicious file (NoAccess): C:\Windows\system32\CBN.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:12.0894 7084 nuvaud2 ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:12.0894 7084 nuvaud2 - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:13.0211 7084 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:36:13.0757 7084 nvlddmkm - ok
    16:36:13.0911 7084 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    16:36:13.0914 7084 nvraid - ok
    16:36:13.0942 7084 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    16:36:13.0947 7084 nvstor - ok
    16:36:14.0004 7084 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
    16:36:14.0016 7084 nvsvc - ok
    16:36:14.0030 7084 nvsvcNetTcpPortSharing - ok
    16:36:14.0129 7084 nvsvcNetTcpPortSharingW32Time - ok
    16:36:14.0147 7084 nvsvcNetTcpPortSharingW32TimeDPS - ok
    16:36:14.0161 7084 nvsvcW32Time - ok
    16:36:14.0180 7084 nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc - ok
    16:36:14.0518 7084 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    16:36:14.0553 7084 nvUpdatusService - ok
    16:36:14.0867 7084 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    16:36:14.0876 7084 nv_agp - ok
    16:36:14.0914 7084 NwlnkFlt - ok
    16:36:14.0931 7084 NwlnkFwd - ok
    16:36:14.0972 7084 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    16:36:14.0974 7084 ohci1394 - ok
    16:36:15.0007 7084 OracleJobSchedulerXE - ok
    16:36:15.0071 7084 OracleJobSchedulerXEShellHWDetectionupnphost - ok
    16:36:15.0090 7084 OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent - ok
    16:36:15.0107 7084 OracleMTSRecoveryService - ok
    16:36:15.0118 7084 OracleMTSRecoveryServiceCryptSvc - ok
    16:36:15.0125 7084 OracleServiceXE - ok
    16:36:15.0144 7084 OracleServiceXELanmanServer - ok
    16:36:15.0169 7084 OracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
    16:36:15.0175 7084 OracleServiceXEUxSms - ok
    16:36:15.0188 7084 OracleXEClrAgent - ok
    16:36:15.0194 7084 OracleXEClrAgentMpsSvc - ok
    16:36:15.0261 7084 OracleXEClrAgentswprvCOMSysApp - ok
    16:36:15.0279 7084 OracleXEClrAgentswprvCOMSysAppALGmsvsmon80 - ok
    16:36:15.0424 7084 OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:36:15.0468 7084 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    16:36:15.0508 7084 OracleXETNSListener - ok
    16:36:15.0546 7084 OracleXETNSListenerwudfsvc - ok
    16:36:15.0554 7084 OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS - ok
    16:36:15.0660 7084 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:36:15.0665 7084 ose - ok
    16:36:15.0674 7084 oseidsvcclr_optimization_v2.0.50727_32 - ok
    16:36:15.0710 7084 oseMMCSS - ok
    16:36:15.0718 7084 oseSstpSvcose - ok
    16:36:15.0732 7084 oseTermService - ok
    16:36:15.0752 7084 oseTermServicePlugPlay - ok
    16:36:15.0815 7084 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:36:15.0826 7084 p2pimsvc - ok
    16:36:15.0868 7084 p2pimsvcSSScsiSVSENS - ok
    16:36:15.0907 7084 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:36:15.0913 7084 p2psvc - ok
    16:36:15.0928 7084 p2psvcWerSvc - ok
    16:36:15.0940 7084 p2psvcWerSvcidsvcwcncsvc - ok
    16:36:16.0034 7084 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    16:36:16.0038 7084 PACSPTISVR - ok
    16:36:16.0045 7084 PACSPTISVR Back-End Service - ok
    16:36:16.0056 7084 PACSPTISVRAeLookupSvc - ok
    16:36:16.0158 7084 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
    16:36:16.0160 7084 Parport - ok
    16:36:16.0259 7084 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    16:36:16.0261 7084 partmgr - ok
    16:36:16.0295 7084 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
    16:36:16.0298 7084 Parvdm - ok
    16:36:16.0528 7084 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    16:36:16.0531 7084 PcaSvc - ok
    16:36:16.0540 7084 PcaSvcMMCSS - ok
    16:36:16.0609 7084 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    16:36:16.0619 7084 pci - ok
    16:36:16.0683 7084 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    16:36:16.0685 7084 pciide - ok
    16:36:16.0750 7084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    16:36:16.0768 7084 pcmcia - ok
    16:36:16.0834 7084 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    16:36:16.0851 7084 PEAUTH - ok
    16:36:17.0003 7084 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    16:36:17.0048 7084 pla - ok
    16:36:17.0093 7084 plaAeLookupSvc - ok
    16:36:17.0166 7084 plaSSScsiSVwscsvc - ok
    16:36:17.0178 7084 plausnjsvcRasMan - ok
    16:36:17.0183 7084 plaWMPNetworkSvcehstart - ok
    16:36:17.0314 7084 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    16:36:17.0369 7084 PlugPlay - ok
    16:36:17.0466 7084 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:36:17.0473 7084 PNRPAutoReg - ok
    16:36:17.0497 7084 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:36:17.0504 7084 PNRPsvc - ok
    16:36:17.0696 7084 PNRPsvcNetlogon - ok
    16:36:17.0703 7084 PNRPsvcNetlogonDPSmsvsmon80 - ok
    16:36:17.0770 7084 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    16:36:17.0777 7084 PolicyAgent - ok
    16:36:17.0805 7084 PolicyAgentApache2 - ok
    16:36:17.0826 7084 PolicyAgentApache2SCPolicySvc - ok
    16:36:17.0883 7084 pptchpad (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\rapapp.dll
    16:36:17.0911 7084 Suspicious file (NoAccess): C:\Windows\system32\rapapp.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:17.0911 7084 pptchpad ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:17.0911 7084 pptchpad - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:18.0008 7084 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    16:36:18.0010 7084 PptpMiniport - ok
    16:36:18.0059 7084 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    16:36:18.0061 7084 Processor - ok
    16:36:18.0106 7084 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    16:36:18.0125 7084 ProfSvc - ok
    16:36:18.0219 7084 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:36:18.0221 7084 ProtectedStorage - ok
    16:36:18.0230 7084 ProtectedStorageMcx2Svc - ok
    16:36:18.0242 7084 ProtectedStorageusnjsvc - ok
    16:36:18.0532 7084 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    16:36:18.0535 7084 PSched - ok
    16:36:18.0669 7084 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
    16:36:18.0689 7084 PxHelp20 - ok
    16:36:18.0794 7084 qcdonner - ok
    16:36:18.0901 7084 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    16:36:18.0930 7084 ql2300 - ok
    16:36:19.0022 7084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    16:36:19.0056 7084 ql40xx - ok
    16:36:19.0112 7084 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    16:36:19.0119 7084 QWAVE - ok
    16:36:19.0192 7084 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    16:36:19.0193 7084 QWAVEdrv - ok
    16:36:19.0236 7084 QWAVEWinDefend - ok
    16:36:19.0295 7084 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    16:36:19.0309 7084 RasAcd - ok
    16:36:19.0408 7084 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    16:36:19.0433 7084 RasAuto - ok
    16:36:19.0459 7084 RasAutoBITS - ok
    16:36:19.0465 7084 RasAutoBITSSCPolicySvc - ok
    16:36:19.0679 7084 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:36:19.0681 7084 Rasl2tp - ok
    16:36:19.0765 7084 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    16:36:19.0772 7084 RasMan - ok
    16:36:19.0804 7084 RasManmsiserver - ok
    16:36:19.0836 7084 RasManmsiserverMpsSvcNlaSvc - ok
    16:36:19.0875 7084 RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum - ok
    16:36:19.0919 7084 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:36:19.0927 7084 RasPppoe - ok
    16:36:20.0010 7084 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    16:36:20.0012 7084 RasSstp - ok
    16:36:20.0119 7084 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    16:36:20.0134 7084 rdbss - ok
    16:36:20.0178 7084 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:36:20.0181 7084 RDPCDD - ok
    16:36:20.0234 7084 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    16:36:20.0238 7084 rdpdr - ok
    16:36:20.0280 7084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    16:36:20.0283 7084 RDPENCDD - ok
    16:36:20.0474 7084 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    16:36:20.0477 7084 RDPWD - ok
    16:36:20.0548 7084 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    16:36:20.0552 7084 RemoteAccess - ok
    16:36:20.0575 7084 RemoteAccessPNRPAutoReg - ok
    16:36:20.0619 7084 RemoteAccesswuauservSessionEnvWSearchwuauserv - ok
    16:36:20.0644 7084 RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain - ok
    16:36:20.0719 7084 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    16:36:20.0724 7084 RemoteRegistry - ok
    16:36:20.0739 7084 RemoteRegistryMSCSPTISRV - ok
    16:36:20.0748 7084 RemoteRegistryProfSvc - ok
    16:36:20.0765 7084 RemoteRegistryProfSvcRpcSsvdswercplsupport - ok
    16:36:20.0793 7084 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    16:36:20.0795 7084 RpcLocator - ok
    16:36:20.0842 7084 RpcLocatorMySQLmsftesql$SQLEXPRESS - ok
    16:36:20.0910 7084 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    16:36:20.0917 7084 RpcSs - ok
    16:36:20.0950 7084 RpcSsBrowser - ok
    16:36:20.0969 7084 RpcSsDnscachewmiApSrv - ok
    16:36:20.0996 7084 RpcSsvdswercplsupport - ok
    16:36:21.0019 7084 RpcSsvdswercplsupportMpsSvcSPTISRV - ok
    16:36:21.0041 7084 RpcSsvdswercplsupportMpsSvcSPTISRVALG - ok
    16:36:21.0102 7084 RR2Mjpeg (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SE2Dmgmt.dll
    16:36:21.0113 7084 Suspicious file (NoAccess): C:\Windows\system32\SE2Dmgmt.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:21.0113 7084 RR2Mjpeg ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:21.0114 7084 RR2Mjpeg - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:21.0192 7084 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    16:36:21.0194 7084 rspndr - ok
    16:36:21.0282 7084 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    16:36:21.0285 7084 RTL8023xp - ok
    16:36:21.0547 7084 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
    16:36:21.0549 7084 RTL8169 - ok
    16:36:21.0593 7084 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:36:21.0595 7084 SamSs - ok
    16:36:21.0691 7084 sandradatasrv (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\mfebopk.dll
    16:36:21.0716 7084 Suspicious file (NoAccess): C:\Windows\system32\mfebopk.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:21.0717 7084 sandradatasrv ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:21.0717 7084 sandradatasrv - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:21.0783 7084 savrt (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\Wdf01000.dll
    16:36:21.0854 7084 Suspicious file (NoAccess): C:\Windows\system32\Wdf01000.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:21.0854 7084 savrt ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:21.0854 7084 savrt - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:21.0943 7084 savscan (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tvtnetwk.dll
    16:36:22.0147 7084 Suspicious file (NoAccess): C:\Windows\system32\tvtnetwk.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:22.0148 7084 savscan ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:22.0148 7084 savscan - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:22.0379 7084 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    16:36:22.0382 7084 sbp2port - ok
    16:36:22.0478 7084 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    16:36:22.0482 7084 SCardSvr - ok
    16:36:22.0719 7084 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    16:36:22.0731 7084 Schedule - ok
    16:36:22.0797 7084 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    16:36:22.0798 7084 SCPolicySvc - ok
    16:36:22.0837 7084 SCPolicySvcIrmon - ok
    16:36:22.0846 7084 SCPolicySvcWinDefendBFE - ok
    16:36:22.0896 7084 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    16:36:22.0916 7084 SDRSVC - ok
    16:36:22.0969 7084 se2Cunic (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\SbcpHid.dll
    16:36:22.0984 7084 Suspicious file (NoAccess): C:\Windows\system32\SbcpHid.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:22.0984 7084 se2Cunic ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:22.0984 7084 se2Cunic - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:23.0094 7084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:36:23.0096 7084 secdrv - ok
    16:36:23.0204 7084 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    16:36:23.0208 7084 seclogon - ok
    16:36:23.0285 7084 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    16:36:23.0288 7084 SENS - ok
    16:36:23.0295 7084 SENSswprv - ok
    16:36:23.0318 7084 SENSswprvwercplsupport - ok
    16:36:23.0330 7084 SENSswprvwercplsupportBITSslsvc - ok
    16:36:23.0386 7084 SENSswprvWinHttpAutoProxySvc - ok
    16:36:23.0584 7084 SENSSysMain - ok
    16:36:23.0645 7084 SENSSysMainSQLWriterWecsvc - ok
    16:36:23.0669 7084 SENSSysMainWdiServiceHost - ok
    16:36:23.0679 7084 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS - ok
    16:36:23.0688 7084 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV - ok
    16:36:23.0760 7084 ser2pl (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\wzcsvc.dll
    16:36:23.0872 7084 Suspicious file (NoAccess): C:\Windows\system32\wzcsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:23.0873 7084 ser2pl ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:23.0873 7084 ser2pl - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:23.0979 7084 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    16:36:23.0982 7084 Serenum - ok
    16:36:24.0052 7084 Serial (5235ce37fd0a30381e5040842499eebb) C:\Windows\system32\DRIVERS\serial.sys
    16:36:24.0146 7084 Serial ( Virus.Win32.ZAccess.k ) - infected
    16:36:24.0146 7084 Serial - detected Virus.Win32.ZAccess.k (0)
    16:36:24.0224 7084 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    16:36:24.0239 7084 sermouse - ok
    16:36:24.0308 7084 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    16:36:24.0312 7084 SessionEnv - ok
    16:36:24.0376 7084 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    16:36:24.0377 7084 sffdisk - ok
    16:36:24.0610 7084 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    16:36:24.0622 7084 sffp_mmc - ok
    16:36:24.0662 7084 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    16:36:24.0663 7084 sffp_sd - ok
    16:36:24.0688 7084 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    16:36:24.0690 7084 sfloppy - ok
    16:36:24.0725 7084 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    16:36:24.0730 7084 SharedAccess - ok
    16:36:24.0770 7084 SharedAccessAppinfo - ok
    16:36:24.0817 7084 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    16:36:24.0824 7084 ShellHWDetection - ok
    16:36:24.0832 7084 ShellHWDetectionnetprofm - ok
    16:36:24.0845 7084 ShellHWDetectionPlugPlay - ok
    16:36:24.0860 7084 ShellHWDetectionProfSvc - ok
    16:36:24.0900 7084 ShellHWDetectionupnphost - ok
    16:36:24.0914 7084 ShellHWDetectionupnphostpla - ok
    16:36:24.0934 7084 ShellHWDetectionW32TimefdPHostUI0Detect - ok
    16:36:25.0031 7084 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    16:36:25.0062 7084 sisagp - ok
    16:36:25.0126 7084 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    16:36:25.0129 7084 SiSRaid2 - ok
    16:36:25.0195 7084 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    16:36:25.0214 7084 SiSRaid4 - ok
    16:36:25.0445 7084 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    16:36:25.0538 7084 slsvc - ok
    16:36:25.0746 7084 slsvcWecsvc - ok
    16:36:25.0770 7084 slsvcWLSetupSvcWlansvcWinDefend - ok
    16:36:25.0829 7084 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    16:36:25.0833 7084 SLUINotify - ok
    16:36:25.0851 7084 SLUINotifyWdiServiceHost - ok
    16:36:25.0902 7084 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    16:36:25.0905 7084 Smb - ok
    16:36:26.0040 7084 SNC (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\irbus.dll
    16:36:26.0050 7084 Suspicious file (NoAccess): C:\Windows\system32\irbus.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:26.0051 7084 SNC ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:26.0051 7084 SNC - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:26.0087 7084 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    16:36:26.0091 7084 SNMPTRAP - ok
    16:36:26.0208 7084 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    16:36:26.0225 7084 SonicStage Back-End Service - ok
    16:36:26.0335 7084 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    16:36:26.0337 7084 spldr - ok
    16:36:26.0387 7084 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    16:36:26.0392 7084 Spooler - ok
    16:36:26.0409 7084 SpoolerPlugPlay - ok
    16:36:26.0706 7084 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\Windows\system32\Drivers\sptd.sys
    16:36:26.0706 7084 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
    16:36:26.0708 7084 sptd ( LockedFile.Multi.Generic ) - warning
    16:36:26.0708 7084 sptd - detected LockedFile.Multi.Generic (1)
    16:36:26.0836 7084 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    16:36:26.0839 7084 SPTISRV - ok
    16:36:26.0912 7084 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    16:36:26.0916 7084 SQLBrowser - ok
    16:36:26.0981 7084 SQLBrowserUI0Detect - ok
    16:36:27.0040 7084 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    16:36:27.0056 7084 SQLWriter - ok
    16:36:27.0071 7084 SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
    16:36:27.0092 7084 SQLWriterWecsvc - ok
    16:36:27.0111 7084 SQLWriterWecsvcBITSSENSSysMain - ok
    16:36:27.0127 7084 SQLWriterWecsvcBITSSENSSysMainCOMSysApp - ok
    16:36:27.0149 7084 SQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
    16:36:27.0160 7084 SQLWriterWecsvcupnphostmsiserver - ok
    16:36:27.0187 7084 SQLWriterWecsvcupnphostmsiserver Back-End Service - ok
    16:36:27.0256 7084 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    16:36:27.0262 7084 srv - ok
    16:36:27.0318 7084 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    16:36:27.0322 7084 srv2 - ok
    16:36:27.0403 7084 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    16:36:27.0422 7084 srvnet - ok
    16:36:27.0639 7084 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    16:36:27.0645 7084 SSDPSRV - ok
    16:36:27.0659 7084 SSDPSRVMMCSS - ok
    16:36:27.0667 7084 SSDPSRVProfSvc - ok
    16:36:27.0794 7084 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    16:36:27.0796 7084 SSScsiSV - ok
    16:36:27.0892 7084 SSScsiSVSENS - ok
    16:36:27.0926 7084 SSScsiSVSENSTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:27.0944 7084 SSScsiSVTabletInputService - ok
    16:36:27.0952 7084 SSScsiSVwscsvc - ok
    16:36:27.0966 7084 SSScsiSVwscsvcMpsSvc - ok
    16:36:28.0009 7084 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    16:36:28.0014 7084 SstpSvc - ok
    16:36:28.0036 7084 SstpSvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:36:28.0059 7084 SstpSvcose - ok
    16:36:28.0083 7084 SstpSvcoseSPTISRV - ok
    16:36:28.0116 7084 SstpSvcoseSPTISRVApache2 - ok
    16:36:28.0135 7084 SstpSvcoseSPTISRVApache2EventSystemMSiSCSI - ok
    16:36:28.0146 7084 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc - ok
    16:36:28.0168 7084 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla - ok
    16:36:28.0183 7084 SstpSvcoseSPTISRVDhcp - ok
    16:36:28.0193 7084 SstpSvcoseSPTISRVDhcphidserv - ok
    16:36:28.0209 7084 SstpSvcoseSPTISRVDhcphidservAppinfoBFEWPDBusEnum - ok
    16:36:28.0234 7084 SstpSvcoseSPTISRVusnjsvc - ok
    16:36:28.0238 7084 SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan - ok
    16:36:28.0282 7084 Stereo Service (a54900b66ba2229dde37a80fdc572328) C:\Windows\System32\nvSCPAPISvr.exe
    16:36:28.0288 7084 Stereo Service - ok
    16:36:28.0362 7084 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    16:36:28.0379 7084 stisvc - ok
    16:36:28.0501 7084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    16:36:28.0503 7084 swenum - ok
    16:36:28.0571 7084 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    16:36:28.0658 7084 swprv - ok
    16:36:28.0682 7084 swprvCOMSysApp - ok
    16:36:28.0695 7084 swprvFontCache3.0.0.0 - ok
    16:36:28.0729 7084 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    16:36:28.0731 7084 Symc8xx - ok
    16:36:28.0769 7084 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    16:36:28.0771 7084 Sym_hi - ok
    16:36:28.0850 7084 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    16:36:28.0852 7084 Sym_u3 - ok
    16:36:28.0930 7084 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    16:36:28.0941 7084 SysMain - ok
     
  9. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    TDSSKiller log part 3 (t-z)

