Trojan horse Crypt.AQLW, Internet pops up, computer crashing

ComboFix 12-02-24.02 - Mark 26/02/2012 4:31.2.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2936 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark\AppData\Roaming\Aktuot
c:\users\Mark\AppData\Roaming\Mywara
c:\users\Mark\AppData\Roaming\Mywara\teif.exa
c:\users\Mark\AppData\Roaming\Usukmo
c:\users\Mark\AppData\Roaming\Xete
c:\windows\system32\dds_trash_log.cmd
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - The cat found it
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-02-26 04:39 . 2012-02-26 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 03:14 . 2009-04-10 21:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-02-26 02:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 04:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
"rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-26 04:41:09
ComboFix-quarantined-files.txt 2012-02-26 04:41
ComboFix2.txt 2012-02-26 03:26
.
Pre-Run: 38,619,123,712 bytes free
Post-Run: 38,584,827,904 bytes free
.
- - End Of File - - 9E9BF5642B695815AE4B10B54C3798E2

Apologies for the delay. Logs below:

13:13:10.0311 1208 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
13:13:10.0443 1208 ============================================================
13:13:10.0443 1208 Current date / time: 2012/02/26 13:13:10.0443
13:13:10.0443 1208 SystemInfo:
13:13:10.0443 1208
13:13:10.0444 1208 OS Version: 6.0.6002 ServicePack: 2.0
13:13:10.0444 1208 Product type: Workstation
13:13:10.0444 1208 ComputerName: MARK-PC
13:13:10.0444 1208 UserName: Mark
13:13:10.0444 1208 Windows directory: C:\Windows
13:13:10.0444 1208 System windows directory: C:\Windows
13:13:10.0444 1208 Processor architecture: Intel x86
13:13:10.0444 1208 Number of processors: 4
13:13:10.0444 1208 Page size: 0x1000
13:13:10.0444 1208 Boot type: Safe boot with network
13:13:10.0444 1208 ============================================================
13:13:11.0484 1208 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:13:11.0500 1208 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:13:11.0501 1208 \Device\Harddisk0\DR0:
13:13:11.0501 1208 MBR used
13:13:11.0501 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
13:13:11.0501 1208 \Device\Harddisk1\DR1:
13:13:11.0501 1208 MBR used
13:13:11.0501 1208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
13:13:11.0537 1208 Initialize success
13:13:11.0537 1208 ============================================================
13:13:12.0969 1452 ============================================================
13:13:12.0969 1452 Scan started
13:13:12.0969 1452 Mode: Manual;
13:13:12.0969 1452 ============================================================
13:13:13.0951 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:13:13.0953 1452 ACPI - ok
13:13:14.0028 1452 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
13:13:14.0030 1452 ADIHdAudAddService - ok
13:13:14.0093 1452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:13:14.0095 1452 adp94xx - ok
13:13:14.0119 1452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:13:14.0121 1452 adpahci - ok
13:13:14.0138 1452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:13:14.0139 1452 adpu160m - ok
13:13:14.0164 1452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:13:14.0165 1452 adpu320 - ok
13:13:14.0244 1452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:13:14.0246 1452 AFD - ok
13:13:14.0283 1452 AFGMp50 - ok
13:13:14.0366 1452 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
13:13:14.0367 1452 AFGSp50 - ok
13:13:14.0419 1452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:13:14.0420 1452 agp440 - ok
13:13:14.0453 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:13:14.0453 1452 aic78xx - ok
13:13:14.0492 1452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:13:14.0492 1452 aliide - ok
13:13:14.0537 1452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:13:14.0538 1452 amdagp - ok
13:13:14.0553 1452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:13:14.0554 1452 amdide - ok
13:13:14.0576 1452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:13:14.0577 1452 AmdK7 - ok
13:13:14.0627 1452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:13:14.0628 1452 AmdK8 - ok
13:13:14.0676 1452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:13:14.0677 1452 arc - ok
13:13:14.0725 1452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:13:14.0725 1452 arcsas - ok
13:13:14.0760 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:14.0761 1452 AsyncMac - ok
13:13:14.0794 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:13:14.0794 1452 atapi - ok
13:13:14.0862 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:13:14.0863 1452 Beep - ok
13:13:14.0899 1452 blbdrive - ok
13:13:14.0940 1452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:13:14.0941 1452 bowser - ok
13:13:14.0982 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:13:14.0982 1452 BrFiltLo - ok
13:13:15.0007 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:13:15.0007 1452 BrFiltUp - ok
13:13:15.0038 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:13:15.0038 1452 Brserid - ok
13:13:15.0061 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:13:15.0062 1452 BrSerWdm - ok
13:13:15.0084 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:13:15.0085 1452 BrUsbMdm - ok
13:13:15.0101 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:13:15.0101 1452 BrUsbSer - ok
13:13:15.0122 1452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:13:15.0122 1452 BTHMODEM - ok
13:13:15.0206 1452 catchme - ok
13:13:15.0259 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:13:15.0260 1452 cdfs - ok
13:13:15.0307 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:13:15.0308 1452 cdrom - ok
13:13:15.0350 1452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:13:15.0351 1452 circlass - ok
13:13:15.0397 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:13:15.0399 1452 CLFS - ok
13:13:15.0424 1452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:13:15.0424 1452 cmdide - ok
13:13:15.0446 1452 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:13:15.0446 1452 Compbatt - ok
13:13:15.0470 1452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:13:15.0470 1452 crcdisk - ok
13:13:15.0502 1452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:13:15.0502 1452 Crusoe - ok
13:13:15.0585 1452 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
13:13:15.0586 1452 DfsC - ok
13:13:15.0667 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:13:15.0667 1452 disk - ok
13:13:15.0760 1452 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:13:15.0761 1452 Dot4 - ok
13:13:15.0824 1452 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:13:15.0824 1452 Dot4Print - ok
13:13:15.0858 1452 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:13:15.0859 1452 dot4usb - ok
13:13:15.0907 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:13:15.0907 1452 drmkaud - ok
13:13:15.0961 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:13:15.0965 1452 DXGKrnl - ok
13:13:16.0002 1452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:13:16.0002 1452 E1G60 - ok
13:13:16.0062 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:13:16.0063 1452 Ecache - ok
13:13:16.0116 1452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:13:16.0118 1452 elxstor - ok
13:13:16.0178 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:13:16.0179 1452 exfat - ok
13:13:16.0226 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:13:16.0227 1452 fastfat - ok
13:13:16.0266 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:13:16.0266 1452 fdc - ok
13:13:16.0326 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:13:16.0327 1452 FileInfo - ok
13:13:16.0380 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:13:16.0381 1452 Filetrace - ok
13:13:16.0407 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:16.0407 1452 flpydisk - ok
13:13:16.0464 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:13:16.0465 1452 FltMgr - ok
13:13:16.0510 1452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:13:16.0510 1452 Fs_Rec - ok
13:13:16.0558 1452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:13:16.0558 1452 gagp30kx - ok
13:13:16.0660 1452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:13:16.0661 1452 HdAudAddService - ok
13:13:16.0707 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:13:16.0710 1452 HDAudBus - ok
13:13:16.0733 1452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:13:16.0733 1452 HidBth - ok
13:13:16.0753 1452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:13:16.0754 1452 HidIr - ok
13:13:16.0816 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:13:16.0816 1452 HidUsb - ok
13:13:16.0847 1452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:13:16.0847 1452 HpCISSs - ok
13:13:16.0926 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:13:16.0928 1452 HTTP - ok
13:13:16.0983 1452 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:13:16.0983 1452 hwdatacard - ok
13:13:16.0997 1452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:13:16.0997 1452 i2omp - ok
13:13:17.0055 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:13:17.0055 1452 i8042prt - ok
13:13:17.0087 1452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:13:17.0089 1452 iaStorV - ok
13:13:17.0112 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:13:17.0112 1452 iirsp - ok