    16:36:28.0989 7084 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    16:36:28.0994 7084 TabletInputService - ok
    16:36:29.0066 7084 TabletInputServiceWinDefendBFEAppinfoBFEnapagent - ok
    16:36:29.0152 7084 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    16:36:29.0159 7084 TapiSrv - ok
    16:36:29.0190 7084 TapiSrvDcomLaunch - ok
    16:36:29.0209 7084 TapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:29.0244 7084 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
    16:36:29.0265 7084 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnumBITSslsvcAppinfoBFEWPDBusEnum - ok
    16:36:29.0287 7084 TapiSrvMSCSPTISRV - ok
    16:36:29.0295 7084 TapiSrvMSCSPTISRVhkmsvc - ok
    16:36:29.0362 7084 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    16:36:29.0387 7084 TBS - ok
    16:36:29.0554 7084 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    16:36:29.0570 7084 Tcpip - ok
    16:36:29.0636 7084 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    16:36:29.0644 7084 Tcpip6 - ok
    16:36:29.0730 7084 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    16:36:29.0734 7084 tcpipreg - ok
    16:36:29.0785 7084 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    16:36:29.0786 7084 TDPIPE - ok
    16:36:29.0890 7084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    16:36:29.0892 7084 TDTCP - ok
    16:36:29.0969 7084 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    16:36:29.0972 7084 tdx - ok
    16:36:30.0028 7084 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    16:36:30.0030 7084 TermDD - ok
    16:36:30.0100 7084 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    16:36:30.0110 7084 TermService - ok
    16:36:30.0208 7084 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    16:36:30.0211 7084 Themes - ok
    16:36:30.0224 7084 ThemesNetTcpPortSharing - ok
    16:36:30.0232 7084 ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc - ok
    16:36:30.0247 7084 ThemesTrustedInstallerWinmgmt - ok
    16:36:30.0283 7084 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    16:36:30.0288 7084 THREADORDER - ok
    16:36:30.0345 7084 THREADORDEREventSystemwscsvcmsvsmon80 - ok
    16:36:30.0364 7084 THREADORDEREventSystemwscsvcmsvsmon80MSiSCSISSScsiSVSENS - ok
    16:36:30.0376 7084 THREADORDERMpsSvc - ok
    16:36:30.0402 7084 THREADORDEROracleXEClrAgent - ok
    16:36:30.0500 7084 tng-doba - ok
    16:36:30.0587 7084 tosrfnds (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\VrAcFil.dll
    16:36:30.0600 7084 Suspicious file (NoAccess): C:\Windows\system32\VrAcFil.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:30.0600 7084 tosrfnds ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:30.0600 7084 tosrfnds - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:30.0667 7084 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    16:36:30.0672 7084 TrkWks - ok
    16:36:30.0692 7084 TrkWksmsvsmon80 - ok
    16:36:30.0699 7084 TrkWksmsvsmon80RpcLocator - ok
    16:36:30.0734 7084 TrkWksmsvsmon80SSDPSRVMMCSS - ok
    16:36:30.0785 7084 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    16:36:30.0786 7084 TrustedInstaller - ok
    16:36:30.0852 7084 TrustedInstallerWinmgmt - ok
    16:36:30.0863 7084 TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:36:30.0961 7084 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:36:30.0980 7084 tssecsrv - ok
    16:36:31.0047 7084 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    16:36:31.0048 7084 tunmp - ok
    16:36:31.0389 7084 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    16:36:31.0422 7084 tunnel - ok
    16:36:31.0694 7084 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    16:36:31.0729 7084 uagp35 - ok
    16:36:31.0994 7084 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    16:36:32.0070 7084 udfs - ok
    16:36:32.0191 7084 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    16:36:32.0194 7084 UI0Detect - ok
    16:36:32.0261 7084 UI0DetectDFSR - ok
    16:36:32.0317 7084 ulcdrhlp (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\usnsvc.dll
    16:36:32.0343 7084 Suspicious file (NoAccess): C:\Windows\system32\usnsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:32.0344 7084 ulcdrhlp ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:32.0344 7084 ulcdrhlp - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:32.0400 7084 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    16:36:32.0403 7084 uliagpkx - ok
    16:36:32.0451 7084 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    16:36:32.0472 7084 uliahci - ok
    16:36:32.0676 7084 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    16:36:32.0678 7084 UlSata - ok
    16:36:32.0722 7084 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    16:36:32.0725 7084 ulsata2 - ok
    16:36:32.0777 7084 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    16:36:32.0779 7084 umbus - ok
    16:36:32.0849 7084 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    16:36:32.0858 7084 upnphost - ok
    16:36:32.0878 7084 upnphostmsiserver - ok
    16:36:32.0917 7084 upnphostmsiserverOracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
    16:36:32.0995 7084 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    16:36:33.0018 7084 usbaudio - ok
    16:36:33.0117 7084 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:36:33.0139 7084 usbccgp - ok
    16:36:33.0206 7084 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    16:36:33.0208 7084 usbcir - ok
    16:36:33.0245 7084 UsbDiag - ok
    16:36:33.0298 7084 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:36:33.0300 7084 usbehci - ok
    16:36:33.0359 7084 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    16:36:33.0389 7084 usbhub - ok
    16:36:33.0455 7084 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    16:36:33.0474 7084 usbohci - ok
    16:36:33.0576 7084 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    16:36:33.0578 7084 usbprint - ok
    16:36:33.0765 7084 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    16:36:33.0767 7084 usbscan - ok
    16:36:33.0848 7084 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:36:33.0860 7084 USBSTOR - ok
    16:36:33.0966 7084 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:36:33.0968 7084 usbuhci - ok
    16:36:34.0138 7084 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
    16:36:34.0149 7084 usnjsvc - ok
    16:36:34.0227 7084 usnjsvcRasMan - ok
    16:36:34.0244 7084 usnjsvcRasManFontCache3.0.0.0 - ok
    16:36:34.0255 7084 usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
    16:36:34.0280 7084 usnjsvcRasManhkmsvc - ok
    16:36:34.0295 7084 usnjsvcRasManMMCSS - ok
    16:36:34.0314 7084 usnjsvcRasManMMCSSPNRPsvc - ok
    16:36:34.0322 7084 usnjsvcRasMannsinapagentBFE - ok
    16:36:34.0333 7084 usnjsvcSNMPTRAP - ok
    16:36:34.0367 7084 usnjsvcTapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
    16:36:34.0417 7084 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    16:36:34.0430 7084 UxSms - ok
    16:36:34.0499 7084 vci (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\csctl50.dll
    16:36:34.0508 7084 Suspicious file (NoAccess): C:\Windows\system32\csctl50.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:34.0509 7084 vci ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:34.0509 7084 vci - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:34.0575 7084 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    16:36:34.0584 7084 vds - ok
    16:36:34.0860 7084 vdsMSCSPTISRV - ok
    16:36:34.0910 7084 vdswercplsupport - ok
    16:36:34.0984 7084 vdswercplsupportWerSvc - ok
    16:36:35.0071 7084 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:36:35.0073 7084 vga - ok
    16:36:35.0177 7084 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    16:36:35.0192 7084 VgaSave - ok
    16:36:35.0285 7084 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    16:36:35.0310 7084 viaagp - ok
    16:36:35.0371 7084 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    16:36:35.0384 7084 ViaC7 - ok
    16:36:35.0439 7084 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    16:36:35.0441 7084 viaide - ok
    16:36:35.0512 7084 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    16:36:35.0514 7084 volmgr - ok
    16:36:35.0772 7084 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    16:36:35.0778 7084 volmgrx - ok
    16:36:35.0905 7084 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    16:36:35.0952 7084 volsnap - ok
    16:36:36.0007 7084 vpctcom (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\tphdexlgsvc.dll
    16:36:36.0049 7084 Suspicious file (NoAccess): C:\Windows\system32\tphdexlgsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:36.0049 7084 vpctcom ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:36.0049 7084 vpctcom - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:36.0132 7084 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    16:36:36.0147 7084 vsmraid - ok
    16:36:36.0293 7084 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    16:36:36.0315 7084 VSS - ok
    16:36:36.0330 7084 VSSMcx2Svc - ok
    16:36:36.0753 7084 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    16:36:36.0771 7084 vToolbarUpdater10.2.0 - ok
    16:36:36.0976 7084 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    16:36:36.0984 7084 W32Time - ok
    16:36:37.0007 7084 W32TimefdPHost - ok
    16:36:37.0020 7084 W32TimefdPHostUI0Detect - ok
    16:36:37.0036 7084 W32Timeoseidsvcclr_optimization_v2.0.50727_32 - ok
    16:36:37.0161 7084 W32Timep2pimsvc - ok
    16:36:37.0291 7084 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    16:36:37.0295 7084 WacomPen - ok
    16:36:37.0466 7084 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:37.0469 7084 Wanarp - ok
    16:36:37.0482 7084 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:37.0483 7084 Wanarpv6 - ok
    16:36:37.0715 7084 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    16:36:37.0800 7084 wcncsvc - ok
    16:36:37.0965 7084 wcncsvcnapagentBFE - ok
    16:36:38.0210 7084 wcncsvcnapagentBFEMySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
    16:36:38.0397 7084 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    16:36:38.0401 7084 WcsPlugInService - ok
    16:36:38.0455 7084 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    16:36:38.0458 7084 Wd - ok
    16:36:38.0595 7084 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    16:36:38.0703 7084 Wdf01000 - ok
    16:36:38.0879 7084 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    16:36:38.0884 7084 WdiServiceHost - ok
    16:36:38.0935 7084 WdiServiceHostCryptSvc - ok
    16:36:38.0965 7084 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    16:36:38.0970 7084 WdiSystemHost - ok
    16:36:38.0980 7084 WdiSystemHostRasManmsiserver - ok
    16:36:39.0040 7084 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    16:36:39.0046 7084 WebClient - ok
    16:36:39.0064 7084 WebClientIPBusEnum - ok
    16:36:39.0097 7084 WebClientIPBusEnumEventSystemwscsvc - ok
    16:36:39.0140 7084 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    16:36:39.0156 7084 Wecsvc - ok
    16:36:39.0223 7084 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    16:36:39.0227 7084 wercplsupport - ok
    16:36:39.0289 7084 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    16:36:39.0294 7084 WerSvc - ok
    16:36:39.0321 7084 WinDefendBFE - ok
    16:36:39.0334 7084 WinDefendBFEAppinfoBFE - ok
    16:36:39.0354 7084 WinDefendBFEAppinfoBFEnapagent - ok
    16:36:39.0421 7084 WinDefendBFENlaSvc - ok
    16:36:39.0432 7084 WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc - ok
    16:36:39.0441 7084 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
    16:36:39.0464 7084 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart - ok
    16:36:39.0488 7084 WinDefendusnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
    16:36:39.0509 7084 WinHttpAutoProxySvc - ok
    16:36:39.0534 7084 WinHttpAutoProxySvcAeLookupSvcMDM - ok
    16:36:39.0554 7084 WinHttpAutoProxySvcAeLookupSvcMDMSpooler - ok
    16:36:39.0615 7084 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    16:36:39.0646 7084 Winmgmt - ok
    16:36:39.0690 7084 WinmgmtusnjsvcRasManFontCache3.0.0.0 - ok
    16:36:39.0782 7084 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    16:36:39.0819 7084 WinRM - ok
    16:36:39.0934 7084 WinVd32 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\dcstor32.dll
    16:36:39.0984 7084 Suspicious file (NoAccess): C:\Windows\system32\dcstor32.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:39.0984 7084 WinVd32 ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:39.0984 7084 WinVd32 - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:40.0064 7084 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    16:36:40.0077 7084 Wlansvc - ok
    16:36:40.0175 7084 WlansvcWinDefend - ok
    16:36:40.0185 7084 WlansvcWinDefendBFE - ok
    16:36:40.0202 7084 WlansvcWinDefendKService - ok
    16:36:40.0213 7084 WlansvcWinDefendKServiceOracleXEClrAgent - ok
    16:36:40.0282 7084 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    16:36:40.0287 7084 WLSetupSvc - ok
    16:36:40.0323 7084 WLSetupSvcWecsvc - ok
    16:36:40.0354 7084 WLSetupSvcWlansvcWinDefend - ok
    16:36:40.0400 7084 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    16:36:40.0402 7084 WmiAcpi - ok
    16:36:40.0542 7084 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    16:36:40.0547 7084 wmiApSrv - ok
    16:36:40.0560 7084 wmiApSrvMcx2SvcShellHWDetectionupnphostpla - ok
    16:36:40.0725 7084 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:36:40.0740 7084 WMPNetworkSvc - ok
    16:36:40.0798 7084 WMPNetworkSvcehstart - ok
    16:36:40.0815 7084 WMPNetworkSvcMpsSvc - ok
    16:36:40.0867 7084 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    16:36:40.0881 7084 WPCSvc - ok
    16:36:40.0890 7084 WPCSvcPNRPAutoReg - ok
    16:36:40.0911 7084 WPCSvcWinDefend - ok
    16:36:40.0960 7084 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    16:36:40.0965 7084 WPDBusEnum - ok
    16:36:40.0979 7084 WPDBusEnumnsi - ok
    16:36:41.0130 7084 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    16:36:41.0148 7084 WPFFontCache_v0400 - ok
    16:36:41.0272 7084 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:36:41.0274 7084 ws2ifsl - ok
    16:36:41.0309 7084 wscsvcPNRPsvc - ok
    16:36:41.0323 7084 wscsvcPNRPsvcALG - ok
    16:36:41.0358 7084 wscsvcSCPolicySvc - ok
    16:36:41.0382 7084 wscsvcTBS - ok
    16:36:41.0404 7084 WSearch - ok
    16:36:41.0429 7084 WSearchnapagent - ok
    16:36:41.0452 7084 WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing - ok
    16:36:41.0477 7084 WSearchnapagentplaAeLookupSvc - ok
    16:36:41.0490 7084 WSearchwuauserv - ok
    16:36:41.0713 7084 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    16:36:41.0746 7084 wuauserv - ok
    16:36:41.0755 7084 wuauservSessionEnv - ok
    16:36:41.0806 7084 wuauservSessionEnvWSearchwuauserv - ok
    16:36:41.0830 7084 wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:36:41.0889 7084 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:36:41.0905 7084 WUDFRd - ok
    16:36:41.0944 7084 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    16:36:41.0949 7084 wudfsvc - ok
    16:36:41.0970 7084 wudfsvcSLUINotifyWdiServiceHost - ok
    16:36:42.0026 7084 wusb54gv2svc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\clnt_clientman.dll
    16:36:42.0034 7084 Suspicious file (NoAccess): C:\Windows\system32\clnt_clientman.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:42.0034 7084 wusb54gv2svc ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:42.0034 7084 wusb54gv2svc - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:42.0164 7084 zenos1 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\shellhwdetection.dll
    16:36:42.0185 7084 Suspicious file (NoAccess): C:\Windows\system32\shellhwdetection.dll. md5: 11028c6a84a967070cb1286550f2058f
    16:36:42.0185 7084 zenos1 ( Backdoor.Multi.ZAccess.gen ) - infected
    16:36:42.0185 7084 zenos1 - detected Backdoor.Multi.ZAccess.gen (0)
    16:36:42.0228 7084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    16:36:42.0272 7084 \Device\Harddisk0\DR0 - ok
    16:36:42.0281 7084 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
    16:36:42.0285 7084 \Device\Harddisk5\DR5 - ok
    16:36:42.0292 7084 Boot (0x1200) (ff2cee352b268cc0fdac41e32597d60b) \Device\Harddisk0\DR0\Partition0
    16:36:42.0293 7084 \Device\Harddisk0\DR0\Partition0 - ok
    16:36:42.0302 7084 Boot (0x1200) (93b101edb4ff84b618f3083ccaf20a56) \Device\Harddisk0\DR0\Partition1
    16:36:42.0303 7084 \Device\Harddisk0\DR0\Partition1 - ok
    16:36:42.0308 7084 Boot (0x1200) (f5ec6de948f37db8ebe4aa6c0a0054ac) \Device\Harddisk5\DR5\Partition0
    16:36:42.0311 7084 \Device\Harddisk5\DR5\Partition0 - ok
    16:36:42.0312 7084 ============================================================
    16:36:42.0312 7084 Scan finished
    16:36:42.0312 7084 ============================================================
    16:36:42.0329 4812 Detected object count: 40
    16:36:42.0329 4812 Actual detected object count: 40
    16:37:50.0550 4812 C:\Windows\system32\afd.dll - copied to quarantine
    16:37:50.0551 4812 HKLM\SYSTEM\ControlSet001\services\alcxsens - will be deleted on reboot
    16:37:50.0596 4812 C:\Windows\system32\afd.dll - will be deleted on reboot
    16:37:50.0596 4812 alcxsens ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:50.0645 4812 C:\Windows\system32\wmp54gv4svc.dll - copied to quarantine
    16:37:50.0646 4812 HKLM\SYSTEM\ControlSet001\services\ANC - will be deleted on reboot
    16:37:50.0647 4812 HKLM\SYSTEM\ControlSet003\services\ANC - will be deleted on reboot
    16:37:50.0664 4812 C:\Windows\system32\wmp54gv4svc.dll - will be deleted on reboot
    16:37:50.0664 4812 ANC ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:50.0738 4812 C:\Windows\system32\authsyssvc.dll - copied to quarantine
    16:37:50.0738 4812 HKLM\SYSTEM\ControlSet001\services\atmarpc - will be deleted on reboot
    16:37:50.0739 4812 HKLM\SYSTEM\ControlSet003\services\atmarpc - will be deleted on reboot
    16:37:50.0748 4812 C:\Windows\system32\authsyssvc.dll - will be deleted on reboot
    16:37:50.0748 4812 atmarpc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:50.0845 4812 C:\Windows\system32\lvckap.dll - copied to quarantine
    16:37:50.0846 4812 HKLM\SYSTEM\ControlSet001\services\bwsvc - will be deleted on reboot
    16:37:50.0850 4812 C:\Windows\system32\lvckap.dll - will be deleted on reboot
    16:37:50.0850 4812 bwsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:50.0910 4812 C:\Windows\system32\pavreport.dll - copied to quarantine
    16:37:50.0910 4812 HKLM\SYSTEM\ControlSet001\services\cbidf2k - will be deleted on reboot
    16:37:50.0917 4812 C:\Windows\system32\pavreport.dll - will be deleted on reboot
    16:37:50.0917 4812 cbidf2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:50.0973 4812 C:\Windows\system32\avp.dll - copied to quarantine
    16:37:50.0974 4812 HKLM\SYSTEM\ControlSet001\services\changer - will be deleted on reboot
    16:37:50.0975 4812 HKLM\SYSTEM\ControlSet003\services\changer - will be deleted on reboot
    16:37:50.0980 4812 C:\Windows\system32\avp.dll - will be deleted on reboot
    16:37:50.0980 4812 changer ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0132 4812 C:\Windows\system32\SerTVOutCtlr.dll - copied to quarantine
    16:37:51.0133 4812 HKLM\SYSTEM\ControlSet001\services\cmudau - will be deleted on reboot
    16:37:51.0133 4812 HKLM\SYSTEM\ControlSet003\services\cmudau - will be deleted on reboot
    16:37:51.0137 4812 C:\Windows\system32\SerTVOutCtlr.dll - will be deleted on reboot
    16:37:51.0137 4812 cmudau ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0259 4812 C:\Windows\system32\iolodmv.dll - copied to quarantine
    16:37:51.0260 4812 HKLM\SYSTEM\ControlSet001\services\cobbmservice - will be deleted on reboot
    16:37:51.0260 4812 HKLM\SYSTEM\ControlSet003\services\cobbmservice - will be deleted on reboot
    16:37:51.0266 4812 C:\Windows\system32\iolodmv.dll - will be deleted on reboot
    16:37:51.0266 4812 cobbmservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0502 4812 C:\Windows\system32\Sntnlusb.dll - copied to quarantine
    16:37:51.0503 4812 HKLM\SYSTEM\ControlSet001\services\DCamUSBGrandTek - will be deleted on reboot
    16:37:51.0503 4812 HKLM\SYSTEM\ControlSet003\services\DCamUSBGrandTek - will be deleted on reboot
    16:37:51.0509 4812 C:\Windows\system32\Sntnlusb.dll - will be deleted on reboot
    16:37:51.0510 4812 DCamUSBGrandTek ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0679 4812 C:\Windows\system32\VCAM.dll - copied to quarantine
    16:37:51.0680 4812 HKLM\SYSTEM\ControlSet001\services\DcPTP - will be deleted on reboot
    16:37:51.0709 4812 HKLM\SYSTEM\ControlSet003\services\DcPTP - will be deleted on reboot
    16:37:51.0716 4812 C:\Windows\system32\VCAM.dll - will be deleted on reboot
    16:37:51.0716 4812 DcPTP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0799 4812 C:\Windows\system32\raysat3_4_6_18server.dll - copied to quarantine
    16:37:51.0799 4812 HKLM\SYSTEM\ControlSet001\services\dwmrcs - will be deleted on reboot
    16:37:51.0805 4812 C:\Windows\system32\raysat3_4_6_18server.dll - will be deleted on reboot
    16:37:51.0805 4812 dwmrcs ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:51.0855 4812 C:\Windows\system32\osaio.dll - copied to quarantine
    16:37:51.0856 4812 HKLM\SYSTEM\ControlSet001\services\fallback - will be deleted on reboot
    16:37:51.0857 4812 HKLM\SYSTEM\ControlSet003\services\fallback - will be deleted on reboot
    16:37:51.0863 4812 C:\Windows\system32\osaio.dll - will be deleted on reboot
    16:37:51.0863 4812 fallback ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0052 4812 C:\Windows\system32\USRpdA.dll - copied to quarantine
    16:37:52.0053 4812 HKLM\SYSTEM\ControlSet001\services\imonitor - will be deleted on reboot
    16:37:52.0054 4812 HKLM\SYSTEM\ControlSet003\services\imonitor - will be deleted on reboot
    16:37:52.0059 4812 C:\Windows\system32\USRpdA.dll - will be deleted on reboot
    16:37:52.0059 4812 imonitor ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0226 4812 C:\Windows\system32\vmkbd.dll - copied to quarantine
    16:37:52.0227 4812 HKLM\SYSTEM\ControlSet001\services\iomegaaccess - will be deleted on reboot
    16:37:52.0234 4812 C:\Windows\system32\vmkbd.dll - will be deleted on reboot
    16:37:52.0234 4812 iomegaaccess ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0277 4812 C:\Windows\system32\atiavaiw.dll - copied to quarantine
    16:37:52.0278 4812 HKLM\SYSTEM\ControlSet001\services\lvselsus - will be deleted on reboot
    16:37:52.0278 4812 HKLM\SYSTEM\ControlSet003\services\lvselsus - will be deleted on reboot
    16:37:52.0285 4812 C:\Windows\system32\atiavaiw.dll - will be deleted on reboot
    16:37:52.0285 4812 lvselsus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0389 4812 C:\Windows\system32\Sus2pl.dll - copied to quarantine
    16:37:52.0390 4812 HKLM\SYSTEM\ControlSet001\services\lvuvc - will be deleted on reboot
    16:37:52.0397 4812 C:\Windows\system32\Sus2pl.dll - will be deleted on reboot
    16:37:52.0397 4812 lvuvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0456 4812 C:\Windows\system32\timounter.dll - copied to quarantine
    16:37:52.0457 4812 HKLM\SYSTEM\ControlSet001\services\mclserviceatl - will be deleted on reboot
    16:37:52.0458 4812 HKLM\SYSTEM\ControlSet003\services\mclserviceatl - will be deleted on reboot
    16:37:52.0464 4812 C:\Windows\system32\timounter.dll - will be deleted on reboot
    16:37:52.0464 4812 mclserviceatl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0646 4812 C:\Windows\system32\websenseclientdeployservice.dll - copied to quarantine
    16:37:52.0647 4812 HKLM\SYSTEM\ControlSet001\services\mfcom - will be deleted on reboot
    16:37:52.0648 4812 HKLM\SYSTEM\ControlSet003\services\mfcom - will be deleted on reboot
    16:37:52.0654 4812 C:\Windows\system32\websenseclientdeployservice.dll - will be deleted on reboot
    16:37:52.0654 4812 mfcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0804 4812 C:\Windows\system32\ndis.dll - copied to quarantine
    16:37:52.0805 4812 HKLM\SYSTEM\ControlSet001\services\MXOPSWD - will be deleted on reboot
    16:37:52.0805 4812 HKLM\SYSTEM\ControlSet003\services\MXOPSWD - will be deleted on reboot
    16:37:52.0811 4812 C:\Windows\system32\ndis.dll - will be deleted on reboot
    16:37:52.0811 4812 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0892 4812 C:\Windows\system32\wg3n.dll - copied to quarantine
    16:37:52.0893 4812 HKLM\SYSTEM\ControlSet001\services\naveng - will be deleted on reboot
    16:37:52.0899 4812 C:\Windows\system32\wg3n.dll - will be deleted on reboot
    16:37:52.0899 4812 naveng ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:52.0959 4812 C:\Windows\system32\rpaservice.dll - copied to quarantine
    16:37:52.0959 4812 HKLM\SYSTEM\ControlSet001\services\nbservice - will be deleted on reboot
    16:37:52.0965 4812 C:\Windows\system32\rpaservice.dll - will be deleted on reboot
    16:37:52.0965 4812 nbservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0185 4812 C:\Windows\system32\lxbs_device.dll - copied to quarantine
    16:37:53.0186 4812 HKLM\SYSTEM\ControlSet001\services\netw4x32 - will be deleted on reboot
    16:37:53.0187 4812 HKLM\SYSTEM\ControlSet003\services\netw4x32 - will be deleted on reboot
    16:37:53.0194 4812 C:\Windows\system32\lxbs_device.dll - will be deleted on reboot
    16:37:53.0194 4812 netw4x32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0358 4812 C:\Windows\system32\CBN.dll - copied to quarantine
    16:37:53.0358 4812 HKLM\SYSTEM\ControlSet001\services\nuvaud2 - will be deleted on reboot
    16:37:53.0359 4812 HKLM\SYSTEM\ControlSet003\services\nuvaud2 - will be deleted on reboot
    16:37:53.0365 4812 C:\Windows\system32\CBN.dll - will be deleted on reboot
    16:37:53.0365 4812 nuvaud2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0420 4812 C:\Windows\system32\rapapp.dll - copied to quarantine
    16:37:53.0421 4812 HKLM\SYSTEM\ControlSet001\services\pptchpad - will be deleted on reboot
    16:37:53.0424 4812 C:\Windows\system32\rapapp.dll - will be deleted on reboot
    16:37:53.0425 4812 pptchpad ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0483 4812 C:\Windows\system32\SE2Dmgmt.dll - copied to quarantine
    16:37:53.0484 4812 HKLM\SYSTEM\ControlSet001\services\RR2Mjpeg - will be deleted on reboot
    16:37:53.0485 4812 HKLM\SYSTEM\ControlSet003\services\RR2Mjpeg - will be deleted on reboot
    16:37:53.0488 4812 C:\Windows\system32\SE2Dmgmt.dll - will be deleted on reboot
    16:37:53.0488 4812 RR2Mjpeg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0556 4812 C:\Windows\system32\mfebopk.dll - copied to quarantine
    16:37:53.0557 4812 HKLM\SYSTEM\ControlSet001\services\sandradatasrv - will be deleted on reboot
    16:37:53.0558 4812 HKLM\SYSTEM\ControlSet003\services\sandradatasrv - will be deleted on reboot
    16:37:53.0561 4812 C:\Windows\system32\mfebopk.dll - will be deleted on reboot
    16:37:53.0561 4812 sandradatasrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0639 4812 C:\Windows\system32\Wdf01000.dll - copied to quarantine
    16:37:53.0640 4812 HKLM\SYSTEM\ControlSet001\services\savrt - will be deleted on reboot
    16:37:53.0641 4812 HKLM\SYSTEM\ControlSet003\services\savrt - will be deleted on reboot
    16:37:53.0644 4812 C:\Windows\system32\Wdf01000.dll - will be deleted on reboot
    16:37:53.0644 4812 savrt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0728 4812 C:\Windows\system32\tvtnetwk.dll - copied to quarantine
    16:37:53.0728 4812 HKLM\SYSTEM\ControlSet001\services\savscan - will be deleted on reboot
    16:37:53.0729 4812 HKLM\SYSTEM\ControlSet003\services\savscan - will be deleted on reboot
    16:37:53.0732 4812 C:\Windows\system32\tvtnetwk.dll - will be deleted on reboot
    16:37:53.0732 4812 savscan ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:53.0899 4812 C:\Windows\system32\SbcpHid.dll - copied to quarantine
    16:37:53.0900 4812 HKLM\SYSTEM\ControlSet001\services\se2Cunic - will be deleted on reboot
    16:37:53.0903 4812 C:\Windows\system32\SbcpHid.dll - will be deleted on reboot
    16:37:53.0903 4812 se2Cunic ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:54.0000 4812 C:\Windows\system32\wzcsvc.dll - copied to quarantine
    16:37:54.0001 4812 HKLM\SYSTEM\ControlSet001\services\ser2pl - will be deleted on reboot
    16:37:54.0001 4812 HKLM\SYSTEM\ControlSet003\services\ser2pl - will be deleted on reboot
    16:37:54.0005 4812 C:\Windows\system32\wzcsvc.dll - will be deleted on reboot
    16:37:54.0005 4812 ser2pl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:37:54.0132 4812 C:\Windows\system32\DRIVERS\serial.sys - copied to quarantine
    16:37:54.0177 4812 C:\Windows\$NtUninstallKB59839$\2289590727\@ - copied to quarantine
    16:37:54.0178 4812 C:\Windows\$NtUninstallKB59839$\2289590727\cfg.ini - copied to quarantine
    16:37:54.0216 4812 C:\Windows\$NtUninstallKB59839$\2289590727\Desktop.ini - copied to quarantine
    16:37:54.0238 4812 C:\Windows\$NtUninstallKB59839$\2289590727\L\xtqaoywe - copied to quarantine
    16:37:54.0240 4812 C:\Windows\$NtUninstallKB59839$\2289590727\oemid - copied to quarantine
    16:37:54.0265 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000001.@ - copied to quarantine
    16:37:54.0402 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000002.@ - copied to quarantine
    16:37:54.0435 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000004.@ - copied to quarantine
    16:37:54.0503 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000000.@ - copied to quarantine
    16:37:54.0518 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000004.@ - copied to quarantine
    16:37:54.0536 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000032.@ - copied to quarantine
    16:37:54.0543 4812 C:\Windows\$NtUninstallKB59839$\2289590727\version - copied to quarantine
    16:37:57.0877 4812 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\serial.sys) error 1813
    16:37:59.0283 4812 Backup copy found, using it..
    16:37:59.0342 4812 C:\Windows\system32\DRIVERS\serial.sys - will be cured on reboot
    16:38:05.0832 4812 C:\Windows\$NtUninstallKB59839$\136304761 - will be deleted on reboot
    16:38:05.0833 4812 C:\Windows\$NtUninstallKB59839$\2289590727\@ - will be deleted on reboot
    16:38:05.0833 4812 C:\Windows\$NtUninstallKB59839$\2289590727\cfg.ini - will be deleted on reboot
    16:38:05.0834 4812 C:\Windows\$NtUninstallKB59839$\2289590727\Desktop.ini - will be deleted on reboot
    16:38:05.0852 4812 C:\Windows\$NtUninstallKB59839$\2289590727\oemid - will be deleted on reboot
    16:38:05.0866 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000001.@ - will be deleted on reboot
    16:38:05.0866 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000002.@ - will be deleted on reboot
    16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\00000004.@ - will be deleted on reboot
    16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000000.@ - will be deleted on reboot
    16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000004.@ - will be deleted on reboot
    16:38:05.0867 4812 C:\Windows\$NtUninstallKB59839$\2289590727\U\80000032.@ - will be deleted on reboot
    16:38:05.0868 4812 C:\Windows\$NtUninstallKB59839$\2289590727\version - will be deleted on reboot
    16:38:05.0873 4812 Serial ( Virus.Win32.ZAccess.k ) - User select action: Cure
    16:38:05.0970 4812 C:\Windows\system32\irbus.dll - copied to quarantine
    16:38:05.0993 4812 HKLM\SYSTEM\ControlSet001\services\SNC - will be deleted on reboot
    16:38:05.0994 4812 HKLM\SYSTEM\ControlSet003\services\SNC - will be deleted on reboot
    16:38:06.0001 4812 C:\Windows\system32\irbus.dll - will be deleted on reboot
    16:38:06.0001 4812 SNC ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0004 4812 sptd ( LockedFile.Multi.Generic ) - skipped by user
    16:38:06.0004 4812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    16:38:06.0205 4812 C:\Windows\system32\VrAcFil.dll - copied to quarantine
    16:38:06.0206 4812 HKLM\SYSTEM\ControlSet001\services\tosrfnds - will be deleted on reboot
    16:38:06.0210 4812 C:\Windows\system32\VrAcFil.dll - will be deleted on reboot
    16:38:06.0210 4812 tosrfnds ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0278 4812 C:\Windows\system32\usnsvc.dll - copied to quarantine
    16:38:06.0279 4812 HKLM\SYSTEM\ControlSet001\services\ulcdrhlp - will be deleted on reboot
    16:38:06.0280 4812 HKLM\SYSTEM\ControlSet003\services\ulcdrhlp - will be deleted on reboot
    16:38:06.0283 4812 C:\Windows\system32\usnsvc.dll - will be deleted on reboot
    16:38:06.0283 4812 ulcdrhlp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0363 4812 C:\Windows\system32\csctl50.dll - copied to quarantine
    16:38:06.0364 4812 HKLM\SYSTEM\ControlSet001\services\vci - will be deleted on reboot
    16:38:06.0368 4812 C:\Windows\system32\csctl50.dll - will be deleted on reboot
    16:38:06.0368 4812 vci ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0430 4812 C:\Windows\system32\tphdexlgsvc.dll - copied to quarantine
    16:38:06.0431 4812 HKLM\SYSTEM\ControlSet001\services\vpctcom - will be deleted on reboot
    16:38:06.0432 4812 HKLM\SYSTEM\ControlSet003\services\vpctcom - will be deleted on reboot
    16:38:06.0439 4812 C:\Windows\system32\tphdexlgsvc.dll - will be deleted on reboot
    16:38:06.0439 4812 vpctcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0498 4812 C:\Windows\system32\dcstor32.dll - copied to quarantine
    16:38:06.0499 4812 HKLM\SYSTEM\ControlSet001\services\WinVd32 - will be deleted on reboot
    16:38:06.0500 4812 HKLM\SYSTEM\ControlSet003\services\WinVd32 - will be deleted on reboot
    16:38:06.0504 4812 C:\Windows\system32\dcstor32.dll - will be deleted on reboot
    16:38:06.0504 4812 WinVd32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0554 4812 C:\Windows\system32\clnt_clientman.dll - copied to quarantine
    16:38:06.0555 4812 HKLM\SYSTEM\ControlSet001\services\wusb54gv2svc - will be deleted on reboot
    16:38:06.0555 4812 HKLM\SYSTEM\ControlSet003\services\wusb54gv2svc - will be deleted on reboot
    16:38:06.0561 4812 C:\Windows\system32\clnt_clientman.dll - will be deleted on reboot
    16:38:06.0561 4812 wusb54gv2svc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:06.0666 4812 C:\Windows\system32\shellhwdetection.dll - copied to quarantine
    16:38:06.0667 4812 HKLM\SYSTEM\ControlSet001\services\zenos1 - will be deleted on reboot
    16:38:06.0674 4812 C:\Windows\system32\shellhwdetection.dll - will be deleted on reboot
    16:38:06.0675 4812 zenos1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    16:38:18.0917 3872 Deinitialize success
     