13:13:17.0139 1452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:13:17.0139 1452 intelide - ok
13:13:17.0184 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:13:17.0185 1452 intelppm - ok
13:13:17.0242 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:17.0242 1452 IpFilterDriver - ok
13:13:17.0257 1452 IpInIp - ok
13:13:17.0296 1452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:13:17.0296 1452 IPMIDRV - ok
13:13:17.0337 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:13:17.0338 1452 IPNAT - ok
13:13:17.0373 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:13:17.0373 1452 IRENUM - ok
13:13:17.0398 1452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:13:17.0398 1452 isapnp - ok
13:13:17.0444 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:13:17.0446 1452 iScsiPrt - ok
13:13:17.0470 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:13:17.0470 1452 iteatapi - ok
13:13:17.0511 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:13:17.0511 1452 iteraid - ok
13:13:17.0590 1452 jbridgep - ok
13:13:17.0624 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:17.0624 1452 kbdclass - ok
13:13:17.0652 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:13:17.0653 1452 kbdhid - ok
13:13:17.0730 1452 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:13:17.0733 1452 KSecDD - ok
13:13:17.0779 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:13:17.0779 1452 lltdio - ok
13:13:17.0819 1452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:13:17.0820 1452 LSI_FC - ok
13:13:17.0846 1452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:13:17.0847 1452 LSI_SAS - ok
13:13:17.0874 1452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:13:17.0874 1452 LSI_SCSI - ok
13:13:17.0915 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:13:17.0916 1452 luafv - ok
13:13:17.0949 1452 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
13:13:17.0950 1452 massfilter - ok
13:13:17.0993 1452 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:13:17.0993 1452 MBAMProtector - ok
13:13:18.0059 1452 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
13:13:18.0060 1452 mbmiodrvr - ok
13:13:18.0120 1452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:13:18.0120 1452 megasas - ok
13:13:18.0151 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:13:18.0151 1452 Modem - ok
13:13:18.0202 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:13:18.0203 1452 monitor - ok
13:13:18.0233 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:13:18.0233 1452 mouclass - ok
13:13:18.0266 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:13:18.0267 1452 mouhid - ok
13:13:18.0290 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:13:18.0291 1452 MountMgr - ok
13:13:18.0338 1452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:13:18.0339 1452 mpio - ok
13:13:18.0372 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:13:18.0373 1452 mpsdrv - ok
13:13:18.0403 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:13:18.0403 1452 Mraid35x - ok
13:13:18.0456 1452 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
13:13:18.0457 1452 MRV6X32P - ok
13:13:18.0505 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:13:18.0506 1452 MRxDAV - ok
13:13:18.0545 1452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:18.0546 1452 mrxsmb - ok
13:13:18.0596 1452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:18.0597 1452 mrxsmb10 - ok
13:13:18.0618 1452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:18.0618 1452 mrxsmb20 - ok
13:13:18.0648 1452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:13:18.0648 1452 msahci - ok
13:13:18.0673 1452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:13:18.0674 1452 msdsm - ok
13:13:18.0723 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:13:18.0723 1452 Msfs - ok
13:13:18.0772 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:13:18.0773 1452 msisadrv - ok
13:13:18.0813 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:13:18.0814 1452 MSKSSRV - ok
13:13:18.0858 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:18.0858 1452 MSPCLOCK - ok
13:13:18.0892 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:13:18.0892 1452 MSPQM - ok
13:13:18.0920 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:13:18.0921 1452 MsRPC - ok
13:13:18.0961 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:13:18.0962 1452 mssmbios - ok
13:13:19.0003 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:13:19.0003 1452 MSTEE - ok
13:13:19.0034 1452 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
13:13:19.0035 1452 MTsensor - ok
13:13:19.0053 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:13:19.0053 1452 Mup - ok
13:13:19.0101 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:13:19.0102 1452 NativeWifiP - ok
13:13:19.0136 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:13:19.0139 1452 NDIS - ok
13:13:19.0183 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:19.0183 1452 NdisTapi - ok
13:13:19.0229 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:19.0230 1452 Ndisuio - ok
13:13:19.0261 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:19.0262 1452 NdisWan - ok
13:13:19.0302 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:13:19.0303 1452 NDProxy - ok
13:13:19.0388 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:13:19.0388 1452 NetBIOS - ok
13:13:19.0461 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
13:13:19.0462 1452 netbt - ok
13:13:19.0511 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:13:19.0511 1452 nfrd960 - ok
13:13:19.0555 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:13:19.0556 1452 Npfs - ok
13:13:19.0595 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:13:19.0595 1452 nsiproxy - ok
13:13:19.0659 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:13:19.0665 1452 Ntfs - ok
13:13:19.0690 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:13:19.0690 1452 ntrigdigi - ok
13:13:19.0758 1452 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
13:13:19.0758 1452 NuidFltr - ok
13:13:19.0796 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:13:19.0796 1452 Null - ok
13:13:19.0870 1452 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:13:19.0875 1452 NVENETFD - ok
13:13:20.0148 1452 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:13:20.0204 1452 nvlddmkm - ok
13:13:20.0240 1452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:13:20.0240 1452 nvraid - ok
13:13:20.0284 1452 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
13:13:20.0285 1452 nvstor - ok
13:13:20.0326 1452 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
13:13:20.0327 1452 nvstor32 - ok
13:13:20.0389 1452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:13:20.0390 1452 nv_agp - ok
13:13:20.0403 1452 NwlnkFlt - ok
13:13:20.0416 1452 NwlnkFwd - ok
13:13:20.0471 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:13:20.0472 1452 ohci1394 - ok
13:13:20.0501 1452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:13:20.0502 1452 Parport - ok
13:13:20.0544 1452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:13:20.0544 1452 partmgr - ok
13:13:20.0571 1452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:13:20.0571 1452 Parvdm - ok
13:13:20.0602 1452 PCASp50 - ok
13:13:20.0648 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:13:20.0649 1452 pci - ok
13:13:20.0709 1452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:13:20.0710 1452 pciide - ok
13:13:20.0744 1452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:13:20.0745 1452 pcmcia - ok
13:13:20.0804 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:13:20.0809 1452 PEAUTH - ok
13:13:20.0891 1452 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
13:13:20.0891 1452 Point32 - ok
13:13:20.0931 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:13:20.0931 1452 PptpMiniport - ok
13:13:20.0957 1452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:13:20.0957 1452 Processor - ok
13:13:21.0022 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:13:21.0022 1452 PSched - ok
13:13:21.0089 1452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:13:21.0094 1452 ql2300 - ok
13:13:21.0123 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:13:21.0124 1452 ql40xx - ok
13:13:21.0165 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:13:21.0165 1452 QWAVEdrv - ok
13:13:21.0216 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:13:21.0217 1452 RasAcd - ok
13:13:21.0253 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:21.0254 1452 Rasl2tp - ok
13:13:21.0302 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:21.0302 1452 RasPppoe - ok
13:13:21.0327 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:13:21.0327 1452 RasSstp - ok
13:13:21.0378 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:13:21.0380 1452 rdbss - ok
13:13:21.0430 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:21.0431 1452 RDPCDD - ok
13:13:21.0479 1452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:13:21.0480 1452 rdpdr - ok
13:13:21.0493 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:13:21.0494 1452 RDPENCDD - ok
13:13:21.0531 1452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:13:21.0532 1452 RDPWD - ok
13:13:21.0576 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:13:21.0576 1452 rspndr - ok
13:13:21.0599 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:13:21.0600 1452 sbp2port - ok
13:13:21.0654 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:13:21.0654 1452 secdrv - ok
13:13:21.0686 1452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:13:21.0687 1452 Serenum - ok
13:13:21.0713 1452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:13:21.0714 1452 Serial - ok
13:13:21.0755 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:13:21.0756 1452 sermouse - ok
13:13:21.0783 1452 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:13:21.0784 1452 sffdisk - ok
13:13:21.0812 1452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:13:21.0813 1452 sffp_mmc - ok
13:13:21.0835 1452 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:13:21.0835 1452 sffp_sd - ok
13:13:21.0860 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:13:21.0861 1452 sfloppy - ok
13:13:21.0895 1452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:13:21.0896 1452 sisagp - ok
13:13:21.0930 1452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:13:21.0931 1452 SiSRaid2 - ok
13:13:21.0956 1452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:13:21.0957 1452 SiSRaid4 - ok
13:13:22.0001 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:13:22.0002 1452 Smb - ok
13:13:22.0049 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:13:22.0049 1452 spldr - ok
13:13:22.0100 1452 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
13:13:22.0100 1452 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
13:13:22.0121 1452 sptd ( LockedFile.Multi.Generic ) - warning
13:13:22.0121 1452 sptd - detected LockedFile.Multi.Generic (1)
13:13:22.0162 1452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:13:22.0164 1452 srv - ok
13:13:22.0208 1452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:13:22.0209 1452 srv2 - ok
13:13:22.0249 1452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:13:22.0250 1452 srvnet - ok
13:13:22.0329 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:13:22.0329 1452 swenum - ok
13:13:22.0378 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:13:22.0378 1452 Symc8xx - ok
13:13:22.0404 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:13:22.0405 1452 Sym_hi - ok
13:13:22.0429 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:13:22.0430 1452 Sym_u3 - ok
13:13:22.0487 1452 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:13:22.0491 1452 Tcpip - ok
13:13:22.0528 1452 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:13:22.0534 1452 Tcpip6 - ok
13:13:22.0576 1452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:13:22.0576 1452 tcpipreg - ok
13:13:22.0612 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:13:22.0613 1452 TDPIPE - ok
13:13:22.0637 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:13:22.0638 1452 TDTCP - ok
13:13:22.0676 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:13:22.0676 1452 tdx - ok
13:13:22.0719 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:13:22.0720 1452 TermDD - ok
13:13:22.0753 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:22.0753 1452 tssecsrv - ok
13:13:22.0818 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:13:22.0819 1452 tunmp - ok
13:13:22.0855 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:13:22.0856 1452 tunnel - ok
13:13:22.0899 1452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:13:22.0900 1452 uagp35 - ok
13:13:22.0942 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:13:22.0943 1452 udfs - ok
13:13:22.0979 1452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:13:22.0980 1452 uliagpkx - ok
13:13:23.0007 1452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:13:23.0008 1452 uliahci - ok
13:13:23.0028 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:13:23.0028 1452 UlSata - ok
13:13:23.0049 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:13:23.0050 1452 ulsata2 - ok
13:13:23.0089 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:13:23.0089 1452 umbus - ok
13:13:23.0155 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:23.0156 1452 usbccgp - ok
13:13:23.0190 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:13:23.0191 1452 usbcir - ok
13:13:23.0222 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:13:23.0223 1452 usbehci - ok
13:13:23.0266 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:13:23.0267 1452 usbhub - ok
13:13:23.0297 1452 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:13:23.0298 1452 usbohci - ok
13:13:23.0318 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:13:23.0319 1452 usbprint - ok
13:13:23.0374 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:13:23.0375 1452 usbscan - ok
13:13:23.0399 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:23.0399 1452 USBSTOR - ok
13:13:23.0424 1452 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:23.0424 1452 usbuhci - ok
13:13:23.0455 1452 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
13:13:23.0456 1452 USB_RNDIS - ok
13:13:23.0499 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:23.0499 1452 vga - ok
13:13:23.0539 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:13:23.0540 1452 VgaSave - ok
13:13:23.0568 1452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:13:23.0568 1452 viaagp - ok
13:13:23.0590 1452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:13:23.0591 1452 ViaC7 - ok
13:13:23.0616 1452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:13:23.0616 1452 viaide - ok
13:13:23.0655 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:13:23.0656 1452 volmgr - ok
13:13:23.0705 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:13:23.0707 1452 volmgrx - ok
13:13:23.0748 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:13:23.0749 1452 volsnap - ok
13:13:23.0784 1452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:13:23.0785 1452 vsmraid - ok
13:13:23.0819 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:13:23.0820 1452 WacomPen - ok
13:13:23.0853 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:23.0854 1452 Wanarp - ok
13:13:23.0876 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:23.0876 1452 Wanarpv6 - ok
13:13:23.0906 1452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:13:23.0907 1452 Wd - ok
13:13:23.0952 1452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:13:23.0954 1452 Wdf01000 - ok
13:13:24.0045 1452 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:13:24.0046 1452 WmiAcpi - ok
13:13:24.0085 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:13:24.0086 1452 WpdUsb - ok
13:13:24.0122 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:13:24.0123 1452 ws2ifsl - ok
13:13:24.0167 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:24.0168 1452 WUDFRd - ok
13:13:24.0240 1452 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:13:24.0241 1452 ZTEusbmdm6k - ok
13:13:24.0308 1452 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:13:24.0309 1452 ZTEusbnmea - ok
13:13:24.0363 1452 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:13:24.0364 1452 ZTEusbser6k - ok
13:13:24.0410 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:13:24.0456 1452 \Device\Harddisk0\DR0 - ok
13:13:24.0467 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:13:24.0509 1452 \Device\Harddisk1\DR1 - ok
13:13:24.0511 1452 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
13:13:24.0512 1452 \Device\Harddisk0\DR0\Partition0 - ok
13:13:24.0514 1452 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
13:13:24.0515 1452 \Device\Harddisk1\DR1\Partition0 - ok
13:13:24.0515 1452 ============================================================
13:13:24.0515 1452 Scan finished
13:13:24.0515 1452 ============================================================
13:13:24.0522 0280 Detected object count: 1
13:13:24.0523 0280 Actual detected object count: 1
13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:13:31.0238 0280 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 13:01:10
-----------------------------
13:01:10.561 OS Version: Windows 6.0.6002 Service Pack 2
13:01:10.561 Number of processors: 4 586 0xF0B
13:01:10.562 ComputerName: MARK-PC UserName: Mark
13:01:11.149 Initialize success
13:05:05.446 AVAST engine defs: 12022602
13:08:29.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
13:08:29.171 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
13:08:29.173 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
13:08:29.176 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
13:08:29.207 Disk 0 MBR read successfully
13:08:29.211 Disk 0 MBR scan
13:08:29.216 Disk 0 Windows VISTA default MBR code
13:08:29.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
13:08:29.227 Disk 0 scanning sectors +312578048
13:08:29.302 Disk 0 scanning C:\Windows\system32\drivers
13:08:37.702 Service scanning
13:08:50.092 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:08:55.321 Modules scanning
13:08:59.436 Disk 0 trace - called modules:
13:08:59.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
13:08:59.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a2c0]
13:08:59.473 3 CLASSPNP.SYS[8b5aa8b3] -> nt!IofCallDriver -> [0x85c3a598]
13:08:59.480 5 acpi.sys[807bc6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c7b8a0]
13:08:59.487 \Driver\atapi[0x85c3e6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
13:09:00.459 AVAST engine scan C:\Windows
13:09:02.935 AVAST engine scan C:\Windows\system32
13:11:24.873 AVAST engine scan C:\Windows\system32\drivers
13:11:34.875 AVAST engine scan C:\Users\Mark
13:13:02.760 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
13:13:02.766 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