  10. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please re-run it one more time.
     
  11. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    TDSSKIller (rerun) log part 1 (a-n)

    16:55:11.0780 7040 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    16:55:12.0713 7040 ============================================================
    16:55:12.0713 7040 Current date / time: 2012/04/11 16:55:12.0713
    16:55:12.0713 7040 SystemInfo:
    16:55:12.0713 7040
    16:55:12.0713 7040 OS Version: 6.0.6002 ServicePack: 2.0
    16:55:12.0713 7040 Product type: Workstation
    16:55:12.0713 7040 ComputerName: STEVE-PC
    16:55:12.0714 7040 UserName: Steve
    16:55:12.0714 7040 Windows directory: C:\Windows
    16:55:12.0714 7040 System windows directory: C:\Windows
    16:55:12.0714 7040 Processor architecture: Intel x86
    16:55:12.0714 7040 Number of processors: 2
    16:55:12.0714 7040 Page size: 0x1000
    16:55:12.0714 7040 Boot type: Normal boot
    16:55:12.0714 7040 ============================================================
    16:55:14.0332 7040 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    16:55:14.0369 7040 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:55:14.0370 7040 \Device\Harddisk0\DR0:
    16:55:14.0409 7040 MBR used
    16:55:14.0409 7040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
    16:55:14.0409 7040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
    16:55:14.0409 7040 \Device\Harddisk5\DR5:
    16:55:14.0410 7040 MBR used
    16:55:14.0411 7040 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    16:55:14.0651 7040 Initialize success
    16:55:14.0652 7040 ============================================================
    16:55:19.0337 7464 ============================================================
    16:55:19.0337 7464 Scan started
    16:55:19.0337 7464 Mode: Manual;
    16:55:19.0337 7464 ============================================================
    16:55:20.0789 7464 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    16:55:20.0802 7464 ACPI - ok
    16:55:20.0877 7464 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    16:55:20.0878 7464 adfs - ok
    16:55:20.0994 7464 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    16:55:20.0997 7464 Adobe Version Cue CS4 - ok
    16:55:21.0191 7464 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:55:21.0194 7464 AdobeFlashPlayerUpdateSvc - ok
    16:55:21.0393 7464 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    16:55:21.0401 7464 adp94xx - ok
    16:55:21.0540 7464 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    16:55:21.0544 7464 adpahci - ok
    16:55:21.0604 7464 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    16:55:21.0607 7464 adpu160m - ok
    16:55:21.0644 7464 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    16:55:21.0648 7464 adpu320 - ok
    16:55:21.0766 7464 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    16:55:21.0767 7464 AeLookupSvc - ok
    16:55:21.0788 7464 AeLookupSvcMDM - ok
    16:55:21.0830 7464 AeLookupSvcMDMCryptSvc - ok
    16:55:21.0897 7464 AeLookupSvcMDMehRecvr - ok
    16:55:21.0927 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVE - ok
    16:55:21.0938 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01 - ok
    16:55:21.0948 7464 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso - ok
    16:55:21.0972 7464 AeLookupSvcMDMehRecvrW32Timep2pimsvc - ok
    16:55:22.0051 7464 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    16:55:22.0057 7464 AFD - ok
    16:55:22.0431 7464 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
    16:55:22.0450 7464 AgereSoftModem - ok
    16:55:22.0677 7464 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    16:55:22.0687 7464 agp440 - ok
    16:55:22.0735 7464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    16:55:22.0738 7464 aic78xx - ok
    16:55:22.0779 7464 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    16:55:22.0780 7464 ALG - ok
    16:55:22.0938 7464 ALGmsvsmon80 - ok
    16:55:22.0965 7464 ALGmsvsmon80MSSQLServerADHelper - ok
    16:55:23.0010 7464 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    16:55:23.0012 7464 aliide - ok
    16:55:23.0061 7464 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    16:55:23.0063 7464 amdagp - ok
    16:55:23.0200 7464 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    16:55:23.0208 7464 amdide - ok
    16:55:23.0245 7464 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    16:55:23.0247 7464 AmdK7 - ok
    16:55:23.0637 7464 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    16:55:23.0641 7464 AmdK8 - ok
    16:55:23.0710 7464 AnyDVD (4f0e198fd3d5cd8bee02e0f014601bc5) C:\Windows\system32\Drivers\AnyDVD.sys
    16:55:23.0712 7464 AnyDVD - ok
    16:55:23.0806 7464 Apache2 (3c8b7e1e3f136c000c96690ac008c799) C:\Web\Apache2\bin\Apache.exe
    16:55:23.0807 7464 Apache2 - ok
    16:55:23.0909 7464 Apache2slsvc - ok
    16:55:23.0966 7464 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    16:55:23.0967 7464 Appinfo - ok
    16:55:23.0993 7464 AppinfoBFE - ok
    16:55:24.0014 7464 AppinfoBFEWPDBusEnum - ok
    16:55:24.0142 7464 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:55:24.0144 7464 Apple Mobile Device - ok
    16:55:24.0240 7464 AppServer9PE - ok
    16:55:24.0511 7464 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    16:55:24.0513 7464 arc - ok
    16:55:24.0576 7464 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    16:55:24.0578 7464 arcsas - ok
    16:55:24.0661 7464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:55:24.0663 7464 AsyncMac - ok
    16:55:24.0719 7464 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    16:55:24.0720 7464 atapi - ok
    16:55:24.0812 7464 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    16:55:24.0814 7464 AudioEndpointBuilder - ok
    16:55:24.0822 7464 AudioEndpointBuilderMSDTCLanmanServer - ok
    16:55:24.0888 7464 AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:55:24.0909 7464 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    16:55:24.0912 7464 Audiosrv - ok
    16:55:24.0946 7464 AudiosrvMSSQLServerADHelperIKEEXT - ok
    16:55:25.0172 7464 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    16:55:25.0193 7464 AVG Security Toolbar Service - ok
    16:55:25.0805 7464 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    16:55:25.0838 7464 AVGIDSAgent - ok
    16:55:25.0995 7464 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    16:55:25.0997 7464 AVGIDSDriver - ok
    16:55:26.0059 7464 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    16:55:26.0061 7464 AVGIDSEH - ok
    16:55:26.0149 7464 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    16:55:26.0150 7464 AVGIDSFilter - ok
    16:55:26.0216 7464 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    16:55:26.0217 7464 AVGIDSShim - ok
    16:55:26.0279 7464 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    16:55:26.0282 7464 Avgldx86 - ok
    16:55:26.0600 7464 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    16:55:26.0601 7464 Avgmfx86 - ok
    16:55:26.0669 7464 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    16:55:26.0671 7464 Avgrkx86 - ok
    16:55:26.0754 7464 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    16:55:26.0756 7464 Avgtdix - ok
    16:55:26.0895 7464 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    16:55:26.0897 7464 avgwd - ok
    16:55:27.0019 7464 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    16:55:27.0020 7464 Beep - ok
    16:55:27.0025 7464 BFEDPSmsvsmon80 - ok
    16:55:27.0040 7464 BFEupnphostmsiserver - ok
    16:55:27.0118 7464 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    16:55:27.0124 7464 BITS - ok
    16:55:27.0180 7464 BITSApache2 - ok
    16:55:27.0202 7464 BITSSENSSysMain - ok
    16:55:27.0208 7464 BITSslsvc - ok
    16:55:27.0230 7464 BITSslsvcAppinfoBFEWPDBusEnum - ok
    16:55:27.0236 7464 BITSslsvcAppinfoBFEWPDBusEnumehSched - ok
    16:55:27.0254 7464 BITSslsvcp2pimsvc - ok
    16:55:27.0272 7464 BITSslsvcp2pimsvcupnphostmsiserver - ok
    16:55:27.0277 7464 BITSslsvcp2pimsvcupnphostmsiserverBrowser - ok
    16:55:27.0289 7464 BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch - ok
    16:55:27.0312 7464 BITSW32Timep2pimsvc - ok
    16:55:27.0345 7464 blbdrive - ok
    16:55:27.0662 7464 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    16:55:27.0665 7464 Bonjour Service - ok
    16:55:27.0784 7464 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    16:55:27.0786 7464 bowser - ok
    16:55:27.0834 7464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    16:55:27.0835 7464 BrFiltLo - ok
    16:55:27.0958 7464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    16:55:27.0959 7464 BrFiltUp - ok
    16:55:27.0974 7464 BrlAPI - ok
    16:55:27.0997 7464 BrlAPIEventSystemwscsvcmsvsmon80 - ok
    16:55:28.0030 7464 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    16:55:28.0032 7464 Browser - ok
    16:55:28.0087 7464 Browserhkmsvc - ok
    16:55:28.0094 7464 BrowserhkmsvcNetTcpPortSharingnvsvc - ok
    16:55:28.0102 7464 BrowserhkmsvcNetTcpPortSharingnvsvchidserv - ok
    16:55:28.0110 7464 BrowserhkmsvcPACSPTISVR - ok
    16:55:28.0161 7464 BrowserhkmsvcSLUINotify - ok
    16:55:28.0169 7464 BrowserhkmsvcSLUINotifynvsvcW32Time - ok
    16:55:28.0181 7464 BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc - ok
    16:55:28.0241 7464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    16:55:28.0243 7464 Brserid - ok
    16:55:28.0266 7464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    16:55:28.0268 7464 BrSerWdm - ok
    16:55:28.0294 7464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    16:55:28.0295 7464 BrUsbMdm - ok
    16:55:28.0359 7464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    16:55:28.0368 7464 BrUsbSer - ok
    16:55:28.0554 7464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    16:55:28.0555 7464 BTHMODEM - ok
    16:55:28.0634 7464 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:55:28.0636 7464 cdfs - ok
    16:55:28.0737 7464 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    16:55:28.0750 7464 cdrom - ok
    16:55:28.0814 7464 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    16:55:28.0815 7464 CertPropSvc - ok
    16:55:28.0867 7464 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    16:55:28.0869 7464 circlass - ok
    16:55:28.0932 7464 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    16:55:28.0937 7464 CLFS - ok
    16:55:29.0021 7464 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:55:29.0024 7464 clr_optimization_v2.0.50727_32 - ok
    16:55:29.0030 7464 clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV - ok
    16:55:29.0118 7464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:55:29.0120 7464 clr_optimization_v4.0.30319_32 - ok
    16:55:29.0211 7464 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:55:29.0214 7464 CmBatt - ok
    16:55:29.0276 7464 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    16:55:29.0277 7464 cmdide - ok
    16:55:29.0312 7464 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    16:55:29.0323 7464 Compbatt - ok
    16:55:29.0668 7464 COMSysApp - ok
    16:55:29.0709 7464 COMSysAppMMCSS - ok
    16:55:29.0766 7464 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    16:55:29.0768 7464 crcdisk - ok
    16:55:29.0808 7464 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    16:55:29.0810 7464 Crusoe - ok
    16:55:29.0851 7464 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    16:55:29.0852 7464 CryptSvc - ok
    16:55:29.0942 7464 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    16:55:29.0948 7464 DcomLaunch - ok
    16:55:30.0015 7464 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    16:55:30.0018 7464 DfsC - ok
    16:55:30.0147 7464 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    16:55:30.0201 7464 DFSR - ok
    16:55:30.0207 7464 DFSRWinHttpAutoProxySvc - ok
    16:55:30.0316 7464 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    16:55:30.0323 7464 Dhcp - ok
    16:55:30.0522 7464 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    16:55:30.0539 7464 disk - ok
    16:55:30.0580 7464 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    16:55:30.0582 7464 Dnscache - ok
    16:55:30.0597 7464 DnscachewmiApSrv - ok
    16:55:30.0631 7464 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    16:55:30.0634 7464 dot3svc - ok
    16:55:30.0639 7464 dot3svcSpooler - ok
    16:55:30.0742 7464 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    16:55:30.0758 7464 dot4 - ok
    16:55:30.0790 7464 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    16:55:30.0791 7464 Dot4Print - ok
    16:55:30.0816 7464 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:55:30.0831 7464 dot4usb - ok
    16:55:30.0974 7464 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    16:55:31.0027 7464 DPS - ok
    16:55:31.0219 7464 DPSmsvsmon80 - ok
    16:55:31.0225 7464 DPSmsvsmon80IDriverTBrowser - ok
    16:55:31.0250 7464 DPSmsvsmon80MSDTCSharedAccess - ok
    16:55:31.0267 7464 DPSSENSSysMain - ok
    16:55:31.0276 7464 DPSupnphostmsiserver - ok
    16:55:31.0413 7464 DPSupnphostmsiserverThemesNetTcpPortSharing - ok
    16:55:31.0485 7464 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    16:55:31.0486 7464 drmkaud - ok
    16:55:31.0541 7464 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    16:55:31.0546 7464 DXGKrnl - ok
    16:55:31.0664 7464 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    16:55:31.0667 7464 E1G60 - ok
    16:55:31.0705 7464 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    16:55:31.0707 7464 EapHost - ok
    16:55:31.0724 7464 EapHostLanmanServerfdPHostUI0DetectDFSR - ok
    16:55:31.0731 7464 EapHostTBS - ok
    16:55:31.0789 7464 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    16:55:31.0793 7464 Ecache - ok
    16:55:31.0859 7464 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    16:55:31.0864 7464 ehRecvr - ok
    16:55:31.0906 7464 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    16:55:31.0909 7464 ehSched - ok
    16:55:31.0954 7464 ehSchedTrustedInstallerWinmgmt - ok
    16:55:31.0967 7464 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    16:55:31.0968 7464 ehstart - ok
    16:55:31.0993 7464 ehstartMySQLWPDBusEnumBITS - ok
    16:55:32.0024 7464 elagopro - ok
    16:55:32.0073 7464 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
    16:55:32.0074 7464 ElbyCDIO - ok
    16:55:32.0201 7464 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    16:55:32.0207 7464 elxstor - ok
    16:55:32.0288 7464 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    16:55:32.0300 7464 EMDMgmt - ok
    16:55:32.0312 7464 EMDMgmtplaWMPNetworkSvcehstart - ok
    16:55:32.0584 7464 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    16:55:32.0586 7464 EPSON_PM_RPCV4_01 - ok
    16:55:32.0702 7464 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    16:55:32.0711 7464 EventSystem - ok
    16:55:32.0722 7464 EventSystemMSiSCSI - ok
    16:55:32.0782 7464 EventSystemwscsvc - ok
    16:55:32.0795 7464 EventSystemwscsvcmsvsmon80 - ok
    16:55:32.0814 7464 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc - ok
    16:55:32.0827 7464 EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost - ok
    16:55:32.0858 7464 EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:55:32.0908 7464 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    16:55:32.0911 7464 exfat - ok
    16:55:32.0956 7464 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    16:55:32.0960 7464 fastfat - ok
    16:55:33.0072 7464 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    16:55:33.0073 7464 fdc - ok
    16:55:33.0129 7464 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    16:55:33.0130 7464 fdPHost - ok
    16:55:33.0150 7464 fdPHostUI0DetectDFSR - ok
    16:55:33.0182 7464 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    16:55:33.0183 7464 FDResPub - ok
    16:55:33.0292 7464 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    16:55:33.0294 7464 FileInfo - ok
    16:55:33.0542 7464 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    16:55:33.0555 7464 Filetrace - ok
    16:55:33.0590 7464 firesvc - ok
    16:55:33.0687 7464 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    16:55:33.0699 7464 FLEXnet Licensing Service - ok
    16:55:33.0806 7464 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:55:33.0807 7464 flpydisk - ok
    16:55:33.0887 7464 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    16:55:33.0891 7464 FltMgr - ok
    16:55:33.0997 7464 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    16:55:34.0010 7464 FontCache - ok
    16:55:34.0120 7464 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:55:34.0121 7464 FontCache3.0.0.0 - ok
    16:55:34.0187 7464 FontCache3.0.0.0 Back-End Service - ok
    16:55:34.0223 7464 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    16:55:34.0224 7464 Fs_Rec - ok
    16:55:34.0256 7464 FXDrv32 - ok
    16:55:34.0374 7464 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    16:55:34.0375 7464 gagp30kx - ok
    16:55:34.0484 7464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:55:34.0486 7464 GEARAspiWDM - ok
    16:55:34.0719 7464 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    16:55:34.0724 7464 gpsvc - ok
    16:55:34.0830 7464 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    16:55:34.0835 7464 HdAudAddService - ok
    16:55:34.0947 7464 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:55:34.0959 7464 HDAudBus - ok
    16:55:35.0034 7464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    16:55:35.0036 7464 HidBth - ok
    16:55:35.0067 7464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    16:55:35.0069 7464 HidIr - ok
    16:55:35.0133 7464 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    16:55:35.0134 7464 hidserv - ok
    16:55:35.0236 7464 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    16:55:35.0237 7464 HidUsb - ok
    16:55:35.0269 7464 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    16:55:35.0271 7464 hkmsvc - ok
    16:55:35.0276 7464 hkmsvcQWAVE - ok
    16:55:35.0305 7464 hkmsvcQWAVEplaWMPNetworkSvcehstart - ok
    16:55:35.0331 7464 hkmsvcWSearch - ok
    16:55:35.0408 7464 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    16:55:35.0500 7464 HpCISSs - ok
    16:55:35.0610 7464 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    16:55:35.0617 7464 HTTP - ok
    16:55:35.0651 7464 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    16:55:35.0653 7464 i2omp - ok
    16:55:35.0778 7464 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:55:35.0794 7464 i8042prt - ok
    16:55:35.0876 7464 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:55:35.0898 7464 ialm - ok
    16:55:35.0983 7464 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    16:55:35.0990 7464 iaStorV - ok
    16:55:36.0138 7464 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    16:55:36.0141 7464 IDriverT - ok
    16:55:36.0145 7464 IDriverTBrowser - ok
    16:55:36.0199 7464 IDriverTBrowserSQLBrowser - ok
    16:55:36.0231 7464 IDriverTBrowserSQLBrowserProtectedStorageusnjsvc - ok
    16:55:36.0469 7464 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:55:36.0484 7464 idsvc - ok
    16:55:36.0498 7464 idsvcclr_optimization_v2.0.50727_32 - ok
    16:55:36.0512 7464 idsvcwcncsvc - ok
    16:55:36.0564 7464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    16:55:36.0566 7464 iirsp - ok
    16:55:36.0661 7464 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    16:55:36.0678 7464 IKEEXT - ok
    16:55:36.0684 7464 IKEEXTehstart - ok
    16:55:36.0709 7464 IKEEXTOracleXEClrAgentMpsSvc - ok
    16:55:36.0793 7464 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
    16:55:36.0805 7464 IntcAzAudAddService - ok
    16:55:36.0942 7464 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    16:55:36.0955 7464 intelide - ok
    16:55:36.0981 7464 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    16:55:36.0982 7464 intelppm - ok
    16:55:37.0018 7464 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    16:55:37.0020 7464 IPBusEnum - ok
    16:55:37.0055 7464 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:55:37.0057 7464 IpFilterDriver - ok
    16:55:37.0063 7464 iphlpsvciphlpsvc - ok
    16:55:37.0070 7464 iphlpsvcPolicyAgent - ok
    16:55:37.0128 7464 iphlpsvcRemoteAccessPNRPAutoReg - ok
    16:55:37.0133 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:55:37.0157 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeKService - ok
    16:55:37.0180 7464 iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeMSCSPTISRVTapiSrvMSCSPTISRV - ok
    16:55:37.0208 7464 IpInIp - ok
    16:55:37.0245 7464 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    16:55:37.0247 7464 IPMIDRV - ok
    16:55:37.0283 7464 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    16:55:37.0285 7464 IPNAT - ok
    16:55:37.0512 7464 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    16:55:37.0518 7464 iPod Service - ok
    16:55:37.0635 7464 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    16:55:37.0638 7464 irda - ok
    16:55:37.0667 7464 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    16:55:37.0668 7464 IRENUM - ok
    16:55:37.0704 7464 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
    16:55:37.0706 7464 Irmon - ok
    16:55:37.0714 7464 IrmonShellHWDetection - ok
    16:55:37.0765 7464 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
    16:55:37.0766 7464 irsir - ok
    16:55:37.0879 7464 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    16:55:37.0883 7464 isapnp - ok
    16:55:37.0921 7464 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:55:37.0923 7464 iScsiPrt - ok
    16:55:37.0954 7464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    16:55:37.0955 7464 iteatapi - ok
    16:55:38.0037 7464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    16:55:38.0039 7464 iteraid - ok
    16:55:38.0139 7464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:55:38.0140 7464 kbdclass - ok
    16:55:38.0201 7464 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:55:38.0203 7464 kbdhid - ok
    16:55:38.0296 7464 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:55:38.0297 7464 KeyIso - ok
    16:55:38.0422 7464 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    16:55:38.0439 7464 KSecDD - ok
    16:55:38.0702 7464 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe
    16:55:38.0754 7464 KService - ok
    16:55:38.0865 7464 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    16:55:38.0884 7464 KtmRm - ok
    16:55:38.0895 7464 KtmRmp2pimsvc - ok
    16:55:38.0901 7464 KtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:55:38.0952 7464 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    16:55:38.0957 7464 LanmanServer - ok
    16:55:38.0962 7464 LanmanServerfdPHostUI0DetectDFSR - ok
    16:55:39.0006 7464 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    16:55:39.0011 7464 LanmanWorkstation - ok
    16:55:39.0160 7464 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:55:39.0162 7464 lltdio - ok
    16:55:39.0212 7464 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    16:55:39.0217 7464 lltdsvc - ok
    16:55:39.0243 7464 lltdsvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:55:39.0253 7464 lltdsvcidsvc - ok
    16:55:39.0264 7464 lltdsvcSQLWriter - ok
    16:55:39.0283 7464 lltdsvcSQLWriterSstpSvcoseSPTISRV - ok
    16:55:39.0303 7464 lltdsvcSQLWriterSstpSvcoseSPTISRVpla - ok
    16:55:39.0330 7464 lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc - ok
    16:55:39.0465 7464 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    16:55:39.0467 7464 lmhosts - ok
    16:55:39.0529 7464 lmhostsALGmsvsmon80 - ok
    16:55:39.0542 7464 lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing - ok
    16:55:39.0569 7464 lmhostsALGmsvsmon80vds - ok
    16:55:39.0592 7464 lmhostshkmsvc - ok
    16:55:39.0659 7464 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    16:55:39.0680 7464 LSI_FC - ok
    16:55:39.0722 7464 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    16:55:39.0726 7464 LSI_SAS - ok
    16:55:39.0772 7464 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    16:55:39.0776 7464 LSI_SCSI - ok
    16:55:39.0856 7464 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    16:55:39.0860 7464 luafv - ok
    16:55:40.0005 7464 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    16:55:40.0008 7464 Macromedia Licensing Service - ok
    16:55:40.0130 7464 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
    16:55:40.0134 7464 MAUSBFASTTRACK - ok
    16:55:40.0261 7464 McciCMService (a19444bed5aa69e4dbe7a68cc334591f) C:\Program Files\Common Files\Motive\McciCMService.exe
    16:55:40.0266 7464 McciCMService - ok
    16:55:40.0372 7464 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    16:55:40.0406 7464 mcdbus - ok
    16:55:40.0609 7464 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
    16:55:40.0610 7464 Mcx2Svc - ok
    16:55:40.0614 7464 Mcx2SvcDhcp - ok
    16:55:40.0650 7464 Mcx2SvcSDRSVC - ok
    16:55:40.0665 7464 Mcx2SvcShellHWDetectionupnphostpla - ok
    16:55:40.0679 7464 Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc - ok
    16:55:40.0700 7464 Mcx2SvcTHREADORDER - ok
    16:55:40.0757 7464 Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0 - ok
    16:55:40.0782 7464 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDM - ok
    16:55:40.0796 7464 Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv - ok
    16:55:40.0918 7464 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    16:55:40.0923 7464 MDM - ok
    16:55:41.0027 7464 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    16:55:41.0029 7464 megasas - ok
    16:55:41.0057 7464 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    16:55:41.0060 7464 MMCSS - ok
    16:55:41.0074 7464 MMCSSMMCSSWdiSystemHost - ok
    16:55:41.0084 7464 MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:55:41.0089 7464 MMCSSWdiSystemHost - ok
    16:55:41.0096 7464 MMCSSWdiSystemHostnvsvc - ok
    16:55:41.0160 7464 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    16:55:41.0162 7464 Modem - ok
    16:55:41.0280 7464 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    16:55:41.0281 7464 monitor - ok
    16:55:41.0324 7464 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    16:55:41.0325 7464 mouclass - ok
    16:55:41.0502 7464 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
    16:55:41.0503 7464 moufiltr - ok
    16:55:41.0529 7464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    16:55:41.0530 7464 mouhid - ok
    16:55:41.0626 7464 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    16:55:41.0629 7464 MountMgr - ok
    16:55:41.0675 7464 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    16:55:41.0677 7464 mpio - ok
    16:55:41.0747 7464 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    16:55:41.0763 7464 mpsdrv - ok
    16:55:41.0767 7464 MpsSvcBrlAPI - ok
    16:55:41.0796 7464 MpsSvcNlaSvc - ok
    16:55:41.0811 7464 MpsSvcNlaSvcCertPropSvc - ok
    16:55:41.0825 7464 MpsSvcSCPolicySvc - ok
    16:55:41.0842 7464 MpsSvcSCPolicySvclmhostshkmsvc - ok
    16:55:41.0848 7464 MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc - ok
    16:55:41.0866 7464 MpsSvcSPTISRV - ok
    16:55:41.0893 7464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    16:55:41.0895 7464 Mraid35x - ok
    16:55:42.0050 7464 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    16:55:42.0062 7464 MREMP50 - ok
    16:55:42.0072 7464 MREMPR5 - ok
    16:55:42.0079 7464 MRENDIS5 - ok
    16:55:42.0117 7464 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    16:55:42.0118 7464 MRESP50 - ok
    16:55:42.0207 7464 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    16:55:42.0210 7464 MRxDAV - ok
    16:55:42.0269 7464 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:55:42.0289 7464 mrxsmb - ok
    16:55:42.0335 7464 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:55:42.0339 7464 mrxsmb10 - ok
    16:55:42.0378 7464 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:55:42.0387 7464 mrxsmb20 - ok
    16:55:42.0478 7464 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    16:55:42.0479 7464 msahci - ok
    16:55:42.0694 7464 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    16:55:42.0696 7464 MSCSPTISRV - ok
    16:55:42.0701 7464 MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:55:42.0710 7464 MSCSPTISRVTapiSrvMSCSPTISRV - ok
    16:55:42.0785 7464 MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc - ok
    16:55:42.0851 7464 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    16:55:42.0872 7464 msdsm - ok
    16:55:42.0917 7464 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    16:55:42.0921 7464 MSDTC - ok
    16:55:43.0008 7464 MSDTCLanmanServer - ok
    16:55:43.0034 7464 MSDTCSharedAccess - ok
    16:55:43.0083 7464 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    16:55:43.0096 7464 Msfs - ok
    16:55:43.0191 7464 msftesql$SQLEXPRESS (54819fc5c79e4b2c6e896f9de440494d) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    16:55:43.0194 7464 msftesql$SQLEXPRESS - ok
    16:55:43.0198 7464 msftesql$SQLEXPRESSseclogon - ok
    16:55:43.0299 7464 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    16:55:43.0300 7464 msisadrv - ok
    16:55:43.0457 7464 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    16:55:43.0472 7464 MSiSCSI - ok
    16:55:43.0492 7464 MSiSCSIPACSPTISVR - ok
    16:55:43.0508 7464 MSiSCSISSScsiSVSENS - ok
    16:55:43.0544 7464 MSiSCSISSScsiSVSENSMSDTCSharedAccess - ok
    16:55:43.0560 7464 msiserver - ok
    16:55:43.0599 7464 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    16:55:43.0601 7464 MSKSSRV - ok
    16:55:43.0668 7464 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:55:43.0669 7464 MSPCLOCK - ok
    16:55:43.0726 7464 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    16:55:43.0727 7464 MSPQM - ok
    16:55:43.0775 7464 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    16:55:43.0779 7464 MsRPC - ok
    16:55:43.0893 7464 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:55:43.0894 7464 mssmbios - ok
    16:55:44.0009 7464 MSSQL$SQLEXPRESS - ok
    16:55:44.0030 7464 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    16:55:44.0031 7464 MSSQLServerADHelper - ok
    16:55:44.0038 7464 MSSQLServerADHelperIKEEXT - ok
    16:55:44.0109 7464 MSSQLServerADHelperMDM - ok
    16:55:44.0173 7464 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    16:55:44.0174 7464 MSTEE - ok
    16:55:44.0359 7464 msvsmon80 (211fc58c9dbd1f3a824e34023d16babc) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
    16:55:44.0505 7464 msvsmon80 - ok
    16:55:44.0605 7464 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    16:55:44.0607 7464 Mup - ok
    16:55:44.0649 7464 MySQL - ok
    16:55:44.0701 7464 MySQLmsftesql$SQLEXPRESS - ok
    16:55:44.0710 7464 MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay - ok
    16:55:44.0722 7464 MySQLWPDBusEnum - ok
    16:55:44.0758 7464 MySQLWPDBusEnumBITS - ok
    16:55:44.0772 7464 MySQLWPDBusEnumBITSDPSupnphostmsiserver - ok
    16:55:44.0781 7464 MySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
    16:55:44.0831 7464 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    16:55:44.0838 7464 napagent - ok
    16:55:44.0856 7464 napagentBFE - ok
    16:55:44.0894 7464 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    16:55:44.0897 7464 NativeWifiP - ok
    16:55:45.0069 7464 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    16:55:45.0178 7464 NDIS - ok
    16:55:45.0229 7464 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:55:45.0231 7464 NdisTapi - ok
    16:55:45.0274 7464 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:55:45.0285 7464 Ndisuio - ok
    16:55:45.0501 7464 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:55:45.0506 7464 NdisWan - ok
    16:55:45.0685 7464 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    16:55:45.0687 7464 NDProxy - ok
    16:55:45.0754 7464 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    16:55:45.0763 7464 NetBIOS - ok
    16:55:45.0862 7464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    16:55:45.0866 7464 netbt - ok
    16:55:45.0983 7464 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:55:45.0985 7464 Netlogon - ok
    16:55:45.0991 7464 NetlogonNetlogon - ok
    16:55:46.0121 7464 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    16:55:46.0124 7464 Netman - ok
    16:55:46.0259 7464 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    16:55:46.0262 7464 netprofm - ok
    16:55:46.0527 7464 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:55:46.0532 7464 NetTcpPortSharing - ok
    16:55:46.0629 7464 NetTcpPortSharingnvsvc - ok
    16:55:46.0638 7464 NetTcpPortSharingnvsvcSamSs - ok
    16:55:46.0651 7464 NetTcpPortSharingnvsvcWinmgmt - ok
    16:55:46.0666 7464 NetTcpPortSharingPcaSvcMMCSS - ok
    16:55:46.0851 7464 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    16:55:46.0885 7464 NETw3v32 - ok
    16:55:47.0007 7464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    16:55:47.0010 7464 nfrd960 - ok
    16:55:47.0130 7464 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    16:55:47.0133 7464 NlaSvc - ok
    16:55:47.0153 7464 NlaSvcSENSswprv - ok
    16:55:47.0172 7464 NlaSvcswprvCOMSysApp - ok
    16:55:47.0244 7464 NlaSvcwscsvcSCPolicySvc - ok
    16:55:47.0563 7464 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    16:55:47.0564 7464 Npfs - ok
    16:55:47.0667 7464 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    16:55:47.0669 7464 nsi - ok
    16:55:47.0743 7464 nsinapagentBFE - ok
    16:55:47.0767 7464 nsinapagentBFEDnscachewmiApSrv - ok
    16:55:47.0795 7464 nsinapagentBFEDnscachewmiApSrvupnphostmsiserver - ok
    16:55:47.0817 7464 nsinapagentBFETHREADORDER - ok
    16:55:47.0968 7464 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
    16:55:47.0988 7464 nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain - ok
    16:55:48.0158 7464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    16:55:48.0180 7464 nsiproxy - ok
    16:55:48.0209 7464 nsiSENSSysMain - ok
    16:55:48.0346 7464 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    16:55:48.0363 7464 Ntfs - ok
    16:55:48.0563 7464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    16:55:48.0564 7464 ntrigdigi - ok
    16:55:48.0607 7464 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    16:55:48.0619 7464 Null - ok
    16:55:49.0046 7464 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:55:49.0124 7464 nvlddmkm - ok
    16:55:49.0261 7464 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    16:55:49.0263 7464 nvraid - ok
    16:55:49.0295 7464 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    16:55:49.0297 7464 nvstor - ok
    16:55:49.0600 7464 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
    16:55:49.0605 7464 nvsvc - ok
    16:55:49.0612 7464 nvsvcNetTcpPortSharing - ok
    16:55:49.0631 7464 nvsvcNetTcpPortSharingW32Time - ok
    16:55:49.0657 7464 nvsvcNetTcpPortSharingW32TimeDPS - ok
    16:55:49.0677 7464 nvsvcW32Time - ok
    16:55:49.0703 7464 nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc - ok
    16:55:49.0898 7464 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    16:55:49.0932 7464 nvUpdatusService - ok
    16:55:50.0038 7464 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    16:55:50.0042 7464 nv_agp - ok
    16:55:50.0062 7464 NwlnkFlt - ok
    16:55:50.0097 7464 NwlnkFwd - ok
     