The machine has booted normally

Alas, I just started firefox to post these logs and got a redirect to an ad site. The machine also appears to be using the hard disk a lot.

OTL logs to follow:

OTL logfile created on: 26/02/2012 22:20:37 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.32% Memory free
6.69 Gb Paging File | 5.22 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.89 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/10 03:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/10 03:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/05/26 15:14:58 | 000,011,776 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
SRV - File not found [Auto | Stopped] -- -- (vmparport)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (pserve)
SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- -- (datasvr2)
SRV - File not found [Auto | Stopped] -- -- (clsched)
SRV - File not found [Auto | Stopped] -- -- (amdk77)
SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\YahooAUService.dll -- (knobserv)
SRV - [2008/01/19 07:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\agpcpq.dll -- (delldmi)
SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

[2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
[2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/26 04:39:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000..\Run: [Steam] F:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: pserve - File not found
NetSvcs: vmparport - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: delldmi - C:\Windows\System32\agpcpq.dll (Oak Technology Inc.)
NetSvcs: knobserv - C:\Windows\System32\YahooAUService.dll (Oak Technology Inc.)
NetSvcs: tvtpktfilter - File not found
NetSvcs: datasvr2 - File not found
NetSvcs: amdk77 - File not found
NetSvcs: clsched - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 22:19:55 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 13:16:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/26 04:41:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/26 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2012/02/26 04:25:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/26 02:54:04 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/26 01:21:54 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
[2012/02/25 02:46:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 02:46:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/25 02:46:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 22:14:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 22:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 19:25:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 19:22:49 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 19:22:49 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 13:38:55 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 13:30:05 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 13:30:05 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 13:22:46 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 13:22:45 | 264,002,753 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/26 13:16:54 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 13:13:02 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/26 06:06:39 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/02/26 04:39:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/26 02:54:02 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/26 01:21:21 | 002,044,183 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/26 01:13:06 | 001,251,328 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 22:59:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 13:38:55 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/26 13:16:43 | 3488,145,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/26 13:13:02 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/26 01:21:21 | 002,044,183 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/26 01:13:03 | 001,251,328 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/25 02:46:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 02:46:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 02:46:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 02:46:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 02:46:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/24 22:59:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/02/12 11:06:51 | 264,002,753 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
[2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
[2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
[2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
[2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
[2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
[2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
[2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
[2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
[2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
[2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
[2012/02/25 03:07:20 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/26 04:41:09 | 000,011,640 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/26 13:22:46 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/26 13:22:45 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
[2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
[2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
[2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
[2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/26 02:54:02 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/26 22:19:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 01:13:06 | 001,251,328 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
[2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
[2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
[2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
[2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
[2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
[2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB32240$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 26/02/2012 22:20:37 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 64.32% Memory free
6.69 Gb Paging File | 5.22 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.89 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BC18B4-9BE5-4B0D-95DD-1DEAE912F848}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0807447A-C6F9-4D9C-9A61-B98A1CA3E09B}" = rport=139 | protocol=6 | dir=out | app=system |
"{137F10D9-4B3B-4ADF-A346-EA94F65BD68F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{23183349-5833-4A85-834E-D962346C7493}" = rport=137 | protocol=17 | dir=out | app=system |
"{29499B4A-704D-4402-B557-C78063B3F679}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C1D4566-EB3C-47DC-99CB-A80943F9706C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8281CFCA-53E1-49BF-8AC9-BECDC9607934}" = rport=445 | protocol=6 | dir=out | app=system |
"{88A12A1E-0A66-4358-85F8-FED951A6AAA8}" = lport=445 | protocol=6 | dir=in | app=system |
"{9ADF40E0-EB3D-49B9-8727-B202626CA3D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AFB4577B-3DD2-47D9-9FC5-9770B44A8722}" = rport=138 | protocol=17 | dir=out | app=system |
"{B16D6474-516D-4173-9A40-CB7071AFB016}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B46A6B7C-FE04-4D16-B741-E1966001ED0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2FBBEF2-2B77-4D3A-A9E4-5D9A8CCC8706}" = lport=137 | protocol=17 | dir=in | app=system |
"{C397A331-D12D-4D18-936E-04F3554A134E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008F6C46-1FAA-4983-834A-FAB6AD5AA7B9}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{01778757-D9A8-4A5E-8821-876B574157ED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{01FC501C-9BE8-4B10-BA4A-B082EBEA1B01}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{0257176D-2AD9-403C-8CB4-725F135C4BAD}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{0431E83C-D632-48B7-BBA9-2EBF557BA160}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{05787772-D5CC-459B-B64B-A3E252510F79}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{0706E76C-C8AC-43FE-BCBE-6EB7F40658B9}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{096F44AC-7963-486E-A8B9-F52AD237EE9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09E14331-36E5-42FF-A329-2A43B35D2EAF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{0A0FBA71-F897-4472-A457-180837AF8A72}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0B9AAF7B-3D22-445A-86CF-98E57731CF5C}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{0BA1B331-C4F3-4783-8EF4-2A8849A6DFF9}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{0DC6EE34-0087-4DF3-BD39-D97A9BF12078}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{0E3C4439-41A0-401A-9EE5-07115A7214F6}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{133EBFD6-7463-4D34-A95D-14EC46F23BD3}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{13F078DD-C8EA-4041-89B5-E249408AD018}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\rage\rage.exe |
"{161E1148-63E7-4692-A15C-9503F593534F}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{1C6F9E3A-7A20-4B66-94A6-FA35E77F42ED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{1DECE29F-3359-4DC7-975C-2D9C30DB9752}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{1F04675F-11C5-443F-B330-3B1115968641}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{21B300C2-3368-4074-A373-5D5FC0DC14C5}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{21C65B61-D123-412F-994C-49D1A832CB7E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{21E4CE1D-A2B6-420F-ADBC-3349A1C02387}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{25B41BF3-06A0-437D-B8E2-0D2C0572627E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{28E4FC94-655F-404D-A6BE-6324F7AF3C04}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{2AC24120-080C-4CB6-A1D5-4718A5BB319E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{2B0E0B60-5D1B-49B3-90B5-F160C5219730}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{2CFF2B50-140F-4111-8D1A-1FA74F8D3BDC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{305706DA-9977-46F0-8761-75987A20B784}" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"{33776374-55EE-4EF6-920A-444C61ED83A0}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{33B026B4-789C-4742-80EC-EEA6F6F2D421}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{33ED90C9-6FF3-4EB1-BCB2-5068C10A4BF4}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{3427D8E6-A098-4220-B4F1-613705354E32}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{34BFF2D8-45C8-4AC4-BEFF-C57F55908E65}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{35EB4F32-D083-41C1-AEB4-54E83132D9FB}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{36970E30-13FD-4AEA-8789-3688D92C16EA}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{37DB87B6-FAE0-444F-9D19-3152E6D39CC9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{3B9671C2-3A4F-4C58-9FB4-E152EE98E515}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{3BAE3D94-4325-47C0-A801-622C63E8A166}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{3DCBF330-AAD8-4447-8DA0-468F17C55866}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{415E1DA0-8D0F-4FCF-A93B-6BA817F9269E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{41933A90-3DB8-4C94-830C-BFDA95C50ABC}" = protocol=17 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{4349E900-365F-4CC4-AA86-A7288808C61F}" = protocol=6 | dir=in | app=f:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{449380C7-CE90-4B4A-A8F8-37B6996A22D0}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{48B7760E-6D24-4095-95F0-EC827001858A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{4BDE261B-2ED5-43F2-B5E4-59734785D0E3}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{4D345D96-A5AC-4812-B0F8-8C965989675C}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{4DCF6E14-7D21-4C82-8C9E-4329D2B3708D}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{4FD7C014-274D-43C5-A990-141E07E02155}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{502CA4C9-513E-4811-ACF7-3F958DE4207B}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{505CAAB7-76E2-4C2A-8753-55AE7C6F87FF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{50C72BA7-E36D-4076-926C-106B2D3E3CAE}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{51F044F9-F53A-4427-8665-B672AF832453}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{53905628-E6D8-4B51-B4DA-8090A0341277}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\rage\rage.exe |
"{5474D91E-D81D-49AC-B8DE-42BB6483D867}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{554B51BD-828A-443C-9233-9BEB0109CFAB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{558CF4A9-7FAC-4DCD-8ABB-584602F0E45E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{56B00D06-8841-4068-8BCE-A0C211886E00}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life source\hl2.exe |
"{57087CFB-AB8C-41EB-90C5-56DDBAA30DCA}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{590C3A54-343E-4344-8DB3-E55BCDD2D290}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{5954B4B9-0CA7-44AD-B852-A47F3906AA1F}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5C22AC72-D217-4306-BA84-C717786EDCAE}" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"{5D3487C5-2E73-4BDC-80FC-1EE2660A8CED}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{5D4308B5-9818-4FB3-B901-F64B59D7BA5A}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{618C3424-E0BB-4C5A-9F6C-3D1A24CF1F5A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life source\hl2.exe |
"{6310E154-0396-4877-9D1B-23E0470C6B6A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{63614048-429E-4185-82ED-2846F38067DA}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{6664355F-65F6-412A-9372-FE65FF8E1B16}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{688918B1-ABB5-4B7C-983A-2A23A9841A9C}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{68B8A3C1-912D-453F-BCF0-2BE8A05DD48F}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{69AB6A78-86AF-4B50-B457-342FC87681C0}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{6A27ADB2-4183-4F54-80B5-00FDBBCD1CE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{6C86BDF8-FC7E-4C65-9933-86B561EE2046}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{6D3D314F-E9BF-421C-9293-BBDB3ED0FA75}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{6E353E66-7E15-464A-AF44-35FE9AB30EB2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{6EEA4F9D-001E-4F0D-BC21-5BC257CCFF95}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{6FB5FDFA-8F22-4E34-9EF1-748ABE9D9189}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{71B0648B-0D8F-4FFC-B2A9-6D7794C7DFA7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{74886412-F34F-4E16-92F1-4316286E2FD7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7662BF3A-7E65-4C6C-A6EE-8B161C6C2CE9}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{767BF368-4991-4EA3-8B11-F57369757F37}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{7727995C-32D5-4B41-A08E-E00E327DE1CF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{78CBFE3A-7E22-435B-B7D2-38943AB4193B}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{794029BF-9A4B-47E4-AFBB-D105939965F4}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{79440646-0737-40D3-86D6-F2EE6D71F675}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{79B41859-BC7F-4616-AA21-D6BAA1AFB505}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{7C746ACE-64AB-4FD8-AC04-5EDF247D2071}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{7FD84539-D02F-49D3-A6DB-12072E1BFACD}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{809AD6A8-A1E0-42C1-8107-2523BCAD12D7}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
"{8167A177-B360-4564-A717-F6A0AC892EAD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{8201C254-7580-4A5B-BF86-4B3022C256BD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\empire total war\empire.exe |
"{8284EE3D-A997-42FE-BD9F-CE7CAB9B3DB0}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{83A64509-D2B6-4FE0-878B-2F8BA440C2CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{878E8934-FFE6-44C6-AB2A-ECFBD1333BDC}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{8C16C9C2-41E6-4845-9E56-7B8B10FCC95E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{8D9F2287-DA6F-4B65-95AC-3884D5E554E1}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{8E97E2DD-3A7F-4F44-BCA2-08CD56918E3E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{8EE38F5A-08C8-46CB-84E1-6B4B37F6FCFB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{8FE1F05F-76A1-4DE0-BFA4-78BE3068DAE7}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\help.htm |