     
  12. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    TDSSKIller (rerun) log part 2 (o-z)

    16:55:50.0143 7464 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    16:55:50.0145 7464 ohci1394 - ok
    16:55:50.0196 7464 OracleJobSchedulerXE - ok
    16:55:50.0290 7464 OracleJobSchedulerXEShellHWDetectionupnphost - ok
    16:55:50.0325 7464 OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent - ok
    16:55:50.0344 7464 OracleMTSRecoveryService - ok
    16:55:50.0356 7464 OracleMTSRecoveryServiceCryptSvc - ok
    16:55:50.0375 7464 OracleServiceXE - ok
    16:55:50.0393 7464 OracleServiceXELanmanServer - ok
    16:55:50.0413 7464 OracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
    16:55:50.0427 7464 OracleServiceXEUxSms - ok
    16:55:50.0441 7464 OracleXEClrAgent - ok
    16:55:50.0451 7464 OracleXEClrAgentMpsSvc - ok
    16:55:50.0494 7464 OracleXEClrAgentswprvCOMSysApp - ok
    16:55:50.0516 7464 OracleXEClrAgentswprvCOMSysAppALGmsvsmon80 - ok
    16:55:50.0548 7464 OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:55:50.0589 7464 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    16:55:50.0595 7464 OracleXETNSListener - ok
    16:55:50.0668 7464 OracleXETNSListenerwudfsvc - ok
    16:55:50.0680 7464 OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS - ok
    16:55:50.0796 7464 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:55:50.0798 7464 ose - ok
    16:55:50.0810 7464 oseidsvcclr_optimization_v2.0.50727_32 - ok
    16:55:50.0842 7464 oseMMCSS - ok
    16:55:50.0853 7464 oseSstpSvcose - ok
    16:55:50.0875 7464 oseTermService - ok
    16:55:50.0895 7464 oseTermServicePlugPlay - ok
    16:55:51.0037 7464 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:55:51.0052 7464 p2pimsvc - ok
    16:55:51.0075 7464 p2pimsvcSSScsiSVSENS - ok
    16:55:51.0115 7464 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:55:51.0121 7464 p2psvc - ok
    16:55:51.0144 7464 p2psvcWerSvc - ok
    16:55:51.0153 7464 p2psvcWerSvcidsvcwcncsvc - ok
    16:55:51.0297 7464 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    16:55:51.0300 7464 PACSPTISVR - ok
    16:55:51.0312 7464 PACSPTISVR Back-End Service - ok
    16:55:51.0322 7464 PACSPTISVRAeLookupSvc - ok
    16:55:51.0653 7464 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
    16:55:51.0656 7464 Parport - ok
    16:55:51.0730 7464 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    16:55:51.0732 7464 partmgr - ok
    16:55:51.0827 7464 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
    16:55:51.0836 7464 Parvdm - ok
    16:55:51.0882 7464 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    16:55:51.0885 7464 PcaSvc - ok
    16:55:51.0894 7464 PcaSvcMMCSS - ok
    16:55:51.0957 7464 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    16:55:51.0960 7464 pci - ok
    16:55:52.0063 7464 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    16:55:52.0078 7464 pciide - ok
    16:55:52.0121 7464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    16:55:52.0124 7464 pcmcia - ok
    16:55:52.0171 7464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    16:55:52.0185 7464 PEAUTH - ok
    16:55:52.0440 7464 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    16:55:52.0465 7464 pla - ok
    16:55:52.0477 7464 plaAeLookupSvc - ok
    16:55:52.0619 7464 plaSSScsiSVwscsvc - ok
    16:55:52.0630 7464 plausnjsvcRasMan - ok
    16:55:52.0641 7464 plaWMPNetworkSvcehstart - ok
    16:55:52.0693 7464 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    16:55:52.0698 7464 PlugPlay - ok
    16:55:52.0797 7464 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:55:52.0805 7464 PNRPAutoReg - ok
    16:55:52.0836 7464 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    16:55:52.0841 7464 PNRPsvc - ok
    16:55:52.0853 7464 PNRPsvcNetlogon - ok
    16:55:52.0864 7464 PNRPsvcNetlogonDPSmsvsmon80 - ok
    16:55:52.0932 7464 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    16:55:52.0940 7464 PolicyAgent - ok
    16:55:53.0005 7464 PolicyAgentApache2 - ok
    16:55:53.0022 7464 PolicyAgentApache2SCPolicySvc - ok
    16:55:53.0112 7464 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    16:55:53.0114 7464 PptpMiniport - ok
    16:55:53.0164 7464 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    16:55:53.0165 7464 Processor - ok
    16:55:53.0252 7464 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    16:55:53.0256 7464 ProfSvc - ok
    16:55:53.0315 7464 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:55:53.0316 7464 ProtectedStorage - ok
    16:55:53.0323 7464 ProtectedStorageMcx2Svc - ok
    16:55:53.0331 7464 ProtectedStorageusnjsvc - ok
    16:55:53.0419 7464 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    16:55:53.0469 7464 PSched - ok
    16:55:53.0590 7464 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
    16:55:53.0593 7464 PxHelp20 - ok
    16:55:53.0615 7464 qcdonner - ok
    16:55:53.0711 7464 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    16:55:53.0727 7464 ql2300 - ok
    16:55:53.0832 7464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    16:55:53.0835 7464 ql40xx - ok
    16:55:53.0917 7464 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    16:55:53.0922 7464 QWAVE - ok
    16:55:54.0013 7464 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    16:55:54.0015 7464 QWAVEdrv - ok
    16:55:54.0073 7464 QWAVEWinDefend - ok
    16:55:54.0116 7464 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    16:55:54.0118 7464 RasAcd - ok
    16:55:54.0162 7464 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    16:55:54.0166 7464 RasAuto - ok
    16:55:54.0222 7464 RasAutoBITS - ok
    16:55:54.0233 7464 RasAutoBITSSCPolicySvc - ok
    16:55:54.0333 7464 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:55:54.0336 7464 Rasl2tp - ok
    16:55:54.0419 7464 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    16:55:54.0425 7464 RasMan - ok
    16:55:54.0649 7464 RasManmsiserver - ok
    16:55:54.0675 7464 RasManmsiserverMpsSvcNlaSvc - ok
    16:55:54.0690 7464 RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum - ok
    16:55:54.0715 7464 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:55:54.0716 7464 RasPppoe - ok
    16:55:54.0797 7464 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    16:55:54.0799 7464 RasSstp - ok
    16:55:54.0841 7464 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    16:55:54.0845 7464 rdbss - ok
    16:55:54.0965 7464 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:55:54.0967 7464 RDPCDD - ok
    16:55:55.0038 7464 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    16:55:55.0044 7464 rdpdr - ok
    16:55:55.0075 7464 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    16:55:55.0076 7464 RDPENCDD - ok
    16:55:55.0136 7464 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    16:55:55.0141 7464 RDPWD - ok
    16:55:55.0211 7464 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    16:55:55.0214 7464 RemoteAccess - ok
    16:55:55.0259 7464 RemoteAccessPNRPAutoReg - ok
    16:55:55.0310 7464 RemoteAccesswuauservSessionEnvWSearchwuauserv - ok
    16:55:55.0320 7464 RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain - ok
    16:55:55.0366 7464 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    16:55:55.0383 7464 RemoteRegistry - ok
    16:55:55.0390 7464 RemoteRegistryMSCSPTISRV - ok
    16:55:55.0399 7464 RemoteRegistryProfSvc - ok
    16:55:55.0519 7464 RemoteRegistryProfSvcRpcSsvdswercplsupport - ok
    16:55:55.0547 7464 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    16:55:55.0549 7464 RpcLocator - ok
    16:55:55.0616 7464 RpcLocatorMySQLmsftesql$SQLEXPRESS - ok
    16:55:55.0673 7464 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    16:55:55.0678 7464 RpcSs - ok
    16:55:55.0715 7464 RpcSsBrowser - ok
    16:55:55.0752 7464 RpcSsDnscachewmiApSrv - ok
    16:55:55.0767 7464 RpcSsvdswercplsupport - ok
    16:55:55.0787 7464 RpcSsvdswercplsupportMpsSvcSPTISRV - ok
    16:55:55.0805 7464 RpcSsvdswercplsupportMpsSvcSPTISRVALG - ok
    16:55:55.0863 7464 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    16:55:55.0865 7464 rspndr - ok
    16:55:55.0928 7464 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    16:55:55.0929 7464 RTL8023xp - ok
    16:55:55.0993 7464 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
    16:55:55.0995 7464 RTL8169 - ok
    16:55:56.0056 7464 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    16:55:56.0058 7464 SamSs - ok
    16:55:56.0126 7464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    16:55:56.0128 7464 sbp2port - ok
    16:55:56.0208 7464 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    16:55:56.0228 7464 SCardSvr - ok
    16:55:56.0283 7464 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    16:55:56.0296 7464 Schedule - ok
    16:55:56.0362 7464 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    16:55:56.0363 7464 SCPolicySvc - ok
    16:55:56.0383 7464 SCPolicySvcIrmon - ok
    16:55:56.0397 7464 SCPolicySvcWinDefendBFE - ok
    16:55:56.0592 7464 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    16:55:56.0595 7464 SDRSVC - ok
    16:55:56.0649 7464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:55:56.0650 7464 secdrv - ok
    16:55:56.0759 7464 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    16:55:56.0762 7464 seclogon - ok
    16:55:56.0789 7464 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    16:55:56.0794 7464 SENS - ok
    16:55:56.0801 7464 SENSswprv - ok
    16:55:56.0832 7464 SENSswprvwercplsupport - ok
    16:55:56.0843 7464 SENSswprvwercplsupportBITSslsvc - ok
    16:55:56.0863 7464 SENSswprvWinHttpAutoProxySvc - ok
    16:55:56.0878 7464 SENSSysMain - ok
    16:55:56.0897 7464 SENSSysMainSQLWriterWecsvc - ok
    16:55:56.0921 7464 SENSSysMainWdiServiceHost - ok
    16:55:56.0931 7464 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS - ok
    16:55:56.0940 7464 SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV - ok
    16:55:56.0993 7464 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    16:55:56.0995 7464 Serenum - ok
    16:55:57.0107 7464 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    16:55:57.0124 7464 Serial - ok
    16:55:57.0154 7464 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    16:55:57.0156 7464 sermouse - ok
    16:55:57.0229 7464 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    16:55:57.0233 7464 SessionEnv - ok
    16:55:57.0314 7464 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    16:55:57.0327 7464 sffdisk - ok
    16:55:57.0356 7464 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    16:55:57.0369 7464 sffp_mmc - ok
    16:55:57.0467 7464 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    16:55:57.0468 7464 sffp_sd - ok
    16:55:57.0634 7464 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    16:55:57.0636 7464 sfloppy - ok
    16:55:57.0730 7464 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    16:55:57.0735 7464 SharedAccess - ok
    16:55:57.0753 7464 SharedAccessAppinfo - ok
    16:55:57.0797 7464 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    16:55:57.0802 7464 ShellHWDetection - ok
    16:55:57.0809 7464 ShellHWDetectionnetprofm - ok
    16:55:57.0820 7464 ShellHWDetectionPlugPlay - ok
    16:55:57.0828 7464 ShellHWDetectionProfSvc - ok
    16:55:57.0864 7464 ShellHWDetectionupnphost - ok
    16:55:57.0876 7464 ShellHWDetectionupnphostpla - ok
    16:55:57.0903 7464 ShellHWDetectionW32TimefdPHostUI0Detect - ok
    16:55:57.0952 7464 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    16:55:57.0954 7464 sisagp - ok
    16:55:58.0026 7464 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    16:55:58.0027 7464 SiSRaid2 - ok
    16:55:58.0066 7464 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    16:55:58.0081 7464 SiSRaid4 - ok
    16:55:58.0209 7464 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    16:55:58.0265 7464 slsvc - ok
    16:55:58.0381 7464 slsvcWecsvc - ok
    16:55:58.0441 7464 slsvcWLSetupSvcWlansvcWinDefend - ok
    16:55:58.0540 7464 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    16:55:58.0543 7464 SLUINotify - ok
    16:55:58.0575 7464 SLUINotifyWdiServiceHost - ok
    16:55:58.0624 7464 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    16:55:58.0626 7464 Smb - ok
    16:55:58.0742 7464 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    16:55:58.0745 7464 SNMPTRAP - ok
    16:55:58.0879 7464 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    16:55:58.0882 7464 SonicStage Back-End Service - ok
    16:55:58.0990 7464 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    16:55:58.0992 7464 spldr - ok
    16:55:59.0042 7464 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    16:55:59.0046 7464 Spooler - ok
    16:55:59.0067 7464 SpoolerPlugPlay - ok
    16:55:59.0168 7464 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\Windows\system32\Drivers\sptd.sys
    16:55:59.0168 7464 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
    16:55:59.0170 7464 sptd ( LockedFile.Multi.Generic ) - warning
    16:55:59.0170 7464 sptd - detected LockedFile.Multi.Generic (1)
    16:55:59.0266 7464 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    16:55:59.0268 7464 SPTISRV - ok
    16:55:59.0369 7464 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    16:55:59.0378 7464 SQLBrowser - ok
    16:55:59.0483 7464 SQLBrowserUI0Detect - ok
    16:55:59.0695 7464 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    16:55:59.0696 7464 SQLWriter - ok
    16:55:59.0710 7464 SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify - ok
    16:55:59.0731 7464 SQLWriterWecsvc - ok
    16:55:59.0752 7464 SQLWriterWecsvcBITSSENSSysMain - ok
    16:55:59.0766 7464 SQLWriterWecsvcBITSSENSSysMainCOMSysApp - ok
    16:55:59.0790 7464 SQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
    16:55:59.0800 7464 SQLWriterWecsvcupnphostmsiserver - ok
    16:55:59.0863 7464 SQLWriterWecsvcupnphostmsiserver Back-End Service - ok
    16:55:59.0968 7464 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    16:55:59.0973 7464 srv - ok
    16:56:00.0023 7464 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    16:56:00.0026 7464 srv2 - ok
    16:56:00.0056 7464 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    16:56:00.0058 7464 srvnet - ok
    16:56:00.0146 7464 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    16:56:00.0151 7464 SSDPSRV - ok
    16:56:00.0163 7464 SSDPSRVMMCSS - ok
    16:56:00.0174 7464 SSDPSRVProfSvc - ok
    16:56:00.0315 7464 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    16:56:00.0318 7464 SSScsiSV - ok
    16:56:00.0588 7464 SSScsiSVSENS - ok
    16:56:00.0616 7464 SSScsiSVSENSTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:56:00.0624 7464 SSScsiSVTabletInputService - ok
    16:56:00.0634 7464 SSScsiSVwscsvc - ok
    16:56:00.0643 7464 SSScsiSVwscsvcMpsSvc - ok
    16:56:00.0702 7464 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    16:56:00.0706 7464 SstpSvc - ok
    16:56:00.0721 7464 SstpSvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc - ok
    16:56:00.0741 7464 SstpSvcose - ok
    16:56:00.0760 7464 SstpSvcoseSPTISRV - ok
    16:56:00.0777 7464 SstpSvcoseSPTISRVApache2 - ok
    16:56:00.0798 7464 SstpSvcoseSPTISRVApache2EventSystemMSiSCSI - ok
    16:56:00.0805 7464 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc - ok
    16:56:00.0836 7464 SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla - ok
    16:56:00.0883 7464 SstpSvcoseSPTISRVDhcp - ok
    16:56:00.0892 7464 SstpSvcoseSPTISRVDhcphidserv - ok
    16:56:00.0910 7464 SstpSvcoseSPTISRVDhcphidservAppinfoBFEWPDBusEnum - ok
    16:56:00.0930 7464 SstpSvcoseSPTISRVusnjsvc - ok
    16:56:00.0939 7464 SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan - ok
    16:56:00.0978 7464 Stereo Service (a54900b66ba2229dde37a80fdc572328) C:\Windows\System32\nvSCPAPISvr.exe
    16:56:00.0983 7464 Stereo Service - ok
    16:56:01.0051 7464 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    16:56:01.0056 7464 stisvc - ok
    16:56:01.0190 7464 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    16:56:01.0191 7464 swenum - ok
    16:56:01.0301 7464 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    16:56:01.0308 7464 swprv - ok
    16:56:01.0549 7464 swprvCOMSysApp - ok
    16:56:01.0561 7464 swprvFontCache3.0.0.0 - ok
    16:56:01.0708 7464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    16:56:01.0710 7464 Symc8xx - ok
    16:56:01.0765 7464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    16:56:01.0767 7464 Sym_hi - ok
    16:56:01.0822 7464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    16:56:01.0824 7464 Sym_u3 - ok
    16:56:01.0901 7464 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    16:56:01.0908 7464 SysMain - ok
    16:56:01.0961 7464 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    16:56:01.0964 7464 TabletInputService - ok
    16:56:02.0029 7464 TabletInputServiceWinDefendBFEAppinfoBFEnapagent - ok
    16:56:02.0082 7464 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    16:56:02.0088 7464 TapiSrv - ok
    16:56:02.0112 7464 TapiSrvDcomLaunch - ok
    16:56:02.0163 7464 TapiSrvDcomLaunchNetTcpPortSharing - ok
    16:56:02.0193 7464 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
    16:56:02.0217 7464 TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnumBITSslsvcAppinfoBFEWPDBusEnum - ok
    16:56:02.0241 7464 TapiSrvMSCSPTISRV - ok
    16:56:02.0253 7464 TapiSrvMSCSPTISRVhkmsvc - ok
    16:56:02.0308 7464 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    16:56:02.0311 7464 TBS - ok
    16:56:02.0550 7464 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    16:56:02.0567 7464 Tcpip - ok
    16:56:02.0625 7464 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    16:56:02.0632 7464 Tcpip6 - ok
    16:56:02.0685 7464 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    16:56:02.0687 7464 tcpipreg - ok
    16:56:02.0773 7464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    16:56:02.0793 7464 TDPIPE - ok
    16:56:02.0828 7464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    16:56:02.0830 7464 TDTCP - ok
    16:56:02.0899 7464 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    16:56:02.0901 7464 tdx - ok
    16:56:02.0975 7464 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    16:56:02.0976 7464 TermDD - ok
    16:56:03.0022 7464 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    16:56:03.0027 7464 TermService - ok
    16:56:03.0080 7464 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    16:56:03.0083 7464 Themes - ok
    16:56:03.0090 7464 ThemesNetTcpPortSharing - ok
    16:56:03.0102 7464 ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc - ok
    16:56:03.0113 7464 ThemesTrustedInstallerWinmgmt - ok
    16:56:03.0163 7464 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    16:56:03.0164 7464 THREADORDER - ok
    16:56:03.0220 7464 THREADORDEREventSystemwscsvcmsvsmon80 - ok
    16:56:03.0239 7464 THREADORDEREventSystemwscsvcmsvsmon80MSiSCSISSScsiSVSENS - ok
    16:56:03.0251 7464 THREADORDERMpsSvc - ok
    16:56:03.0276 7464 THREADORDEROracleXEClrAgent - ok
    16:56:03.0302 7464 tng-doba - ok
    16:56:03.0356 7464 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    16:56:03.0360 7464 TrkWks - ok
    16:56:03.0634 7464 TrkWksmsvsmon80 - ok
    16:56:03.0646 7464 TrkWksmsvsmon80RpcLocator - ok
    16:56:03.0681 7464 TrkWksmsvsmon80SSDPSRVMMCSS - ok
    16:56:03.0756 7464 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    16:56:03.0758 7464 TrustedInstaller - ok
    16:56:03.0786 7464 TrustedInstallerWinmgmt - ok
    16:56:03.0797 7464 TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time - ok
    16:56:03.0882 7464 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:56:03.0902 7464 tssecsrv - ok
    16:56:03.0951 7464 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    16:56:03.0953 7464 tunmp - ok
    16:56:04.0010 7464 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    16:56:04.0011 7464 tunnel - ok
    16:56:04.0074 7464 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    16:56:04.0076 7464 uagp35 - ok
    16:56:04.0172 7464 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    16:56:04.0177 7464 udfs - ok
    16:56:04.0237 7464 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    16:56:04.0240 7464 UI0Detect - ok
    16:56:04.0265 7464 UI0DetectDFSR - ok
    16:56:04.0337 7464 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    16:56:04.0360 7464 uliagpkx - ok
    16:56:04.0455 7464 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    16:56:04.0459 7464 uliahci - ok
    16:56:04.0571 7464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    16:56:04.0574 7464 UlSata - ok
    16:56:04.0719 7464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    16:56:04.0722 7464 ulsata2 - ok
    16:56:04.0791 7464 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    16:56:04.0792 7464 umbus - ok
    16:56:04.0845 7464 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    16:56:04.0852 7464 upnphost - ok
    16:56:04.0904 7464 upnphostmsiserver - ok
    16:56:04.0925 7464 upnphostmsiserverOracleServiceXEMySQLmsftesql$SQLEXPRESS - ok
    16:56:05.0025 7464 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    16:56:05.0028 7464 usbaudio - ok
    16:56:05.0080 7464 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:56:05.0082 7464 usbccgp - ok
    16:56:05.0185 7464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    16:56:05.0188 7464 usbcir - ok
    16:56:05.0239 7464 UsbDiag - ok
    16:56:05.0344 7464 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:56:05.0346 7464 usbehci - ok
    16:56:05.0522 7464 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    16:56:05.0526 7464 usbhub - ok
    16:56:05.0569 7464 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    16:56:05.0570 7464 usbohci - ok
    16:56:05.0656 7464 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    16:56:05.0657 7464 usbprint - ok
    16:56:05.0703 7464 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    16:56:05.0705 7464 usbscan - ok
    16:56:05.0820 7464 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:56:05.0822 7464 USBSTOR - ok
    16:56:05.0879 7464 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:56:05.0881 7464 usbuhci - ok
    16:56:05.0968 7464 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
    16:56:05.0972 7464 usnjsvc - ok
    16:56:06.0031 7464 usnjsvcRasMan - ok
    16:56:06.0057 7464 usnjsvcRasManFontCache3.0.0.0 - ok
    16:56:06.0067 7464 usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
    16:56:06.0086 7464 usnjsvcRasManhkmsvc - ok
    16:56:06.0133 7464 usnjsvcRasManMMCSS - ok
    16:56:06.0147 7464 usnjsvcRasManMMCSSPNRPsvc - ok
    16:56:06.0155 7464 usnjsvcRasMannsinapagentBFE - ok
    16:56:06.0167 7464 usnjsvcSNMPTRAP - ok
    16:56:06.0186 7464 usnjsvcTapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum - ok
    16:56:06.0231 7464 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    16:56:06.0234 7464 UxSms - ok
    16:56:06.0271 7464 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    16:56:06.0280 7464 vds - ok
    16:56:06.0304 7464 vdsMSCSPTISRV - ok
    16:56:06.0327 7464 vdswercplsupport - ok
    16:56:06.0346 7464 vdswercplsupportWerSvc - ok
    16:56:06.0450 7464 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:56:06.0452 7464 vga - ok
    16:56:06.0657 7464 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    16:56:06.0659 7464 VgaSave - ok
    16:56:06.0698 7464 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    16:56:06.0703 7464 viaagp - ok
    16:56:06.0759 7464 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    16:56:06.0761 7464 ViaC7 - ok
    16:56:06.0886 7464 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    16:56:06.0887 7464 viaide - ok
    16:56:06.0942 7464 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    16:56:06.0944 7464 volmgr - ok
    16:56:06.0993 7464 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    16:56:06.0999 7464 volmgrx - ok
    16:56:07.0093 7464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    16:56:07.0112 7464 volsnap - ok
    16:56:07.0195 7464 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    16:56:07.0199 7464 vsmraid - ok
    16:56:07.0283 7464 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    16:56:07.0303 7464 VSS - ok
    16:56:07.0310 7464 VSSMcx2Svc - ok
    16:56:07.0573 7464 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    16:56:07.0586 7464 vToolbarUpdater10.2.0 - ok
    16:56:07.0679 7464 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    16:56:07.0687 7464 W32Time - ok
    16:56:07.0707 7464 W32TimefdPHost - ok
    16:56:07.0716 7464 W32TimefdPHostUI0Detect - ok
    16:56:07.0727 7464 W32Timeoseidsvcclr_optimization_v2.0.50727_32 - ok
    16:56:07.0757 7464 W32Timep2pimsvc - ok
    16:56:07.0821 7464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    16:56:07.0823 7464 WacomPen - ok
    16:56:07.0871 7464 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:56:07.0875 7464 Wanarp - ok
    16:56:07.0883 7464 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:56:07.0884 7464 Wanarpv6 - ok
    16:56:07.0995 7464 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    16:56:07.0999 7464 wcncsvc - ok
    16:56:08.0019 7464 wcncsvcnapagentBFE - ok
    16:56:08.0036 7464 wcncsvcnapagentBFEMySQLWPDBusEnumSCPolicySvcWinDefendBFE - ok
    16:56:08.0069 7464 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    16:56:08.0072 7464 WcsPlugInService - ok
    16:56:08.0219 7464 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    16:56:08.0220 7464 Wd - ok
    16:56:08.0384 7464 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    16:56:08.0395 7464 Wdf01000 - ok
    16:56:08.0468 7464 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    16:56:08.0473 7464 WdiServiceHost - ok
    16:56:08.0588 7464 WdiServiceHostCryptSvc - ok
    16:56:08.0631 7464 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    16:56:08.0633 7464 WdiSystemHost - ok
    16:56:08.0640 7464 WdiSystemHostRasManmsiserver - ok
    16:56:08.0755 7464 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    16:56:08.0764 7464 WebClient - ok
    16:56:08.0776 7464 WebClientIPBusEnum - ok
    16:56:08.0882 7464 WebClientIPBusEnumEventSystemwscsvc - ok
    16:56:09.0003 7464 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    16:56:09.0009 7464 Wecsvc - ok
    16:56:09.0129 7464 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    16:56:09.0132 7464 wercplsupport - ok
    16:56:09.0186 7464 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    16:56:09.0190 7464 WerSvc - ok
    16:56:09.0214 7464 WinDefendBFE - ok
    16:56:09.0221 7464 WinDefendBFEAppinfoBFE - ok
    16:56:09.0238 7464 WinDefendBFEAppinfoBFEnapagent - ok
    16:56:09.0258 7464 WinDefendBFENlaSvc - ok
    16:56:09.0269 7464 WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc - ok
    16:56:09.0278 7464 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg - ok
    16:56:09.0304 7464 WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart - ok
    16:56:09.0319 7464 WinDefendusnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc - ok
    16:56:09.0337 7464 WinHttpAutoProxySvc - ok
    16:56:09.0356 7464 WinHttpAutoProxySvcAeLookupSvcMDM - ok
    16:56:09.0378 7464 WinHttpAutoProxySvcAeLookupSvcMDMSpooler - ok
    16:56:09.0478 7464 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    16:56:09.0481 7464 Winmgmt - ok
    16:56:09.0697 7464 WinmgmtusnjsvcRasManFontCache3.0.0.0 - ok
    16:56:09.0769 7464 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    16:56:09.0792 7464 WinRM - ok
    16:56:09.0943 7464 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    16:56:09.0964 7464 Wlansvc - ok
    16:56:09.0993 7464 WlansvcWinDefend - ok
    16:56:10.0008 7464 WlansvcWinDefendBFE - ok
    16:56:10.0029 7464 WlansvcWinDefendKService - ok
    16:56:10.0044 7464 WlansvcWinDefendKServiceOracleXEClrAgent - ok
    16:56:10.0156 7464 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    16:56:10.0185 7464 WLSetupSvc - ok
    16:56:10.0264 7464 WLSetupSvcWecsvc - ok
    16:56:10.0288 7464 WLSetupSvcWlansvcWinDefend - ok
    16:56:10.0347 7464 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    16:56:10.0349 7464 WmiAcpi - ok
    16:56:10.0631 7464 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    16:56:10.0634 7464 wmiApSrv - ok
    16:56:10.0647 7464 wmiApSrvMcx2SvcShellHWDetectionupnphostpla - ok
    16:56:10.0754 7464 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:56:10.0771 7464 WMPNetworkSvc - ok
    16:56:10.0832 7464 WMPNetworkSvcehstart - ok
    16:56:10.0878 7464 WMPNetworkSvcMpsSvc - ok
    16:56:10.0931 7464 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    16:56:10.0934 7464 WPCSvc - ok
    16:56:10.0950 7464 WPCSvcPNRPAutoReg - ok
    16:56:10.0972 7464 WPCSvcWinDefend - ok
    16:56:11.0015 7464 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    16:56:11.0019 7464 WPDBusEnum - ok
    16:56:11.0032 7464 WPDBusEnumnsi - ok
    16:56:11.0211 7464 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    16:56:11.0218 7464 WPFFontCache_v0400 - ok
    16:56:11.0319 7464 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:56:11.0320 7464 ws2ifsl - ok
    16:56:11.0348 7464 wscsvcPNRPsvc - ok
    16:56:11.0356 7464 wscsvcPNRPsvcALG - ok
    16:56:11.0366 7464 wscsvcSCPolicySvc - ok
    16:56:11.0376 7464 wscsvcTBS - ok
    16:56:11.0435 7464 WSearch - ok
    16:56:11.0470 7464 WSearchnapagent - ok
    16:56:11.0493 7464 WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing - ok
    16:56:11.0518 7464 WSearchnapagentplaAeLookupSvc - ok
    16:56:11.0531 7464 WSearchwuauserv - ok
    16:56:11.0635 7464 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    16:56:11.0694 7464 wuauserv - ok
    16:56:11.0708 7464 wuauservSessionEnv - ok
    16:56:11.0765 7464 wuauservSessionEnvWSearchwuauserv - ok
    16:56:11.0799 7464 wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing - ok
    16:56:11.0852 7464 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:56:11.0855 7464 WUDFRd - ok
    16:56:11.0924 7464 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    16:56:11.0928 7464 wudfsvc - ok
    16:56:11.0989 7464 wudfsvcSLUINotifyWdiServiceHost - ok
    16:56:12.0033 7464 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    16:56:12.0077 7464 \Device\Harddisk0\DR0 - ok
    16:56:12.0082 7464 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
    16:56:12.0087 7464 \Device\Harddisk5\DR5 - ok
    16:56:12.0091 7464 Boot (0x1200) (ff2cee352b268cc0fdac41e32597d60b) \Device\Harddisk0\DR0\Partition0
    16:56:12.0092 7464 \Device\Harddisk0\DR0\Partition0 - ok
    16:56:12.0108 7464 Boot (0x1200) (93b101edb4ff84b618f3083ccaf20a56) \Device\Harddisk0\DR0\Partition1
    16:56:12.0125 7464 \Device\Harddisk0\DR0\Partition1 - ok
    16:56:12.0129 7464 Boot (0x1200) (f5ec6de948f37db8ebe4aa6c0a0054ac) \Device\Harddisk5\DR5\Partition0
    16:56:12.0133 7464 \Device\Harddisk5\DR5\Partition0 - ok
    16:56:12.0134 7464 ============================================================
    16:56:12.0134 7464 Scan finished
    16:56:12.0134 7464 ============================================================
    16:56:12.0154 7444 Detected object count: 1
    16:56:12.0154 7444 Actual detected object count: 1
    16:56:18.0065 7444 sptd ( LockedFile.Multi.Generic ) - skipped by user
    16:56:18.0065 7444 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  13. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good :)

    Post new aswMBR log.
     
  14. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    MBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-11 17:12:30
    -----------------------------
    17:12:30.524 OS Version: Windows 6.0.6002 Service Pack 2
    17:12:30.524 Number of processors: 2 586 0xF0D
    17:12:30.525 ComputerName: STEVE-PC UserName: Steve
    17:13:01.098 Initialize success
    17:13:08.804 AVAST engine defs: 12041002
    17:13:56.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    17:13:56.293 Disk 0 Vendor: HDT722525DLA380 V44OA9BA Size: 238475MB BusType: 3
    17:13:56.308 Disk 0 MBR read successfully
    17:13:56.311 Disk 0 MBR scan
    17:13:56.315 Disk 0 Windows VISTA default MBR code
    17:13:56.322 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
    17:13:56.335 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
    17:13:56.365 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231473 MB offset 14338048
    17:13:56.391 Disk 0 scanning sectors +488394752
    17:13:56.452 Disk 0 scanning C:\Windows\system32\drivers
    17:14:15.476 Service scanning
    17:14:36.335 Service FXDrv32 E:\FXDrv32.sys **LOCKED** 21
    17:15:30.332 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    17:15:49.550 Modules scanning
    17:16:18.014 Disk 0 trace - called modules:
    17:16:18.045 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84d391e8]<<
    17:16:18.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85972ac8]
    17:16:18.056 3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x857205d8]
    17:16:18.061 5 acpi.sys[8079f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85715390]
    17:16:18.067 \Driver\atapi[0x8570f030] -> IRP_MJ_CREATE -> 0x84d391e8
    17:16:19.644 AVAST engine scan C:\Windows
    17:16:34.319 AVAST engine scan C:\Windows\system32
    17:23:57.830 AVAST engine scan C:\Windows\system32\drivers
    17:24:34.905 AVAST engine scan C:\Users\Steve
    18:13:51.506 File: C:\Users\Steve\AppData\Local\Temp\Low\jar_cache3594.tmp **INFECTED** Win32:Kryptik-HEY [Trj]
    20:31:42.755 AVAST engine scan C:\ProgramData
    20:44:47.936 Scan finished successfully
    20:45:53.450 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    20:45:53.459 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
     
  15. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    ComboFix log

    ComboFix 12-04-11.03 - Steve 12/04/2012 9:19.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2212 [GMT 1:00]
    Running from: c:\users\Steve\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\NOTEPAD.EXE-x.txt
    c:\programdata\RUNDLL32.EXE-x.txt
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc106A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10F7.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1132.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1289.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc128B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1410.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc14BB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1607.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17F6.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1885.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1900.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B8E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BFC.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C87.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D9.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EE8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2006.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc21F5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2223.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2232.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22EF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc233B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2458.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2695.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc26B5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc280D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc28E6.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2944.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2963.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AF9.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BB4.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C35.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F8C.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3066.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc341F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3623.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A44.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CC.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E69.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F89.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc400E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc409C.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc40A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4443.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc453D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc453E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47DB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc482A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc482B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4869.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4914.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49C1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49EF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B48.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CA0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F5D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc517D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc523A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc52B5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5328.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5370.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5544.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5595.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55E1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5729.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5766.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5775.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc591D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59B8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A44.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D8E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc602F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6451.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc677F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CA.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6E90.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EEB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7023.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7448.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7718.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77E1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc780F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc78CB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc79B4.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ACD.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D6C.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7EF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8345.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83D3.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85A6.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8670.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc869F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc878E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AC5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B04.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8BDD.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C1D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DD0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E1F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9090.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91C6.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc93A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94E2.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9502.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc953F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc958F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc984.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9906.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99A5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A26.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9AFA.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B67.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D5A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E34.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E92.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9EF0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA028.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3A6.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA527.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA749.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA825.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA28.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAC5.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB3F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABFA.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD32.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD61.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAEC8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAFE0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB0AD.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1F3.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4A1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB658.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB694.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB751.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB77F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB85A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB934.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCCC.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE33.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFD.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFA9.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC008.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0D2.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC209.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3CE.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC479.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6AB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC71.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB0E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB6E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD52.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF15.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF59.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF81.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCFE.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0E8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0F7.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD10.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD126.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD30B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD367.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD425.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD4F1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7AE.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD9D1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB95.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBF1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF1B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF49.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE14F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE1CB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE227.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE265.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE33F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE410.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE497.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4A8.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE727.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE745.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE800.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE810.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8DF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE93.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB9A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC35.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECF0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEF50.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF174.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF24D.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF28B.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D4.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3E2.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF46F.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF54A.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF663.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6F0.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF72E.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF73C.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF74C.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF856.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9EB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFA67.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAF7.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBD.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBFF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD64.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD83.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDE1.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEAB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEF.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFB.tmp
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFFC4.tmp
    c:\windows\$NtUninstallKB59839$
    c:\windows\$NtUninstallKB59839$\2289590727\L\xtqaoywe
    c:\windows\iun6002.exe
    c:\windows\system32\269630729.dat
    c:\windows\system32\3870957726.dat
    c:\windows\system32\dds_trash_log.cmd
    L:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVE
    -------\Service_Apache2slsvc
    -------\Service_BITSslsvcAppinfoBFEWPDBusEnum
    -------\Service_BITSslsvcp2pimsvcupnphostmsiserver
    -------\Service_BrlAPIEventSystemwscsvcmsvsmon80
    -------\Service_DPSupnphostmsiserverThemesNetTcpPortSharing
    -------\Service_IDriverTBrowserSQLBrowserProtectedStorageusnjsvc
    -------\Service_lltdsvcSQLWriterSstpSvcoseSPTISRV
    -------\Service_lltdsvcSQLWriterSstpSvcoseSPTISRVplaOracleXETNSListenerwudfsvc
    -------\Service_Mcx2SvcShellHWDetectionupnphostplaMMCSSWdiSystemHostnvsvc
    -------\Service_Mcx2SvcTHREADORDERusnjsvcRasManFontCache3.0.0.0
    -------\Service_Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDMNlaSvcSENSswprv
    -------\Service_MpsSvcNlaSvcCertPropSvc
    -------\Service_MpsSvcSCPolicySvclmhostshkmsvc
    -------\Service_MSCSPTISRVTapiSrvMSCSPTISRVSENSSysMainSQLWriterWecsvc
    -------\Service_MSiSCSISSScsiSVSENSMSDTCSharedAccess
    -------\Service_MySQLmsftesql$SQLEXPRESS
    -------\Service_MySQLWPDBusEnumBITS
    -------\Service_nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify
    -------\Service_nvsvcNetTcpPortSharingW32TimeDPS
    -------\Service_nvsvcW32TimeSstpSvcoseSPTISRVusnjsvc
    -------\Service_OracleJobSchedulerXEShellHWDetectionupnphost
    -------\Service_OracleServiceXELanmanServer
    -------\Service_OracleXEClrAgentswprvCOMSysAppALGmsvsmon80
    -------\Service_OracleXETNSListenerwudfsvc
    -------\Service_oseTermServicePlugPlay
    -------\Service_RasManmsiserverMpsSvcNlaSvcAppinfoBFEWPDBusEnum
    -------\Service_RemoteRegistryProfSvcRpcSsvdswercplsupport
    -------\Service_RpcSsvdswercplsupportMpsSvcSPTISRV
    -------\Service_SENSSysMainSQLWriterWecsvc
    -------\Service_SQLBrowserUI0Detect
    -------\Service_SQLWriterWecsvcBITSSENSSysMain
    -------\Service_SQLWriterWecsvcupnphostmsiserver Back-End Service
    -------\Service_SSScsiSVSENS
    -------\Service_SstpSvcoseSPTISRV
    -------\Service_SstpSvcoseSPTISRVApache2EventSystemMSiSCSI
    -------\Service_SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvcMcx2SvcShellHWDetectionupnphostpla
    -------\Service_TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum
    -------\Service_usnjsvc
    -------\Service_usnjsvcRasMan
    -------\Service_usnjsvcRasManMMCSSPNRPsvc
    -------\Service_vdswercplsupportWerSvc
    -------\Service_WinDefendBFE
    -------\Service_WinDefendBFEAppinfoBFEnapagent
    -------\Service_WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoRegehstart
    -------\Service_WLSetupSvcWecsvc
    -------\Service_WSearchnapagentDPSupnphostmsiserverThemesNetTcpPortSharing
    -------\Service_wuauservSessionEnvWSearchwuauservTapiSrvDcomLaunchNetTcpPortSharing
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-12 08:38 . 2012-04-12 08:41 -------- d-----w- c:\users\Steve\AppData\Local\temp
    2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-12 08:38 . 2012-04-12 08:38 -------- d-----w- c:\users\Linda\AppData\Local\temp
    2012-04-12 01:00 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-12 01:00 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-12 00:44 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-04-11 15:37 . 2012-04-11 15:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-10 15:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-06 14:29 . 2012-04-06 14:29 -------- d-----w- c:\program files\iPod
    2012-04-06 14:29 . 2012-04-06 14:31 -------- d-----w- c:\program files\iTunes
    2012-04-01 12:02 . 2012-04-01 12:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-17 17:58 . 2012-03-17 17:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-17 17:58 . 2012-03-17 17:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-03-14 12:57 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 12:57 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 12:57 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 12:57 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 12:57 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:57 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 12:54 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 12:54 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 12:20 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-13 12:20 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 15:40 . 2008-07-23 11:17 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-04-01 12:18 . 2011-05-14 06:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-17 17:58 . 2011-04-30 17:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "Skytel"="Skytel.exe" [2007-04-04 1822720]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]
    SDK Tray Menu.lnk - c:\program files\Java\jdk1.6.0_03\bin\javaw.exe [2007-12-21 135168]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-15 303104]
    Monitor Apache Servers.lnk - c:\web\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-14 608584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nnnv0.13162810356833832.exe.lnk]
    path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnnv0.13162810356833832.exe.lnk
    backup=c:\windows\pss\nnnv0.13162810356833832.exe.lnk.Startup
    backupExtension=.Startup
    .
    R2 AeLookupSvcMDM;Application Experience AeLookupSvcMDM;o% srv [x]
    R2 AeLookupSvcMDMCryptSvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMCryptSvc;c:\windows\system32\adsmsexto.exe [x]
    R2 AeLookupSvcMDMehRecvr;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr;c:\windows\system32\adsmsexto.exe [x]
    R2 AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01;€û srv [x]
    R2 AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrhkmsvcQWAVE AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso;€û srv [x]
    R2 AeLookupSvcMDMehRecvrW32Timep2pimsvc;Application Experience AeLookupSvcMDM AeLookupSvcMDMehRecvr AeLookupSvcMDMehRecvrW32Timep2pimsvc;€s/ srv [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    elagopro
    qcdonner
    MXOPSWD
    fallback
    ANC
    ser2pl
    DCamUSBGrandTek
    cobbmservice
    sandradatasrv
    mclserviceatl
    cmudau
    imonitor
    changer
    WinVd32
    SNC
    naveng
    dwmrcs
    bwsvc
    vci
    tosrfnds
    iomegaaccess
    nbservice
    zenos1
    lvuvc
    alcxsens
    cbidf2k
    pptchpad
    se2Cunic
    savrt
    wusb54gv2svc
    RR2Mjpeg
    nuvaud2
    vpctcom
    ulcdrhlp
    savscan
    netw4x32
    mfcom
    lvselsus
    DcPTP
    atmarpc
    tng-doba
    firesvc
    UsbDiag
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: localhost
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
    FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...showthread.php?p=1166386&posted=1#post1166386
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc85cb29a-10cf-4480-9a00-01060b6e0c30%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2018%3A58%3A59&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
    HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    HKU-Default-RunServices-Win32Update - c:\windows\system32\adsmsexto.exe
    SafeBoot-07378305.sys
    AddRemove-LDraw2006 3rd Quarter - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-12 09:45
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESS]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDM]
    "ImagePath"="o% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvcMDMehRecvrW32Timep2pimsvc]
    "ImagePath"="€s/ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilderMSDTCLanmanServer]
    "ImagePath"="àq% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFEDPSmsvsmon80]
    "ImagePath"="@p\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcAppinfoBFEWPDBusEnumehSched]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverBrowser]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvc]
    "ImagePath"="0q& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvchidserv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcPACSPTISVR]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcSLUINotifynvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSRWinHttpAutoProxySvc]
    "ImagePath"="o# srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svcSpooler]
    "ImagePath"="Øo\1b srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSmsvsmon80IDriverTBrowser]
    "ImagePath"="àq\15 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSupnphostmsiserver]
    "ImagePath"="øo` srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHostTBS]
    "ImagePath"="øo\1b srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmtplaWMPNetworkSvcehstart]
    "ImagePath"="¨p srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemMSiSCSI]
    "ImagePath"="@p) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80]
    "ImagePath"="Èp% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost]
    "ImagePath"="w) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvcQWAVE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverTBrowser]
    "ImagePath"="øo# srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvcwcncsvc]
    "ImagePath"="(o\1a srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXTehstart]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvciphlpsvc]
    "ImagePath"="(o\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcPolicyAgent]
    "ImagePath"="Øo* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IrmonShellHWDetection]
    "ImagePath"="¨p\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmp2pimsvc]
    "ImagePath"="xq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmTapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServerfdPHostUI0DetectDFSR]
    "ImagePath"="@p+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcidsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcSQLWriter]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2SvcDhcp]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHost]
    "ImagePath"="øo* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHostnvsvc]
    "ImagePath"="àq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcBrlAPI]
    "ImagePath"="(oa srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="àq! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRVTapiSrvMSCSPTISRV]
    "ImagePath"="@p srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESSseclogon]
    "ImagePath"="àq\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelperIKEEXT]
    "ImagePath"="Èp0 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
    "ImagePath"="\"c:\web\mysql\bin\mysqld-nt\" --defaults-file=\"c:\web\mysql\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay]
    "ImagePath"="àq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnum]
    "ImagePath"="Àn\1a srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnumSCPolicySvcWinDefendBFE]
    "ImagePath"="xq\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetlogonNetlogon]
    "ImagePath"="Øo\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcSamSs]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcWinmgmt]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvcswprvCOMSysApp]
    "ImagePath"="¨p% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrvupnphostmsiserver]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDER]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvcNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleMTSRecoveryServiceCryptSvc]
    "ImagePath"="xq) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleServiceXEUxSms]
    "ImagePath"="@p` srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXEClrAgentMpsSvc]
    "ImagePath"="o' srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseidsvcclr_optimization_v2.0.50727_32]
    "ImagePath"="Èp( srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseSstpSvcose]
    "ImagePath"="o- srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvcWerSvcidsvcwcncsvc]
    "ImagePath"="xq\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVR Back-End Service]
    "ImagePath"="@p+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVRAeLookupSvc]
    "ImagePath"="o\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvcMMCSS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaAeLookupSvc]
    "ImagePath"="¨p\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plausnjsvcRasMan]
    "ImagePath"="¨p% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaWMPNetworkSvcehstart]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvcNetlogonDPSmsvsmon80]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageMcx2Svc]
    "ImagePath"="øo\19 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageusnjsvc]
    "ImagePath"="øo\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAutoBITSSCPolicySvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryMSCSPTISRV]
    "ImagePath"="øo/ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryProfSvc]
    "ImagePath"="@p\1d srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvcWinDefendBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprv]
    "ImagePath"="øo, srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprvwercplsupportBITSslsvc]
    "ImagePath"="€s\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV]
    "ImagePath"="w& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionnetprofm]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionPlugPlay]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionProfSvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionupnphostpla]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcBITSSENSSysMainCOMSysApp]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcupnphostmsiserver]
    "ImagePath"="àq\1d srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVMMCSS]
    "ImagePath"="(o) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVProfSvc]
    "ImagePath"="(o\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVTabletInputService]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvc]
    "ImagePath"="o_ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvcMpsSvc]
    "ImagePath"="xqa srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVDhcphidserv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprvFontCache3.0.0.0]
    "ImagePath"="xq$ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrvMSCSPTISRVhkmsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharing]
    "ImagePath"="(o! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesTrustedInstallerWinmgmt]
    "ImagePath"="@p. srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDERMpsSvc]
    "ImagePath"="¨p\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWksmsvsmon80RpcLocator]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasMannsinapagentBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcSNMPTRAP]
    "ImagePath"="àq\15 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSSMcx2Svc]
    "ImagePath"="Øo\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32TimefdPHostUI0Detect]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Timeoseidsvcclr_optimization_v2.0.50727_32]
    "ImagePath"="xq& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHostRasManmsiserver]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClientIPBusEnum]
    "ImagePath"="(o. srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFEAppinfoBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg]
    "ImagePath"="€s0 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendBFE]
    "ImagePath"="@p\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendKServiceOracleXEClrAgent]
    "ImagePath"="€s\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrvMcx2SvcShellHWDetectionupnphostpla]
    "ImagePath"="àq+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvcPNRPAutoReg]
    "ImagePath"="@p\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnumnsi]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcPNRPsvcALG]
    "ImagePath"="¨p\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcSCPolicySvc]
    "ImagePath"="o, srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcTBS]
    "ImagePath"="(o- srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchwuauserv]
    "ImagePath"="(o! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauservSessionEnv]
    "ImagePath"="o. srv"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(736)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\web\Apache2\bin\Apache.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    c:\program files\Kontiki\KService.exe
    c:\web\Apache2\bin\Apache.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\web\mysql\bin\mysqld-nt.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\System32\nvSCPAPISvr.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-12 09:49:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-12 08:49
    .
    Pre-Run: 50,468,646,912 bytes free
    Post-Run: 55,963,762,688 bytes free
    .
    - - End Of File - - C0C27EDFEFBAA7F12287E9DC89507FC9
     
  17. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    Computer behavior

    hi broni

    not getting the avg trojan threats.
    my security centre is back working.
    i am able to connect to internet.

    NOT able to see my other computer on my home network.

    i haven't done anything else.

    all the best
    steve
     
  18. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good :)

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    AeLookupSvcMDMehRecvrW32Timep2pimsvc
    AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso
    AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01
    AeLookupSvcMDMehRecvr
    AeLookupSvcMDMCryptSvc
    AeLookupSvcMDM
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    ComboFix log run 2

    ComboFix 12-04-11.03 - Steve 13/04/2012 9:30.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2288 [GMT 1:00]
    Running from: c:\users\Steve\Desktop\ComboFix.exe
    Command switches used :: c:\users\Steve\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5891.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_AeLookupSvcMDM
    -------\Service_AeLookupSvcMDMCryptSvc
    -------\Service_AeLookupSvcMDMehRecvr
    -------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVEEPSON_PM_RPCV4_01
    -------\Service_AeLookupSvcMDMehRecvrhkmsvcQWAVEKeyIso
    -------\Service_AeLookupSvcMDMehRecvrW32Timep2pimsvc
    -------\Service_OracleJobSchedulerXEWinDefendBFEAppinfoBFEnapagent
    -------\Service_OracleServiceXEMySQLmsftesql$SQLEXPRESS
    -------\Service_OracleXEClrAgentswprvCOMSysAppEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc
    -------\Service_SENSSysMainWdiServiceHost
    -------\Service_WLSetupSvcWlansvcWinDefend
    -------\Service_WSearchnapagentplaAeLookupSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Linda\AppData\Local\temp
    2012-04-13 08:38 . 2012-04-13 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-13 07:42 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A8FCE4-3D04-424C-BE1F-318DDACA2EEB}\mpengine.dll
    2012-04-13 07:35 . 2012-02-23 09:18 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\programdata\AVG Secure Search
    2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-04-12 09:22 . 2012-04-12 09:22 -------- d-----w- c:\program files\AVG Secure Search
    2012-04-12 08:38 . 2012-04-13 08:42 -------- d-----w- c:\users\Steve\AppData\Local\temp
    2012-04-12 01:00 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-12 01:00 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-12 00:44 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-04-11 15:37 . 2012-04-11 15:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-10 15:40 . 2012-04-10 15:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-10 15:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-06 14:29 . 2012-04-06 14:29 -------- d-----w- c:\program files\iPod
    2012-04-06 14:29 . 2012-04-06 14:31 -------- d-----w- c:\program files\iTunes
    2012-04-01 12:02 . 2012-04-01 12:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-17 17:58 . 2012-03-17 17:58 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-17 17:58 . 2012-03-17 17:58 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-03-14 12:57 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 12:57 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 12:57 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 12:57 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:57 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 12:54 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-14 12:54 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 15:40 . 2008-07-23 11:17 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-04-01 12:18 . 2011-05-14 06:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-29 15:11 . 2012-04-12 01:01 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-29 15:11 . 2012-04-12 01:01 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-28 01:11 . 2012-04-12 01:01 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-02 15:16 . 2012-03-14 12:57 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-17 17:58 . 2011-04-30 17:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-04-12 09:22 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-12 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "Skytel"="Skytel.exe" [2007-04-04 1822720]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
    .
    c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]
    SDK Tray Menu.lnk - c:\program files\Java\jdk1.6.0_03\bin\javaw.exe [2007-12-21 135168]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-15 303104]
    Monitor Apache Servers.lnk - c:\web\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-14 608584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nnnv0.13162810356833832.exe.lnk]
    path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnnv0.13162810356833832.exe.lnk
    backup=c:\windows\pss\nnnv0.13162810356833832.exe.lnk.Startup
    backupExtension=.Startup
    .
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    elagopro
    qcdonner
    MXOPSWD
    fallback
    ANC
    ser2pl
    DCamUSBGrandTek
    cobbmservice
    sandradatasrv
    mclserviceatl
    cmudau
    imonitor
    changer
    WinVd32
    SNC
    naveng
    dwmrcs
    bwsvc
    vci
    tosrfnds
    iomegaaccess
    nbservice
    zenos1
    lvuvc
    alcxsens
    cbidf2k
    pptchpad
    se2Cunic
    savrt
    wusb54gv2svc
    RR2Mjpeg
    nuvaud2
    vpctcom
    ulcdrhlp
    savscan
    netw4x32
    mfcom
    lvselsus
    DcPTP
    atmarpc
    tng-doba
    firesvc
    UsbDiag
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: localhost
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} - hxxp://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab
    FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.google.co.uk/|http://www...showthread.php?p=1166386&posted=1#post1166386
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0085c2e1-8f27-4756-a274-bb9b81adef19%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-12%2010%3A22%3A47&sap=ku&q=
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESS]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilderMSDTCLanmanServer]
    "ImagePath"="àq% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFEDPSmsvsmon80]
    "ImagePath"="@p\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcAppinfoBFEWPDBusEnumehSched]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverBrowser]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvc]
    "ImagePath"="0q& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcNetTcpPortSharingnvsvchidserv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcPACSPTISVR]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserhkmsvcSLUINotifynvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSRWinHttpAutoProxySvc]
    "ImagePath"="o# srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svcSpooler]
    "ImagePath"="Øo\1b srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSmsvsmon80IDriverTBrowser]
    "ImagePath"="àq\15 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPSupnphostmsiserver]
    "ImagePath"="øo` srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHostTBS]
    "ImagePath"="øo\1b srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmtplaWMPNetworkSvcehstart]
    "ImagePath"="¨p srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemMSiSCSI]
    "ImagePath"="@p) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80]
    "ImagePath"="Èp% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost]
    "ImagePath"="w) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvcQWAVE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverTBrowser]
    "ImagePath"="øo# srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvcwcncsvc]
    "ImagePath"="(o\1a srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXTehstart]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvciphlpsvc]
    "ImagePath"="(o\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcPolicyAgent]
    "ImagePath"="Øo* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IrmonShellHWDetection]
    "ImagePath"="¨p\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmp2pimsvc]
    "ImagePath"="xq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRmTapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServerfdPHostUI0DetectDFSR]
    "ImagePath"="@p+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcidsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvcSQLWriter]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2SvcDhcp]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHost]
    "ImagePath"="øo* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSSWdiSystemHostnvsvc]
    "ImagePath"="àq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcBrlAPI]
    "ImagePath"="(oa srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="àq! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCSPTISRVTapiSrvMSCSPTISRV]
    "ImagePath"="@p srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$SQLEXPRESSseclogon]
    "ImagePath"="àq\1e srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelperIKEEXT]
    "ImagePath"="Èp0 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
    "ImagePath"="\"c:\web\mysql\bin\mysqld-nt\" --defaults-file=\"c:\web\mysql\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay]
    "ImagePath"="àq* srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnum]
    "ImagePath"="Àn\1a srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQLWPDBusEnumSCPolicySvcWinDefendBFE]
    "ImagePath"="xq\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetlogonNetlogon]
    "ImagePath"="Øo\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcSamSs]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharingnvsvcWinmgmt]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvcswprvCOMSysApp]
    "ImagePath"="¨p% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFEDnscachewmiApSrvupnphostmsiserver]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDER]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvcNetTcpPortSharing]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleMTSRecoveryServiceCryptSvc]
    "ImagePath"="xq) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleServiceXEUxSms]
    "ImagePath"="@p` srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXEClrAgentMpsSvc]
    "ImagePath"="o' srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseidsvcclr_optimization_v2.0.50727_32]
    "ImagePath"="Èp( srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oseSstpSvcose]
    "ImagePath"="o- srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvcWerSvcidsvcwcncsvc]
    "ImagePath"="xq\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVR Back-End Service]
    "ImagePath"="@p+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PACSPTISVRAeLookupSvc]
    "ImagePath"="o\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvcMMCSS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaAeLookupSvc]
    "ImagePath"="¨p\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plausnjsvcRasMan]
    "ImagePath"="¨p% srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\plaWMPNetworkSvcehstart]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvcNetlogonDPSmsvsmon80]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageMcx2Svc]
    "ImagePath"="øo\19 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorageusnjsvc]
    "ImagePath"="øo\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAutoBITSSCPolicySvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryMSCSPTISRV]
    "ImagePath"="øo/ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistryProfSvc]
    "ImagePath"="@p\1d srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvcWinDefendBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprv]
    "ImagePath"="øo, srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSswprvwercplsupportBITSslsvc]
    "ImagePath"="€s\" srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV]
    "ImagePath"="w& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionnetprofm]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionPlugPlay]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionProfSvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetectionupnphostpla]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcBITSSENSSysMainCOMSysApp]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriterWecsvcupnphostmsiserver]
    "ImagePath"="àq\1d srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVMMCSS]
    "ImagePath"="(o) srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRVProfSvc]
    "ImagePath"="(o\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVTabletInputService]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvc]
    "ImagePath"="o_ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSScsiSVwscsvcMpsSvc]
    "ImagePath"="xqa srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVDhcphidserv]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprvFontCache3.0.0.0]
    "ImagePath"="xq$ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrvMSCSPTISRVhkmsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharing]
    "ImagePath"="(o! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThemesTrustedInstallerWinmgmt]
    "ImagePath"="@p. srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDERMpsSvc]
    "ImagePath"="¨p\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWksmsvsmon80RpcLocator]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcRasMannsinapagentBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvcSNMPTRAP]
    "ImagePath"="àq\15 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSSMcx2Svc]
    "ImagePath"="Øo\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32TimefdPHostUI0Detect]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Timeoseidsvcclr_optimization_v2.0.50727_32]
    "ImagePath"="xq& srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHostRasManmsiserver]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClientIPBusEnum]
    "ImagePath"="(o. srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFEAppinfoBFE]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg]
    "ImagePath"="€s0 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendBFE]
    "ImagePath"="@p\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlansvcWinDefendKServiceOracleXEClrAgent]
    "ImagePath"="€s\1c srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrvMcx2SvcShellHWDetectionupnphostpla]
    "ImagePath"="àq+ srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvcPNRPAutoReg]
    "ImagePath"="@p\17 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnumnsi]
    "ImagePath"="€û\12 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcPNRPsvcALG]
    "ImagePath"="¨p\14 srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcSCPolicySvc]
    "ImagePath"="o, srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvcTBS]
    "ImagePath"="(o- srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchwuauserv]
    "ImagePath"="(o! srv"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauservSessionEnv]
    "ImagePath"="o. srv"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(744)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\web\Apache2\bin\Apache.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    c:\web\Apache2\bin\Apache.exe
    c:\program files\Kontiki\KService.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\web\mysql\bin\mysqld-nt.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\System32\nvSCPAPISvr.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-13 09:49:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-13 08:49
    .
    Pre-Run: 51,324,465,152 bytes free
    Post-Run: 51,223,736,320 bytes free
    .
    - - End Of File - - 4BDAA64D650D47B7AC05A48B32ACFEFD
     
  20. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    Computer status

    Hi Broni

    Computer seems OK. Running as normal.