"{909F3301-EB25-4C5E-AC67-66122B9963CF}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{936EA84B-EFAA-4FDD-A1E4-9453982CAD07}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{95C79D05-98B5-4C71-9403-85189FB08883}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9696B5F1-C819-4AF4-95FE-70554FF5DEB4}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{9879BF26-B511-4E25-9260-15406842A0A2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{98C99B63-0141-4FF6-AB65-943B30FFE3B8}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{99AA9B95-8B9D-4CAB-8BB6-46AB7B95E617}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{9DCE9612-8FDA-4843-BE29-650C79CEA6F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9EB7EDB6-C3E1-4EFF-8195-86249FF3FB1F}" = protocol=6 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{9FC04822-50A4-4B0B-8E24-A135C5EAD4DF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{A1C6BFE3-A252-49A2-9157-25B0917F9776}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{A336057A-A8AC-4C22-9548-06660004F38A}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{A38F76AF-831C-4ABC-9B77-4823C6857C70}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A457D4A7-0C95-47FC-B246-F642D37DBEA5}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{ABEECE16-A355-4FBE-A48D-73BF8663B3DD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{AC0B47D9-D7EF-4F41-93C0-65D21CAEA479}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{ACCC307D-ABFC-409D-9B9F-3D5E47945F9C}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{ACD262BE-DA5B-4B47-A8D6-C92108826B7B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{AF4BBF70-555C-441E-975C-7BAE28B2702A}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{AF61D5B4-4E8C-455A-BC12-EEBD7B109683}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{B05755F7-4D92-4CBD-8052-E91C793AA470}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{B0EF04A0-C79F-4699-8492-1ECB26FC08BB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{BB4B0C5F-E4DF-425A-A291-36EC71D9A957}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{BC6E3BD2-4E2E-4769-AD71-B2CE853401DF}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{BE3F5022-D01B-41F7-929F-1A73B76E66F9}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{C19A4E47-4029-4CD4-BEC7-DDFF03701046}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C3C670E6-E4B4-4163-B2EB-653DDAA2E955}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{C6E6864B-22D5-4D8E-AA45-AC7054F3CE53}" = protocol=17 | dir=in | app=f:\games\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{C75B2660-A2A3-47D0-A7CA-7AB878C19773}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{CB2452DB-A993-44CC-BA9A-2D6A455A0CA2}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{CB2E0ADE-3E43-4379-943B-A7521488C17D}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{CC0655CE-DF6D-421C-A9F7-EB1BD81C2AD6}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{CE6887EF-0051-4905-B4C1-4406B3A8FAE3}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{CEE0F319-5C03-4AB3-A4E2-0A16AC1A840B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{D14F3401-FC67-4EE4-B860-AB293E06DD7B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{D2000876-3821-4909-9655-BAA181DA1C83}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{D37B6E5C-6C56-4D36-AC47-53A4AB8FA71B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{D3FFA52F-58C6-4EB0-A704-E8E9FCC349F6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D4E2ABCB-30DC-4BB0-B515-EE951496ACF5}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{D62A5EAA-ADAC-497B-8A92-87A0E559C8BE}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{D76CB2A2-1BC9-4B17-B637-FE1E96A5E463}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{DA873AC3-E6A1-46F0-BAEE-F4093CD6BE8A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{DAD75AAE-AE79-49E9-AAEC-B1BF6870ED61}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{DD112A56-6331-4971-99E7-1859009ACD2B}" = protocol=6 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{DE92461D-2E3F-47CE-BBCB-2ACEB58A5448}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{DF1160FB-750B-4C77-93E8-2CC33081B25E}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{DF272278-BB2D-46A3-AA93-A01E174A9F6E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{E02E04F3-A593-44D9-B128-626E6893D063}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{E30179E3-DD01-46BB-9B13-A607837B4FBD}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{E52794A7-FFB8-48B9-B5A3-1E0FD4CC7C79}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{E547072A-AD75-4C5A-B441-5771D242EC05}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"{EAA465FA-BFB8-498F-BD1B-E96A631E666F}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\help.htm |
"{EE2711B6-FE41-458A-B62B-03E169693429}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{EFDBFF13-685C-4519-87BD-D4F8D031F60E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F61DF866-8DAA-41D2-AB92-9AB9E80BD9C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{F703B6BC-9F0B-49B4-8BDA-B58C75EF9E00}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F774DFE1-6A31-448B-8A6D-542ECDA42785}" = protocol=17 | dir=in | app=f:\games\sins of a solar empire\sins of a solar empire.exe |
"{FB2928DB-09EF-4CAE-8991-6DB6EDAD5853}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\tomb raider anniversary\tra.exe |
"{FCB761CC-86FC-4746-96C0-1B44B2B38EC0}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{FD0B2D48-08BB-4B0C-A8E2-344AD699E99B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{FD2F91BF-5385-4395-86EB-18B85899C949}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{FDC294C4-2890-4B3B-9025-BF784321037A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{FE65657D-207A-4134-86A6-18059CE681C5}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{FECCABA1-2D6E-4BB5-A4DE-DDF34AD63B2C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FF245D15-3BD4-4763-A4EE-3261A92615B2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"TCP Query User{00F0EF41-50EC-4D7B-A271-44719BC0E8D9}F:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"TCP Query User{0B08D8F2-CB69-4C17-BE31-76E4884AAC97}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{1BA19CBA-06F2-45C7-AF0C-952436580FB2}C:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe |
"TCP Query User{1C96B53A-EC4D-49D5-8C36-1A35F26D0949}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"TCP Query User{2372224C-40C0-4263-96B2-71ED2721587B}F:\games\freespace2\fs2_open_3_6_12r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12r_inf.exe |
"TCP Query User{297B4339-B0E9-4B72-886B-172BB9AA4512}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{46FDB92C-AB62-4C85-B9D8-A41402ABF61D}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"TCP Query User{499C7920-B5E5-4713-90B7-BCFDCA1F9FCE}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{50D9C5E0-59D1-49BC-9565-C381D2ADF043}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{51BFCE68-6349-40BC-8F12-C416C9BF899C}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{6030F31E-D408-4875-8386-580BD8C28A3A}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=6 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"TCP Query User{67603E8C-8E52-4100-A69F-E454DCCFBE3D}C:\games\freespace2\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\games\freespace2\fs2_open_3_6_9.exe |
"TCP Query User{853E78A5-203A-427F-A4C9-382D635D187E}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{85606083-88A3-4BE9-BBA1-439477E1C936}F:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=6 | dir=in | app=f:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"TCP Query User{86CC3F2F-A100-4020-B3DA-37F84A17EC1A}C:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"TCP Query User{8760D247-4D5F-42BD-8A71-9583FA53BE89}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=6 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"TCP Query User{907D4A38-C44E-4705-B15C-D68AEA0729D0}C:\program files\steam\steamapps\pr011\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"TCP Query User{90B94426-33A1-43FE-8BD3-405EFCB88962}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{90E8F04F-6BAF-42A7-97E2-7C19F6FCF53B}C:\program files\vivendi\judge dredd - dredd vs death\dredd.exe" = protocol=6 | dir=in | app=c:\program files\vivendi\judge dredd - dredd vs death\dredd.exe |