    Steve
     
  22. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good.
    Go on...
     
  23. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    OTL Logs - OTL.txt part 1

    OTL logfile created on: 14/04/2012 03:18:02 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Steve\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 67.82% Memory free
    6.18 Gb Paging File | 5.01 Gb Available in Paging File | 81.04% Paging File free
    Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 226.05 Gb Total Space | 52.72 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
    Drive L: | 465.76 Gb Total Space | 150.65 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
    Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.05% Space Free | Partition Type: NTFS

    Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/14 03:14:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    PRC - [2012/04/13 14:36:42 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/04/12 10:22:44 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    PRC - [2012/04/01 13:18:11 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
    PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/02/14 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
    PRC - [2010/12/07 17:08:32 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
    PRC - [2009/12/07 12:50:54 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    PRC - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
    PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
    PRC - [2008/08/04 16:45:16 | 005,779,456 | ---- | M] () -- C:\Web\mysql\bin\mysqld-nt.exe
    PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/01/17 22:59:58 | 000,041,042 | ---- | M] (Apache Software Foundation) -- C:\Web\Apache2\bin\ApacheMonitor.exe
    PRC - [2008/01/17 22:58:36 | 000,020,541 | ---- | M] (Apache Software Foundation) -- C:\Web\Apache2\bin\Apache.exe
    PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
    PRC - [2007/11/27 12:58:28 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
    PRC - [2007/09/25 00:13:02 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jdk1.6.0_03\bin\javaw.exe
    PRC - [2007/04/10 09:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
    PRC - [2006/11/12 11:48:46 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
    PRC - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/13 14:36:42 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/02/16 21:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll
    MOD - [2006/07/14 06:34:00 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (wudfsvcSLUINotifyWdiServiceHost)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (wuauservSessionEnvWSearchwuauserv)
    SRV - File not found [Auto | Stopped] -- o. srv -- (wuauservSessionEnv)
    SRV - File not found [Auto | Stopped] -- (o! srv -- (WSearchwuauserv)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WSearchnapagent)
    SRV - File not found [Auto | Stopped] -- (o- srv -- (wscsvcTBS)
    SRV - File not found [Auto | Stopped] -- o, srv -- (wscsvcSCPolicySvc)
    SRV - File not found [Auto | Stopped] -- ¨p srv -- (wscsvcPNRPsvcALG)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (wscsvcPNRPsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (WPDBusEnumnsi)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WPCSvcWinDefend)
    SRV - File not found [Auto | Stopped] -- @p srv -- (WPCSvcPNRPAutoReg)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WMPNetworkSvcMpsSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WMPNetworkSvcehstart)
    SRV - File not found [Auto | Stopped] -- àq+ srv -- (wmiApSrvMcx2SvcShellHWDetectionupnphostpla)
    SRV - File not found [Auto | Stopped] -- €s srv -- (WlansvcWinDefendKServiceOracleXEClrAgent)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WlansvcWinDefendKService)
    SRV - File not found [Auto | Stopped] -- @p srv -- (WlansvcWinDefendBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WlansvcWinDefend)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (WinmgmtusnjsvcRasManFontCache3.0.0.0)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WinHttpAutoProxySvcAeLookupSvcMDMSpooler)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WinHttpAutoProxySvcAeLookupSvcMDM)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WinDefendusnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc)
    SRV - File not found [Auto | Stopped] -- €s0 srv -- (WinDefendBFESQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg)
    SRV - File not found [Auto | Stopped] -- €û srv -- (WinDefendBFENlaSvcSstpSvcoseSPTISRVusnjsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WinDefendBFENlaSvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (WinDefendBFEAppinfoBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (WebClientIPBusEnumEventSystemwscsvc)
    SRV - File not found [Auto | Stopped] -- (o. srv -- (WebClientIPBusEnum)
    SRV - File not found [Auto | Stopped] -- €û srv -- (WdiSystemHostRasManmsiserver)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (WdiServiceHostCryptSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (wcncsvcnapagentBFEMySQLWPDBusEnumSCPolicySvcWinDefendBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (wcncsvcnapagentBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (W32Timep2pimsvc)
    SRV - File not found [Auto | Stopped] -- xq& srv -- (W32Timeoseidsvcclr_optimization_v2.0.50727_32)
    SRV - File not found [Auto | Stopped] -- €û srv -- (W32TimefdPHostUI0Detect)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (W32TimefdPHost)
    SRV - File not found [Auto | Stopped] -- Øo srv -- (VSSMcx2Svc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (vdswercplsupport)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (vdsMSCSPTISRV)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (usnjsvcTapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnum)
    SRV - File not found [Auto | Stopped] -- àq srv -- (usnjsvcSNMPTRAP)
    SRV - File not found [Auto | Stopped] -- €û srv -- (usnjsvcRasMannsinapagentBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (usnjsvcRasManMMCSS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (usnjsvcRasManhkmsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (usnjsvcRasManFontCache3.0.0.0usnjsvcRasManhkmsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (usnjsvcRasManFontCache3.0.0.0)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117bus.dll -- (UsbDiag)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (upnphostmsiserverOracleServiceXEMySQLmsftesql$SQLEXPRESS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (upnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (UI0DetectDFSR)
    SRV - File not found [Auto | Stopped] -- €û srv -- (TrustedInstallerWinmgmtiphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TrustedInstallerWinmgmt)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TrkWksmsvsmon80SSDPSRVMMCSS)
    SRV - File not found [Auto | Stopped] -- €û srv -- (TrkWksmsvsmon80RpcLocator)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TrkWksmsvsmon80)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iam.dll -- (tng-doba)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (THREADORDEROracleXEClrAgent)
    SRV - File not found [Auto | Stopped] -- ¨p srv -- (THREADORDERMpsSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (THREADORDEREventSystemwscsvcmsvsmon80MSiSCSISSScsiSVSENS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (THREADORDEREventSystemwscsvcmsvsmon80)
    SRV - File not found [Auto | Stopped] -- @p. srv -- (ThemesTrustedInstallerWinmgmt)
    SRV - File not found [Auto | Stopped] -- €û srv -- (ThemesNetTcpPortSharingusnjsvcRasManMMCSSPNRPsvc)
    SRV - File not found [Auto | Stopped] -- (o! srv -- (ThemesNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- €û srv -- (TapiSrvMSCSPTISRVhkmsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TapiSrvMSCSPTISRV)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TapiSrvDcomLaunchNetTcpPortSharingWebClientIPBusEnumBITSslsvcAppinfoBFEWPDBusEnum)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TapiSrvDcomLaunch)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (TabletInputServiceWinDefendBFEAppinfoBFEnapagent)
    SRV - File not found [Auto | Stopped] -- xq$ srv -- (swprvFontCache3.0.0.0)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (swprvCOMSysApp)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SstpSvcoseSPTISRVusnjsvcusnjsvcRasMan)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcoseSPTISRVusnjsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcoseSPTISRVDhcphidservAppinfoBFEWPDBusEnum)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SstpSvcoseSPTISRVDhcphidserv)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcoseSPTISRVDhcp)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SstpSvcoseSPTISRVApache2NetTcpPortSharingnvsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcoseSPTISRVApache2)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcose)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SstpSvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc)
    SRV - File not found [Auto | Stopped] -- xqa srv -- (SSScsiSVwscsvcMpsSvc)
    SRV - File not found [Auto | Stopped] -- o_ srv -- (SSScsiSVwscsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SSScsiSVTabletInputService)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SSScsiSVSENSTapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- (o srv -- (SSDPSRVProfSvc)
    SRV - File not found [Auto | Stopped] -- (o) srv -- (SSDPSRVMMCSS)
    SRV - File not found [Auto | Stopped] -- àq srv -- (SQLWriterWecsvcupnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SQLWriterWecsvcBITSSENSSysMainiphlpsvcRemoteAccessPNRPAutoReg)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SQLWriterWecsvcBITSSENSSysMainCOMSysApp)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SQLWriterWecsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SQLWriternsinapagentBFETHREADORDERBrowserhkmsvcSLUINotify)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SpoolerPlugPlay)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SLUINotifyWdiServiceHost)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (slsvcWLSetupSvcWlansvcWinDefend)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (slsvcWecsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ShellHWDetectionW32TimefdPHostUI0Detect)
    SRV - File not found [Auto | Stopped] -- €û srv -- (ShellHWDetectionupnphostpla)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ShellHWDetectionupnphost)
    SRV - File not found [Auto | Stopped] -- €û srv -- (ShellHWDetectionProfSvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (ShellHWDetectionPlugPlay)
    SRV - File not found [Auto | Stopped] -- €û srv -- (ShellHWDetectionnetprofm)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SharedAccessAppinfo) Internet Connection Sharing (ICS)
    SRV - File not found [Auto | Stopped] -- w& srv -- (SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENSSstpSvcoseSPTISRV)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SENSSysMainWdiServiceHostp2pimsvcSSScsiSVSENS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SENSSysMain)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SENSswprvWinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- €s srv -- (SENSswprvwercplsupportBITSslsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SENSswprvwercplsupport)
    SRV - File not found [Auto | Stopped] -- øo, srv -- (SENSswprv)
    SRV - File not found [Auto | Stopped] -- €û srv -- (SCPolicySvcWinDefendBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (SCPolicySvcIrmon)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RpcSsvdswercplsupportMpsSvcSPTISRVALG) Remote Procedure Call (RPC)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RpcSsvdswercplsupport) Remote Procedure Call (RPC)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RpcSsDnscachewmiApSrv) Remote Procedure Call (RPC)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RpcSsBrowser) Remote Procedure Call (RPC)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RpcLocatorMySQLmsftesql$SQLEXPRESS) Remote Procedure Call (RPC)
    SRV - File not found [Auto | Stopped] -- @p srv -- (RemoteRegistryProfSvc)
    SRV - File not found [Auto | Stopped] -- øo/ srv -- (RemoteRegistryMSCSPTISRV)
    SRV - File not found [Auto | Stopped] -- €û srv -- (RemoteAccesswuauservSessionEnvWSearchwuauservSQLWriterWecsvcBITSSENSSysMain)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RemoteAccesswuauservSessionEnvWSearchwuauserv)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RemoteAccessPNRPAutoReg)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RasManmsiserverMpsSvcNlaSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\Apphlpdmb.exe srv -- (RasManmsiserver)
    SRV - File not found [Auto | Stopped] -- €û srv -- (RasAutoBITSSCPolicySvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (RasAutoBITS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (QWAVEWinDefend)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimTV6.dll -- (qcdonner)
    SRV - File not found [Auto | Stopped] -- øo srv -- (ProtectedStorageusnjsvc)
    SRV - File not found [Auto | Stopped] -- øo srv -- (ProtectedStorageMcx2Svc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (PolicyAgentApache2SCPolicySvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (PolicyAgentApache2)
    SRV - File not found [Auto | Stopped] -- €û srv -- (PNRPsvcNetlogonDPSmsvsmon80)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (PNRPsvcNetlogon)
    SRV - File not found [Auto | Stopped] -- €û srv -- (plaWMPNetworkSvcehstart)
    SRV - File not found [Auto | Stopped] -- ¨p% srv -- (plausnjsvcRasMan)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (plaSSScsiSVwscsvc)
    SRV - File not found [Auto | Stopped] -- ¨p srv -- (plaAeLookupSvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (PcaSvcMMCSS)
    SRV - File not found [Auto | Stopped] -- o srv -- (PACSPTISVRAeLookupSvc)
    SRV - File not found [Auto | Stopped] -- @p+ srv -- (PACSPTISVR Back-End Service)
    SRV - File not found [Auto | Stopped] -- xq srv -- (p2psvcWerSvcidsvcwcncsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (p2psvcWerSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (p2pimsvcSSScsiSVSENS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (oseTermService)
    SRV - File not found [Auto | Stopped] -- o- srv -- (oseSstpSvcose)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (oseMMCSS)
    SRV - File not found [Auto | Stopped] -- Èp( srv -- (oseidsvcclr_optimization_v2.0.50727_32)
    SRV - File not found [Auto | Stopped] -- €û srv -- (OracleXETNSListenerwudfsvcmsftesql$SQLEXPRESS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (OracleXEClrAgentswprvCOMSysApp)
    SRV - File not found [Auto | Stopped] -- o' srv -- (OracleXEClrAgentMpsSvc)
    SRV - File not found [Auto | Stopped] -- @p` srv -- (OracleServiceXEUxSms)
    SRV - File not found [Auto | Stopped] -- xq) srv -- (OracleMTSRecoveryServiceCryptSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (nvsvcW32Time)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (nvsvcNetTcpPortSharingW32Time)
    SRV - File not found [Auto | Stopped] -- €û srv -- (nvsvcNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (nsiSENSSysMain)
    SRV - File not found [Auto | Stopped] -- €û srv -- (nsinapagentBFETHREADORDERBrowserhkmsvcSLUINotifyDPSSENSSysMain)
    SRV - File not found [Auto | Stopped] -- €û srv -- (nsinapagentBFETHREADORDER)
    SRV - File not found [Auto | Stopped] -- €û srv -- (nsinapagentBFEDnscachewmiApSrvupnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- €û srv -- (nsinapagentBFEDnscachewmiApSrv)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (nsinapagentBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (NlaSvcwscsvcSCPolicySvc)
    SRV - File not found [Auto | Stopped] -- ¨p% srv -- (NlaSvcswprvCOMSysApp)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (NlaSvcSENSswprv)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (NetTcpPortSharingPcaSvcMMCSS)
    SRV - File not found [Auto | Stopped] -- €û srv -- (NetTcpPortSharingnvsvcWinmgmt)
    SRV - File not found [Auto | Stopped] -- €û srv -- (NetTcpPortSharingnvsvcSamSs)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (NetTcpPortSharingnvsvc)
    SRV - File not found [Auto | Stopped] -- Øo srv -- (NetlogonNetlogon)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (napagentBFE)
    SRV - File not found [Auto | Stopped] -- xq srv -- (MySQLWPDBusEnumSCPolicySvcWinDefendBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MySQLWPDBusEnumBITSDPSupnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- Àn srv -- (MySQLWPDBusEnum)
    SRV - File not found [Auto | Stopped] -- àq* srv -- (MySQLmsftesql$SQLEXPRESSSpoolerPlugPlay)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MSSQLServerADHelperMDM)
    SRV - File not found [Auto | Stopped] -- Èp0 srv -- (MSSQLServerADHelperIKEEXT)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MSiSCSISSScsiSVSENS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MSiSCSIPACSPTISVR)
    SRV - File not found [Auto | Stopped] -- àq srv -- (msftesql$SQLEXPRESSseclogon) SQL Server FullText Search (SQLEXPRESS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MSDTCSharedAccess)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MSDTCLanmanServer)
    SRV - File not found [Auto | Stopped] -- @p srv -- (MSCSPTISRVTapiSrvMSCSPTISRV)
    SRV - File not found [Auto | Stopped] -- àq! srv -- (MSCSPTISRViphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MpsSvcSPTISRV)
    SRV - File not found [Auto | Stopped] -- €û srv -- (MpsSvcSCPolicySvclmhostshkmsvcWMPNetworkSvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MpsSvcSCPolicySvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MpsSvcNlaSvc)
    SRV - File not found [Auto | Stopped] -- (oa srv -- (MpsSvcBrlAPI)
    SRV - File not found [Auto | Stopped] -- àq* srv -- (MMCSSWdiSystemHostnvsvc)
    SRV - File not found [Auto | Stopped] -- øo* srv -- (MMCSSWdiSystemHost)
    SRV - File not found [Auto | Stopped] -- €û srv -- (MMCSSMMCSSWdiSystemHostKtmRmTapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (MMCSSMMCSSWdiSystemHost)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (Mcx2SvcWinHttpAutoProxySvcAeLookupSvcMDM)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (Mcx2SvcTHREADORDER)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (Mcx2SvcShellHWDetectionupnphostpla)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (Mcx2SvcSDRSVC)
    SRV - File not found [Auto | Stopped] -- €û srv -- (Mcx2SvcDhcp)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (lmhostshkmsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (lmhostsALGmsvsmon80vds)
    SRV - File not found [Auto | Stopped] -- €û srv -- (lmhostsALGmsvsmon80TapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (lmhostsALGmsvsmon80)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (lltdsvcSQLWriterSstpSvcoseSPTISRVpla)
    SRV - File not found [Auto | Stopped] -- €û srv -- (lltdsvcSQLWriter)
    SRV - File not found [Auto | Stopped] -- €û srv -- (lltdsvcidsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (lltdsvcEventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc)
    SRV - File not found [Auto | Stopped] -- @p+ srv -- (LanmanServerfdPHostUI0DetectDFSR)
    SRV - File not found [Auto | Stopped] -- €û srv -- (KtmRmTapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- xq* srv -- (KtmRmp2pimsvc)
    SRV - File not found [Auto | Stopped] -- ¨p srv -- (IrmonShellHWDetection)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeMSCSPTISRVTapiSrvMSCSPTISRV)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32TimeKService)
    SRV - File not found [Auto | Stopped] -- €û srv -- (iphlpsvcRemoteAccessPNRPAutoRegnvsvcW32Time)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (iphlpsvcRemoteAccessPNRPAutoReg)
    SRV - File not found [Auto | Stopped] -- Øo* srv -- (iphlpsvcPolicyAgent)
    SRV - File not found [Auto | Stopped] -- (o srv -- (iphlpsvciphlpsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (IKEEXTOracleXEClrAgentMpsSvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (IKEEXTehstart)
    SRV - File not found [Auto | Stopped] -- (o srv -- (idsvcwcncsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (idsvcclr_optimization_v2.0.50727_32)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (IDriverTBrowserSQLBrowser)
    SRV - File not found [Auto | Stopped] -- øo# srv -- (IDriverTBrowser)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (hkmsvcWSearch)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (hkmsvcQWAVEplaWMPNetworkSvcehstart)
    SRV - File not found [Auto | Stopped] -- €û srv -- (hkmsvcQWAVE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (FontCache3.0.0.0 Back-End Service)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ScanUSBEMPIA.dll -- (firesvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (fdPHostUI0DetectDFSR)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (EventSystemwscsvcmsvsmon80SENSSysMainSQLWriterWecsvc)
    SRV - File not found [Auto | Stopped] -- w) srv -- (EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvcW32TimefdPHost)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (EventSystemwscsvcmsvsmon80OracleXETNSListenerwudfsvc)
    SRV - File not found [Auto | Stopped] -- Èp% srv -- (EventSystemwscsvcmsvsmon80)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (EventSystemwscsvc)
    SRV - File not found [Auto | Stopped] -- @p) srv -- (EventSystemMSiSCSI)
    SRV - File not found [Auto | Stopped] -- ¨p srv -- (EMDMgmtplaWMPNetworkSvcehstart)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqarray.dll -- (elagopro)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ehstartMySQLWPDBusEnumBITS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ehSchedTrustedInstallerWinmgmt)
    SRV - File not found [Auto | Stopped] -- øo srv -- (EapHostTBS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (EapHostLanmanServerfdPHostUI0DetectDFSR)
    SRV - File not found [Auto | Stopped] -- øo` srv -- (DPSupnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (DPSSENSSysMain)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (DPSmsvsmon80MSDTCSharedAccess)
    SRV - File not found [Auto | Stopped] -- àq srv -- (DPSmsvsmon80IDriverTBrowser)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (DPSmsvsmon80)
    SRV - File not found [Auto | Stopped] -- Øo srv -- (dot3svcSpooler)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (DnscachewmiApSrv)
    SRV - File not found [Auto | Stopped] -- o# srv -- (DFSRWinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (COMSysAppMMCSS)
    SRV - File not found [Auto | Stopped] -- €û srv -- (clr_optimization_v2.0.50727_32SstpSvcoseSPTISRV)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\adsmsexto.exe srv -- (BrowserhkmsvcSLUINotifynvsvcW32TimeSQLWriterWecsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BrowserhkmsvcSLUINotifynvsvcW32Time)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BrowserhkmsvcSLUINotify)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BrowserhkmsvcPACSPTISVR)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BrowserhkmsvcNetTcpPortSharingnvsvchidserv)
    SRV - File not found [Auto | Stopped] -- 0q& srv -- (BrowserhkmsvcNetTcpPortSharingnvsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (Browserhkmsvc)
    SRV - File not found [On_Demand | Stopped] -- C:\cygwin\bin\cygrunsrv.exe -- (BrlAPI)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BITSW32Timep2pimsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BITSslsvcp2pimsvcupnphostmsiserverTapiSrvDcomLaunch)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BITSslsvcp2pimsvcupnphostmsiserverBrowser)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BITSslsvcp2pimsvc)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BITSslsvcAppinfoBFEWPDBusEnumehSched)
    SRV - File not found [Auto | Stopped] -- €û srv -- (BITSslsvc)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BITSSENSSysMain)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BITSApache2)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (BFEupnphostmsiserver)
    SRV - File not found [Auto | Stopped] -- @p srv -- (BFEDPSmsvsmon80)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (AudiosrvMSSQLServerADHelperIKEEXT)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (AudioEndpointBuilderTapiSrvDcomLaunchNetTcpPortSharing)
    SRV - File not found [Auto | Stopped] -- àq% srv -- (AudioEndpointBuilderMSDTCLanmanServer)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (AppinfoBFEWPDBusEnum)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (AppinfoBFE)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ALGmsvsmon80MSSQLServerADHelper)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\adsmsexto.exe srv -- (ALGmsvsmon80)
    SRV - [2012/04/12 10:22:44 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
    SRV - [2012/04/01 13:18:11 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2009/07/31 17:59:23 | 000,026,826 | ---- | M] () [On_Demand | Stopped] -- C:\Sun\SDK\lib\appservService.exe -- (AppServer9PE)
    SRV - [2009/07/07 08:59:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/06/30 13:38:56 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
    SRV - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
    SRV - [2008/08/04 16:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Web\mysql\bin\mysqld-nt.exe -- (MySQL)
    SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 22:58:36 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Web\Apache2\bin\Apache.exe -- (Apache2)
    SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/02/22 19:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
    SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
    SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2006/02/02 01:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
    SRV - [2006/02/02 01:49:14 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
    SRV - [2006/02/02 01:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
    SRV - [2006/02/02 01:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
    SRV - [2006/02/02 01:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1puqs7e)
    DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidsehx.sys -- (AVGIDSEH)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
    DRV - [2009/07/08 14:20:33 | 000,646,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/03/31 05:41:06 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
    DRV - [2007/10/28 18:16:59 | 000,096,832 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
    DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={07ADA17B-67D6-4183-8DD5-D6B7A02B6AE7}&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=fr&d=2012-04-13 14:36:44&v=10.2.0.3&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
  24. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    OTL Logs - OTL.txt part2

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/|http://www.google.co.uk/|http://www.arsenal.com/home|http://en.wikipedia.org/wiki/Main_Page|http://www.imdb.com/|http://www.youtube.com/|http://www.innocent.org.uk/|http://www.theforensicinstitute.com/|http://www.justinguitar.com/index.php|http://justinguitarcommunity.com/|http://www.britmodeller.com/forums/index.php|http://www.florymodels.co.uk/site-news/|http://promodeller.websitetoolbox.com/|http://www.techspot.com/vb/showthread.php?p=1166386&posted=1#post1166386"
    FF - prefs.js..extensions.enabledItems: {cf2812dc-6a7c-4402-b639-4d277dac4c36}:0.8.7
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B0085c2e1-8f27-4756-a274-bb9b81adef19%7D&mid=c9326b458a7892fb5e580bd9ef323fd3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-12%2010%3A22%3A47&sap=ku&q="
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.http_port: 7171
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/16 15:51:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/04/13 14:34:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/13 14:34:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/12 10:22:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 18:58:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 16:14:50 | 000,000,000 | ---D | M]

    [2008/10/05 16:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
    [2012/04/13 00:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\extensions
    [2011/01/07 17:42:46 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2010/07/16 19:19:06 | 000,000,000 | ---D | M] (Mozilla XForms) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}
    [2011/05/06 18:11:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\vfue9ge0.default\extensions\engine@conduit.com
    [2012/01/09 15:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/13 14:34:49 | 000,000,000 | ---D | M] (AVG Do-Not-Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/04/13 14:34:49 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    [2012/04/12 10:22:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
    () (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFUE9GE0.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    () (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFUE9GE0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    [2012/03/17 18:58:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/09/19 16:04:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/01 16:30:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/13 14:36:39 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/10/01 16:30:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/10/01 16:30:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/10/01 16:30:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/10/01 16:30:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/04/13 09:42:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
    O4 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
    O4 - HKU\S-1-5-21-2378876490-2437158032-804179293-1011..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Program Files\Java\jdk1.6.0_03\bin\javaw.exe (Sun Microsystems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O7 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2378876490-2437158032-804179293-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..Trusted Domains: localhost ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
    O15 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
    O15 - HKU\S-1-5-21-2378876490-2437158032-804179293-1000\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
    O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} http://www.mathtutor.ac.uk/Differentiation/drs/DrsDnldProj1.cab (DrsDnld Control)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax65.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} https://download.yahoo.com/dl/installs/bt/yregucfg.cab (RegUserCfgUI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A44558-6C56-4CDA-80E8-358ED16E6DF9}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: elagopro - %systemroot%\system32\cpqarray.dll File not found
    NetSvcs: qcdonner - %systemroot%\system32\iAimTV6.dll File not found
    NetSvcs: MXOPSWD - File not found
    NetSvcs: fallback - File not found
    NetSvcs: ANC - File not found
    NetSvcs: ser2pl - File not found
    NetSvcs: DCamUSBGrandTek - File not found
    NetSvcs: cobbmservice - File not found
    NetSvcs: sandradatasrv - File not found
    NetSvcs: mclserviceatl - File not found
    NetSvcs: cmudau - File not found
    NetSvcs: imonitor - File not found
    NetSvcs: changer - File not found
    NetSvcs: WinVd32 - File not found
    NetSvcs: SNC - File not found
    NetSvcs: naveng - File not found
    NetSvcs: dwmrcs - File not found
    NetSvcs: bwsvc - File not found
    NetSvcs: vci - File not found
    NetSvcs: tosrfnds - File not found
    NetSvcs: iomegaaccess - File not found
    NetSvcs: nbservice - File not found
    NetSvcs: zenos1 - File not found
    NetSvcs: lvuvc - File not found
    NetSvcs: alcxsens - File not found
    NetSvcs: cbidf2k - File not found
    NetSvcs: pptchpad - File not found
    NetSvcs: se2Cunic - File not found
    NetSvcs: savrt - File not found
    NetSvcs: wusb54gv2svc - File not found
    NetSvcs: RR2Mjpeg - File not found
    NetSvcs: nuvaud2 - File not found
    NetSvcs: vpctcom - File not found
    NetSvcs: ulcdrhlp - File not found
    NetSvcs: savscan - File not found
    NetSvcs: netw4x32 - File not found
    NetSvcs: mfcom - File not found
    NetSvcs: lvselsus - File not found
    NetSvcs: DcPTP - File not found
    NetSvcs: atmarpc - File not found
    NetSvcs: tng-doba - %systemroot%\system32\iam.dll File not found
    NetSvcs: firesvc - %systemroot%\system32\ScanUSBEMPIA.dll File not found
    NetSvcs: UsbDiag - %systemroot%\system32\s117bus.dll File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/14 03:14:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2012/04/13 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\AVG2012
    [2012/04/13 14:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
    [2012/04/13 09:42:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/13 09:38:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/13 09:27:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/12 10:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/04/12 10:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/04/12 10:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2012/04/12 09:38:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\temp
    [2012/04/12 01:49:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/12 01:49:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/12 01:49:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/12 01:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/12 01:48:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/12 01:39:57 | 004,458,963 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
    [2012/04/11 16:37:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/11 16:34:30 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\TDSSKiller.exe
    [2012/04/11 08:17:15 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Steve\Desktop\boot_cleaner.exe
    [2012/04/10 17:53:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
    [2012/04/10 17:27:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
    [2012/04/10 16:59:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\TechSpot Logs
    [2012/04/10 16:40:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
    [2012/04/10 16:40:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/04/10 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/04/10 16:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/10 16:37:33 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/06 15:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/04/06 15:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/04/06 15:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Steve\*.tmp files -> C:\Users\Steve\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/14 03:18:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/14 03:14:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2012/04/14 03:13:10 | 000,692,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/14 03:13:10 | 000,136,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/14 03:09:19 | 000,000,004 | ---- | M] () -- C:\Users\Steve\tray.pid
    [2012/04/14 03:06:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/14 03:06:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/14 03:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/14 03:06:11 | 3488,075,776 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/13 17:37:09 | 000,030,409 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/04/13 14:42:13 | 060,603,888 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/04/13 14:36:57 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/04/13 09:42:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/12 01:40:03 | 004,458,963 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
    [2012/04/11 20:45:53 | 000,000,512 | ---- | M] () -- C:\Users\Steve\Desktop\MBR.dat
    [2012/04/11 16:33:42 | 002,052,353 | ---- | M] () -- C:\Users\Steve\Desktop\tdsskiller.zip
    [2012/04/10 17:53:33 | 000,044,607 | ---- | M] () -- C:\Users\Steve\Desktop\bootkit_remover.zip
    [2012/04/10 17:53:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
    [2012/04/10 17:27:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
    [2012/04/10 17:02:04 | 000,302,592 | ---- | M] () -- C:\Users\Steve\Desktop\zykncpn9.exe
    [2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\TDSSKiller.exe
    [2012/04/10 16:37:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/06 15:35:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/04/06 15:35:19 | 000,001,854 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/04/06 15:31:36 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/21 15:50:06 | 000,077,312 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Steve\*.tmp files -> C:\Users\Steve\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/13 14:36:57 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/04/12 01:49:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/12 01:49:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/12 01:49:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/12 01:49:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/12 01:49:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/11 16:33:37 | 002,052,353 | ---- | C] () -- C:\Users\Steve\Desktop\tdsskiller.zip
    [2012/04/10 21:39:31 | 000,000,512 | ---- | C] () -- C:\Users\Steve\Desktop\MBR.dat
    [2012/04/10 17:53:32 | 000,044,607 | ---- | C] () -- C:\Users\Steve\Desktop\bootkit_remover.zip
    [2012/04/10 17:02:03 | 000,302,592 | ---- | C] () -- C:\Users\Steve\Desktop\zykncpn9.exe
    [2012/04/06 15:35:19 | 000,001,854 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/04/06 15:31:36 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/01 13:02:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2010/11/02 14:08:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/11/02 14:07:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

    ========== LOP Check ==========

    [2012/04/13 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG2012
    [2012/04/09 15:48:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
    [2009/05/04 15:34:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2011/08/19 12:52:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\COWON
    [2008/01/13 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EPSON
    [2011/08/02 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FileZilla
    [2008/12/15 12:25:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FUJIFILM
    [2011/01/05 15:45:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
    [2009/07/08 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SuperNZB
    [2007/11/14 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TextPad
    [2009/01/29 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Transterpreter
    [2012/04/13 19:08:34 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
    [2006/11/13 10:26:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2008/03/19 17:06:55 | 001,854,552 | ---- | M] () -- C:\CheetahsHunting.mpg
    [2012/04/13 09:49:15 | 000,029,065 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/03/19 16:50:04 | 001,275,876 | ---- | M] () -- C:\Elephants.mpg
    [2012/04/14 03:06:11 | 3488,075,776 | -HS- | M] () -- C:\hiberfil.sys
    [2008/02/06 12:10:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/03/19 17:02:52 | 001,557,080 | ---- | M] () -- C:\LionFamily.mpg
    [2008/03/19 16:55:03 | 001,096,792 | ---- | M] () -- C:\Lions.mpg
    [2008/12/08 19:54:53 | 000,953,766 | ---- | M] () -- C:\lmp3.txt
    [2008/12/07 21:17:46 | 000,953,766 | ---- | M] () -- C:\mp3.txt
    [2008/02/06 12:10:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/04/14 03:06:09 | 3215,982,592 | -HS- | M] () -- C:\pagefile.sys
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/11/02 14:24:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2003/01/07 18:04:10 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPPRN05.DLL
    [2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/07/28 14:28:59 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/27 11:34:15 | 000,000,286 | -HS- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/10 17:53:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Steve\Desktop\boot_cleaner.exe
    [2012/04/12 01:40:03 | 004,458,963 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
    [2012/04/10 16:37:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/14 03:14:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\TDSSKiller.exe
    [2012/04/10 17:02:04 | 000,302,592 | ---- | M] () -- C:\Users\Steve\Desktop\zykncpn9.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/14 03:18:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/14 03:06:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/13 19:08:34 | 000,032,622 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/11/02 14:37:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2010/11/02 14:37:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2008/07/28 14:28:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2008/07/28 14:28:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2010/11/02 14:37:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/11/14 17:02:28 | 000,000,402 | -HS- | M] () -- C:\Users\Steve\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/03 18:46:35 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2009/08/15 15:57:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/08/25 09:17:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/12/15 02:06:42 | 000,000,188 | ---- | M] () -- C:\ProgramData\REGSVR32.EXE-x.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
     
  25. steve1965

    steve1965 TS Rookie Topic Starter Posts: 37

    OTL LOgs - Extras.txt

    OTL Extras logfile created on: 14/04/2012 03:18:02 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Steve\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 67.82% Memory free
    6.18 Gb Paging File | 5.01 Gb Available in Paging File | 81.04% Paging File free
    Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 226.05 Gb Total Space | 52.72 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
    Drive L: | 465.76 Gb Total Space | 150.65 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
    Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.05% Space Free | Partition Type: NTFS

    Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{44FCB835-4E40-4388-9DDD-68E70A4907EF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{4B9D1182-727C-46DB-BACB-F58850AED3DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7DB459EA-1A32-4881-8051-36A9C6D15418}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9156884E-4A27-4D7F-8C29-1B052D6E8A62}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{C969CD1F-1C96-407F-B269-B83D2C1D25F2}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{CBE19F27-FA31-440A-8F08-BDFCB2AEF6AA}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
    "{DF410C08-7060-480F-AD25-E3F159956FDD}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0066817B-AF33-4964-A5D4-8A49B4D4C965}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{0ABF5538-0B6D-4E9E-8815-046F3DE7F4AD}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
    "{100F22D3-A582-413A-A371-48C7FD2C3B80}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
    "{1BC48C76-033A-4018-AD86-4227B1BEB2B6}" = protocol=6 | dir=in | app=c:\web\mysql\bin\mysql.exe |
    "{210AE8A7-1C39-4165-A9D7-7674D8AD66B8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{22DC88CD-2250-4F9B-A654-0F813E3F0AFF}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{22E70338-F9EC-443D-85A3-2CE14A5A0186}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{24259C63-B750-4F31-9B91-6DBAF25CD292}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{31F3B183-E9F8-43DE-A205-EC02D8B6BF52}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{35FFF8A8-CA3B-4802-ABE0-54852DDE5064}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{3796C62A-6C45-4F90-B0B3-99B1D9A38CA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{4B49B9CB-7D4B-4964-9BCD-AED326C7F775}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
    "{52A17E62-446D-4C11-9519-89D2F7903253}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{5A155C8A-9B3D-4824-A606-0A81F4835CD1}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{5D711023-8E05-4AF0-8FAA-018E393D9D73}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{6BCD54F2-4EA6-4C80-BF1F-80AA11201FD1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{6E5855E9-30AF-4004-8014-FBC2435E4919}" = protocol=6 | dir=in | app=c:\program files\jetaudio\jetaudio.exe |
    "{719C2897-0174-4DA8-A97F-42561C377ACF}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{7761F893-4619-46DF-BEBF-D9B78C8620ED}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{83989757-C082-4EBA-AC65-F726C202917D}" = protocol=17 | dir=in | app=c:\program files\jetaudio\jetaudio.exe |
    "{856155F4-1D31-41EE-90A5-417B0631798A}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{8C555053-8E11-4486-BC13-EAD9037C6A08}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{8CAAA170-92FC-4D39-B19C-512906103E71}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{8FA49978-951C-429A-87CC-B49CCE505F3D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{A61B249D-C6F0-48BE-B294-7BA33C4E90F7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{A6E2F725-9FDF-424E-8FD9-D20F0C8263C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B02E7F7B-A6C8-4C10-A9C2-8450757CC1A1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
    "{B90D94C5-3F5C-43A4-A413-CDA4B94D2383}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{C4CD9B3F-4993-4170-9F85-C20DA1EBEB87}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{C7B27089-A3FC-4C81-A90E-A62E6D21D2AC}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
    "{CECB1D04-45BF-4C45-81CB-E6E312F672AA}" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
    "{CF85A361-4544-4B34-88D8-B16C63BA2170}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{D0370C2C-BC88-4658-A068-19BD9FBBBDCE}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
    "{D8686F12-76D8-4C14-BE23-DEB47CE0B8BF}" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
    "{DAAD8BA4-1B42-4FF8-BD2B-38C6B92AAC79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E62F29FD-B5DE-4D94-82AD-5B8E77B79117}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{E6DCE60C-0A31-4C8F-8CCD-604AD49F50C0}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{EA36384F-B19A-4687-826E-D8CF329DFA9B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{F514DD4B-2A48-4FB3-9420-ACA0D7A9CD86}" = protocol=17 | dir=in | app=c:\web\mysql\bin\mysql.exe |
    "{F7016527-5D51-4A81-92B0-0E5535F0C478}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
    "TCP Query User{034E5D49-B5FD-4767-8595-A33B3E20F6FC}C:\program files\java\jdk1.6.0_03\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_03\jre\bin\javaw.exe |
    "TCP Query User{04194B35-C7E1-49B6-81B4-C9E65C83041B}C:\program files\java\jdk1.6.0_03\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\java.exe |
    "TCP Query User{19240B90-1ABD-4997-B955-391F14F7CB22}C:\program files\java\jdk1.6.0_03\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\java.exe |
    "TCP Query User{20392F1B-6C30-42A0-AE9F-7DD4209D4F9E}C:\eclipse galileo\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse galileo\eclipse\eclipse.exe |
    "TCP Query User{2986D83D-423F-454E-9CC7-AD5F5E422570}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "TCP Query User{3187B4AF-BF76-420D-89D4-38D97FC95D6C}C:\windows\system32\sysdll.exe" = protocol=6 | dir=in | app=c:\windows\system32\sysdll.exe |
    "TCP Query User{4742101C-05FC-4D5D-BF54-C5488A3A8EC5}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
    "TCP Query User{4E3098AC-62AB-41BC-BF26-2D25E7B051BD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{510391E7-7849-41B7-AE47-E924D3C43681}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{558A7229-9F9A-4006-9780-466F82505FA9}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "TCP Query User{6565B1B5-D7EB-4095-BBD0-D018E00C1119}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
    "TCP Query User{70DA9538-F2A6-4995-B426-4FA2A250ED05}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "TCP Query User{75692E9E-53D3-468A-A3E4-55B724C51C7B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{7924C3BE-793E-4DF4-9E15-8D0C4BB68FB3}C:\web\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\web\apache2\bin\apache.exe |
    "TCP Query User{9A40C276-195C-434F-B9D9-C76379201AE4}C:\windows\system32\sysdll.exe" = protocol=6 | dir=in | app=c:\windows\system32\sysdll.exe |
    "TCP Query User{9F07A124-AE49-404E-AB2E-594825324560}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "TCP Query User{B1F295C4-2062-4461-8C5F-63E020604365}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
    "TCP Query User{B384C4B0-FFF0-4F73-AA17-858A2370E222}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{BB3E9417-19CD-43D1-A187-D19DA295D1F2}J:\_steves downloads\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=j:\_steves downloads\eclipse\eclipse\eclipse.exe |
    "TCP Query User{C3AA0F46-4D8B-479D-935F-D2AE47DB30D9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{CD2380BC-CC00-447E-8380-50BD6FED93C5}D:\3rd year honours\wpwa\assignment 2\testfiles2\rmiregistry.exe" = protocol=6 | dir=in | app=d:\3rd year honours\wpwa\assignment 2\testfiles2\rmiregistry.exe |
    "TCP Query User{F341B505-5F3B-41B0-A663-392F2277F22F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
    "TCP Query User{F6EE59B5-FB6C-45FB-9797-304D2781E5C6}C:\program files\java\jdk1.6.0_03\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\rmiregistry.exe |
    "TCP Query User{FFC8BA0D-6F13-42AD-BC69-7B3ED2F5EE4E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{FFCC1DE6-9A5F-498C-B78F-3F38D9B1DC6B}D:\3rd year honours\wpwa\workspace\timeserver\timeserver\rmiregistry.exe" = protocol=6 | dir=in | app=d:\3rd year honours\wpwa\workspace\timeserver\timeserver\rmiregistry.exe |
    "UDP Query User{10DE46A3-8B04-47E8-A1B0-284B552F55AF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{115BD9C7-F560-447D-A565-BDDEC04CA568}C:\program files\java\jdk1.6.0_03\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\rmiregistry.exe |
    "UDP Query User{239ED1B0-8264-4926-A172-1D3F3144E8D6}C:\program files\java\jdk1.6.0_03\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\java.exe |
    "UDP Query User{25401FB1-3FCF-458A-9404-5E54E4EF9ECC}J:\_steves downloads\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=j:\_steves downloads\eclipse\eclipse\eclipse.exe |
    "UDP Query User{3A46D69F-32DF-4589-984D-7A8422E8FCFF}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "UDP Query User{44475C66-BE67-4D12-A6B1-6A011FA720B7}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
    "UDP Query User{4FC21E88-547B-4894-91BC-DA36F0BE01C8}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
    "UDP Query User{572E8673-FD88-43A3-B639-E68F918CE8B5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{58BE2B9B-CDD3-40C7-8E03-061D5F5D99BB}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{5D09A09B-172F-47BD-A187-9E01E6EDEC0E}C:\program files\java\jdk1.6.0_03\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_03\jre\bin\javaw.exe |
    "UDP Query User{6D0A51D0-C9EF-4370-B994-E6745B9D715C}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "UDP Query User{7B2F8D10-91D2-4EC1-B94D-7EC6C228269A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{8442550D-FF63-4ADD-AD2B-4D61CAD58EDC}C:\program files\java\jdk1.6.0_03\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_03\bin\java.exe |
    "UDP Query User{88CC2D15-12C0-4F93-B771-AD13A99135C7}C:\windows\system32\sysdll.exe" = protocol=17 | dir=in | app=c:\windows\system32\sysdll.exe |
    "UDP Query User{916C86F7-146B-4334-9DFF-212A32AEB715}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "UDP Query User{A1C07DA2-239C-4CBD-AC9F-2E7FA20BD521}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
    "UDP Query User{AF8523F0-96DB-4CF8-8D58-14001876D871}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{B09C8570-964E-48EE-BF44-98AADC5F99FB}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "UDP Query User{B96370E3-ADDE-4323-B45B-4147C264441A}D:\3rd year honours\wpwa\workspace\timeserver\timeserver\rmiregistry.exe" = protocol=17 | dir=in | app=d:\3rd year honours\wpwa\workspace\timeserver\timeserver\rmiregistry.exe |
    "UDP Query User{CF58AE88-B027-451D-A268-6AD8670D7BBA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
    "UDP Query User{DB386266-5BB3-4F3A-876A-5F47D2EE724D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{DB5C9004-8577-49DC-AAB6-88AE79033102}C:\eclipse galileo\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse galileo\eclipse\eclipse.exe |
    "UDP Query User{E520AE70-3DDE-42FF-97FF-24F53C2593CB}D:\3rd year honours\wpwa\assignment 2\testfiles2\rmiregistry.exe" = protocol=17 | dir=in | app=d:\3rd year honours\wpwa\assignment 2\testfiles2\rmiregistry.exe |
    "UDP Query User{EA59334D-7D12-4EE8-9783-3EBE5CC73F65}C:\windows\system32\sysdll.exe" = protocol=17 | dir=in | app=c:\windows\system32\sysdll.exe |
    "UDP Query User{FA0FBCDF-EDA5-4A2E-B688-C344C983EABB}C:\web\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\web\apache2\bin\apache.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2CD1B720-DB0F-409A-B751-C0F9CD9346F0}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{32A3A4F4-B792-11D6-A78A-00B0D0150090}" = J2SE Development Kit 5.0 Update 9
    "{32A3A4F4-B792-11D6-A78A-00B0D0160030}" = Java(TM) SE Development Kit 6 Update 3
    "{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java(TM) SE Development Kit 6 Update 27
    "{32A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.2
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A862C7D-0504-48BC-AEF8-7F7479C7C158}" = Apache HTTP Server 2.0.63
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}" = MySQL Server 5.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4A7A3985-3D9B-4420-AC85-F9FF8DB2170C}" = Microsoft SQL Server Management Studio Express
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
    "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{96472D82-0239-11E0-9776-199EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x86)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
    "{AFD84924-B7F1-4046-8AFB-DF1522A51F90}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
    "{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}" = MySQL Server 5.0
    "{DC50950F-9308-49FE-8B50-859EBB08B6F6}" = jetVideo Basic VX
    "{DD30C2FD-F485-46A8-8153-88EC2650BC79}" = Sky Anytime
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB0391C7-BB09-4403-BA3B-A232F9A4B109}" = AVG 2012
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "AnyDVD" = AnyDVD
    "AVG" = AVG 2012
    "Avidemux 2.4" = Avidemux 2.4
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BT Broadband Desktop Help" = BT Broadband Desktop Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DVDx_is1" = DVDx
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
    "Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
    "Java MP3 PlugIn" = Java MP3 PlugIn
    "Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
    "POV-Ray for Windows v3.1" = POV-Ray for Windows v3.1
    "POV-Ray for Windows v3.5" = POV-Ray for Windows v3.5
    "QuicktimePluginDeinstallKey" = Quicktime Browser Plug-In
    "RealPlayer 6.0" = RealPlayer
    "ST4UNST #1" = Duke Xtreme Command Center
    "SuperNZB_is1" = SuperNZB v3.2.1
    "VLC media player" = VLC media player 1.0.0
    "Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "WinRAR archiver" = WinRAR archiver
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "Xvid_is1" = Xvid 1.1.3 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2378876490-2437158032-804179293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Tile-based game" = Tile-based game

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/03/2012 08:55:45 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1320 Start Time: 01ccfebd02924774 Termination Time: 15

    Error - 12/03/2012 11:26:35 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program WinMail.exe version 6.0.6001.18000 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 364 Start Time: 01cd00634db018d0 Termination Time: 0

    Error - 16/03/2012 08:58:21 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1be0 Start Time: 01cd037450bd69d0 Termination Time: 18

    Error - 17/03/2012 10:31:07 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 23ec Start Time: 01cd044a55ab977b Termination Time: 54

    Error - 21/03/2012 10:51:12 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
    Description = Faulting application RunDLL32.exe, version 6.0.6000.16386, time stamp
    0x4549b0e1, faulting module ad2mpgdmux.dll, version 7.5.0.32179, time stamp 0x4860c32b,
    exception code 0xc0000005, fault offset 0x00010864, process id 0x14d0, application
    start time 0x01cd07720b211674.

    Error - 21/03/2012 10:51:41 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
    Description = Faulting application RunDLL32.exe, version 6.0.6000.16386, time stamp
    0x4549b0e1, faulting module ad2mpgdmux.dll, version 7.5.0.32179, time stamp 0x4860c32b,
    exception code 0xc0000005, fault offset 0x00010864, process id 0x35c, application
    start time 0x01cd07721f88a104.

    Error - 21/03/2012 10:52:24 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module ad2mpgdmux.dll, version 7.5.0.32179, time stamp 0x4860c32b,
    exception code 0xc0000005, fault offset 0x00010864, process id 0x1370, application
    start time 0x01cd076a30560e84.

    Error - 21/03/2012 14:47:11 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program JetAudio.exe version 8.0.16.2000 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1860 Start Time: 01cd076c6721d964 Termination Time: 42

    Error - 08/04/2012 08:45:54 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1fe8 Start Time: 01cd15856502de85 Termination Time: 1404

    Error - 12/04/2012 05:12:08 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.exe version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: fc4 Start Time: 01cd18890ac11a48 Termination Time: 47

    [ Media Center Events ]
    Error - 18/04/2008 06:16:30 | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 24/05/2008 08:37:37 | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    [ System Events ]
    Error - 13/04/2012 09:00:21 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 09:00:21 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 09:00:21 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 22:05:49 | Computer Name = Steve-PC | Source = volmgr | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 13/04/2012 22:06:09 | Computer Name = Steve-PC | Source = volmgr | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 13/04/2012 22:07:45 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 22:07:45 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 22:07:45 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 22:07:45 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 13/04/2012 22:07:45 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7023
    Description =


    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.