"TCP Query User{9E77BE63-5ECB-463A-9ACD-A50C71CBFE7E}F:\program files\steam\steam.exe" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"TCP Query User{AE6CBEA0-6C39-4B37-A51D-FDC6EE473012}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BB8833F6-6218-4CFF-BD44-75ED18561809}F:\games\freespace2\fs2_open_ant_7r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_ant_7r_inf.exe |
"TCP Query User{BD4D0A56-8389-45B3-B0EC-A7E669F2D3F7}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{C03F3AD9-ADD6-4A73-A873-511422079EA6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{CC7A4E68-7053-43D2-B703-19A963B54635}F:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{CF451374-2ED6-4CEA-A89C-5FEFAC5576B9}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{D4A91C6D-B35B-426F-88BC-E1BD30757743}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D780B9D3-4DA8-4671-A6AF-618C3F9FBE0D}F:\games\freespace2\fs2_open_3_6_12d_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12d_inf.exe |
"TCP Query User{D9A58521-4236-4E42-845A-1266829F68E4}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"TCP Query User{DC5C0835-9732-406C-849A-0D5CCA4982E6}F:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe |
"TCP Query User{E19BDB5B-3765-43DC-B8C7-ED12EBD4D628}F:\games\freespace2\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=f:\games\freespace2\fs2_open_3_6_9.exe |
"TCP Query User{F18D6F73-329D-45F4-81BF-A614701E5A06}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0FF58166-A65E-4236-9379-79A571AEDBD0}F:\program files\sierra\homeworld2\bin\release\homeworld2.exe" = protocol=17 | dir=in | app=f:\program files\sierra\homeworld2\bin\release\homeworld2.exe |
"UDP Query User{1FC1BA28-8C64-4250-9143-C5AC13AB4E85}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=17 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"UDP Query User{25ED52D8-6888-466A-8255-8F2869B272D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2CB0A7F9-9650-478B-8CAB-CBBA1219B0BE}C:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe |
"UDP Query User{31CAAEB2-6834-45D1-AFC2-FA9AE55FAB16}F:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"UDP Query User{38C9E35B-ABCF-4E57-9911-3A87D064AF8E}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{3A74CA3E-A3A9-4EB6-9870-8813007539C5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3B32E87E-53BA-4A76-80B0-70444C2DDE57}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3D3C8E7E-A97D-4689-8BF7-9EB2E80675D6}C:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\team fortress 2\hl2.exe |
"UDP Query User{4ABE5ABF-4561-499D-89F6-E9F5F9B924EA}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{54B3FD1B-C086-43D4-8A68-40392229AFC1}F:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12_rc3r_inf.exe |
"UDP Query User{60876B65-A98E-4389-BB0E-76EFC3D222F7}F:\games\freespace2\fs2_open_3_6_12r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12r_inf.exe |
"UDP Query User{627C7FA0-9FA9-4BA7-9221-0BD6CA4E51F6}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"UDP Query User{6690C15B-4E66-4E1D-9D4A-61C74B86DB59}C:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\half-life deathmatch source\hl2.exe |
"UDP Query User{67FA554F-615F-4E26-A591-BD3C2956BFAD}F:\games\freespace2\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_9.exe |
"UDP Query User{6C244D8A-1FA4-4352-8359-46017310A077}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"UDP Query User{71E2D498-DD91-4D58-88E5-094B4FBB21AE}F:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{7F8B74FC-46A3-4A53-80A4-5332C3EFE0AA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{85FBAFCF-5419-4BA3-BCE8-194E02908F5D}F:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{87880297-D554-4867-8AB9-1FEAD82A2A36}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{87E2AC77-C45E-401C-B3E8-0761F41C8012}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{933E0FC6-2141-4430-A24D-0D06626A25B5}F:\games\freespace2\fs2_open_3_6_12d_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_3_6_12d_inf.exe |
"UDP Query User{A147EADF-C4A5-41E4-9C6A-6992D8B97A95}C:\program files\steam\steamapps\pr011\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pr011\garrysmod\hl2.exe |
"UDP Query User{B13E508B-1645-4EF7-A510-817A83A3167A}C:\program files\vivendi\judge dredd - dredd vs death\dredd.exe" = protocol=17 | dir=in | app=c:\program files\vivendi\judge dredd - dredd vs death\dredd.exe |
"UDP Query User{C082E202-7DF2-483F-811A-0A338636C602}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{CCB5E925-9A97-4A47-8C54-893BBFF2C097}F:\games\freespace2\fs2_open_ant_7r_inf.exe" = protocol=17 | dir=in | app=f:\games\freespace2\fs2_open_ant_7r_inf.exe |
"UDP Query User{D6E39775-B4B9-45A1-B62B-3055129F6435}F:\program files\steam\steam.exe" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"UDP Query User{E03A6F4E-35BD-4348-A7C2-07564DF87BFE}C:\games\freespace2\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\games\freespace2\fs2_open_3_6_9.exe |
"UDP Query User{E4A50401-9C84-4D7F-90A5-5BBFD9BDF227}F:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{E4F3E9EF-4983-4ACB-BC4C-0858AAC5C5BE}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{F7294918-A43E-4BCA-8A5C-6F0BEEFF28DB}F:\program files\reality pump\the moon project\themoonproject.exe" = protocol=17 | dir=in | app=f:\program files\reality pump\the moon project\themoonproject.exe |
"UDP Query User{F82E8A06-D6DA-481A-A89D-607F72CA0E7C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAB0F8F5-282A-45F1-B31A-EB894827456B}" = MPM
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}" = Vodafone Mobile Connect Lite Runtime Components
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"Command & Conquer 95" = Command & Conquer Windows 95
"Creative Jukebox Driver" = Creative Jukebox Driver
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EADM" = EA Download Manager
"Earth 2150" = Earth 2150
"eMule" = eMule
"FreeSpace2" = FreeSpace 2
"Galactic Civilizations" = Galactic Civilizations
"Google Updater" = Google Updater
"Homeworld2" = Homeworld2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"Impulse" = Impulse
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"IvanView" = IvanView
"Knights and Merchants - The Peasants Rebellion_is1" = Knights and Merchants - The Peasants Rebellion
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MS Access 97 SP2" = MS Access 97 SP2
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oni" = Oni
"OpenAL" = OpenAL
"Orion2DeinstKey" = Master of Orion II
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"StarLancer 1.0" = Microsoft StarLancer
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 17450" = Dragon Age: Origins
"Steam App 20920" = The Witcher 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 22690" = Worms Reloaded Demo
"Steam App 24980" = Mass Effect 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 41800" = Gratuitous Space Battles
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 47730" = Dragon Age: Origins - Awakening
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 8000" = Tomb Raider: Anniversary
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 91310" = Dead Island
"Steam App 9200" = RAGE
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"SystemRequirementsLab" = System Requirements Lab
"The Moon Project" = The Moon Project
"VLC media player" = VLC media player 1.1.7
"Warzone 2100" = Warzone 2100
"WinRAR archiver" = WinRAR archiver
"ZTE_MF6X6_USB_MODEM_1.2050.0.6" = ZTE_MF6X6_USB_MODEM_1.2050.0.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/06/2010 15:09:33 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 06/06/2010 16:29:48 | Computer Name = mark-PC | Source = Application Error | ID = 1000
Description = Faulting application MassEffect2.exe, version 1.1.1599.0, time stamp
0x4b7ae7c3, faulting module MassEffect2.exe, version 1.1.1599.0, time stamp 0x4b7ae7c3,
exception code 0xc0000005, fault offset 0x005122e0, process id 0x1654, application
start time 0x01cb05b6b6027c6a.

Error - 11/06/2010 16:59:25 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 15/06/2010 15:37:01 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 15/06/2010 20:14:11 | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12d0 Start Time: 01cb0ce5e6251890 Termination Time: 0

Error - 17/06/2010 18:34:00 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 16:32:05 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 17:32:05 | Computer Name = mark-PC | Source = Google Update | ID = 20
Description =

Error - 18/06/2010 17:45:52 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 18/06/2010 17:46:07 | Computer Name = mark-PC | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 26/02/2012 09:23:45 | Computer Name = mark-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/02/2012 14:11:58 | Computer Name = mark-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.


< End of report >

I have started IE up a few times and it does not appear to be redirected.

I will run the tool now, log to follow.

Thanks again for your help

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:57 on 26/02/2012 (Mark)
Firefox version 10.0.2 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:36 18/06/2010]

C:\Users\Mark\Application Data\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:49 28/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:41 05/05/2009]

-=E.O.F=-

Hello again

I have been using IE, and unfortunately just got a redirect on a pop up window.

02:43:58.0433 4600 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
02:43:58.0558 4600 ============================================================
02:43:58.0558 4600 Current date / time: 2012/02/27 02:43:58.0558
02:43:58.0558 4600 SystemInfo:
02:43:58.0558 4600
02:43:58.0558 4600 OS Version: 6.0.6002 ServicePack: 2.0
02:43:58.0558 4600 Product type: Workstation
02:43:58.0558 4600 ComputerName: MARK-PC
02:43:58.0558 4600 UserName: Mark
02:43:58.0558 4600 Windows directory: C:\Windows
02:43:58.0558 4600 System windows directory: C:\Windows
02:43:58.0558 4600 Processor architecture: Intel x86
02:43:58.0558 4600 Number of processors: 4
02:43:58.0558 4600 Page size: 0x1000
02:43:58.0558 4600 Boot type: Normal boot
02:43:58.0558 4600 ============================================================
02:44:00.0836 4600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:44:00.0836 4600 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:44:00.0851 4600 \Device\Harddisk0\DR0:
02:44:00.0851 4600 MBR used
02:44:00.0851 4600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
02:44:00.0851 4600 \Device\Harddisk1\DR1:
02:44:00.0851 4600 MBR used
02:44:00.0851 4600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
02:44:00.0898 4600 Initialize success
02:44:00.0898 4600 ============================================================
02:44:02.0910 5060 ============================================================
02:44:02.0910 5060 Scan started
02:44:02.0910 5060 Mode: Manual;
02:44:02.0910 5060 ============================================================
02:44:05.0001 5060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:44:05.0016 5060 ACPI - ok
02:44:05.0094 5060 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
02:44:05.0094 5060 ADIHdAudAddService - ok
02:44:05.0126 5060 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:44:05.0141 5060 adp94xx - ok
02:44:05.0157 5060 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:44:05.0172 5060 adpahci - ok
02:44:05.0188 5060 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:44:05.0188 5060 adpu160m - ok
02:44:05.0219 5060 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:44:05.0219 5060 adpu320 - ok
02:44:05.0344 5060 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:44:05.0360 5060 AFD - ok
02:44:05.0391 5060 AFGMp50 - ok
02:44:05.0438 5060 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
02:44:05.0438 5060 AFGSp50 - ok
02:44:05.0547 5060 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:44:05.0547 5060 agp440 - ok
02:44:05.0578 5060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:44:05.0578 5060 aic78xx - ok
02:44:05.0640 5060 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
02:44:05.0640 5060 aliide - ok
02:44:05.0687 5060 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:44:05.0687 5060 amdagp - ok
02:44:05.0703 5060 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
02:44:05.0703 5060 amdide - ok
02:44:05.0734 5060 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:44:05.0734 5060 AmdK7 - ok
02:44:05.0781 5060 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:44:05.0781 5060 AmdK8 - ok
02:44:05.0843 5060 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:44:05.0843 5060 arc - ok
02:44:05.0890 5060 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:44:05.0890 5060 arcsas - ok
02:44:05.0921 5060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:44:05.0921 5060 AsyncMac - ok
02:44:05.0968 5060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:44:05.0968 5060 atapi - ok
02:44:06.0030 5060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:44:06.0030 5060 Beep - ok
02:44:06.0062 5060 blbdrive - ok
02:44:06.0108 5060 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:44:06.0124 5060 bowser - ok
02:44:06.0155 5060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:44:06.0155 5060 BrFiltLo - ok
02:44:06.0186 5060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:44:06.0186 5060 BrFiltUp - ok
02:44:06.0218 5060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:44:06.0218 5060 Brserid - ok
02:44:06.0233 5060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:44:06.0249 5060 BrSerWdm - ok
02:44:06.0264 5060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:44:06.0264 5060 BrUsbMdm - ok
02:44:06.0280 5060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:44:06.0280 5060 BrUsbSer - ok
02:44:06.0311 5060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:44:06.0311 5060 BTHMODEM - ok
02:44:06.0452 5060 catchme - ok
02:44:06.0514 5060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:44:06.0514 5060 cdfs - ok
02:44:06.0545 5060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:44:06.0545 5060 cdrom - ok
02:44:06.0576 5060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:44:06.0576 5060 circlass - ok
02:44:06.0623 5060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:44:06.0623 5060 CLFS - ok
02:44:06.0654 5060 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
02:44:06.0654 5060 cmdide - ok
02:44:06.0686 5060 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
02:44:06.0686 5060 Compbatt - ok
02:44:06.0717 5060 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:44:06.0717 5060 crcdisk - ok
02:44:06.0748 5060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:44:06.0748 5060 Crusoe - ok
02:44:06.0857 5060 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
02:44:06.0857 5060 DfsC - ok
02:44:07.0060 5060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:44:07.0076 5060 disk - ok
02:44:07.0294 5060 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
02:44:07.0310 5060 Dot4 - ok
02:44:07.0388 5060 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:44:07.0388 5060 Dot4Print - ok
02:44:07.0450 5060 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
02:44:07.0466 5060 dot4usb - ok
02:44:07.0559 5060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:44:07.0559 5060 drmkaud - ok
02:44:07.0700 5060 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:44:07.0715 5060 DXGKrnl - ok
02:44:07.0809 5060 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:44:07.0840 5060 E1G60 - ok
02:44:07.0887 5060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:44:07.0887 5060 Ecache - ok
02:44:07.0949 5060 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:44:07.0949 5060 elxstor - ok
02:44:08.0012 5060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:44:08.0012 5060 exfat - ok
02:44:08.0074 5060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:44:08.0074 5060 fastfat - ok
02:44:08.0121 5060 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:44:08.0121 5060 fdc - ok
02:44:08.0168 5060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:44:08.0168 5060 FileInfo - ok
02:44:08.0214 5060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:44:08.0214 5060 Filetrace - ok
02:44:08.0246 5060 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:44:08.0246 5060 flpydisk - ok
02:44:08.0261 5060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:44:08.0277 5060 FltMgr - ok
02:44:08.0308 5060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:44:08.0308 5060 Fs_Rec - ok
02:44:08.0355 5060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:44:08.0355 5060 gagp30kx - ok
02:44:08.0464 5060 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
02:44:08.0464 5060 HdAudAddService - ok
02:44:08.0698 5060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:44:08.0729 5060 HDAudBus - ok
02:44:08.0776 5060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:44:08.0776 5060 HidBth - ok
02:44:08.0792 5060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:44:08.0792 5060 HidIr - ok
02:44:08.0838 5060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:44:08.0838 5060 HidUsb - ok
02:44:08.0870 5060 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:44:08.0870 5060 HpCISSs - ok
02:44:08.0979 5060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:44:08.0994 5060 HTTP - ok
02:44:09.0041 5060 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:44:09.0041 5060 hwdatacard - ok
02:44:09.0057 5060 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:44:09.0057 5060 i2omp - ok
02:44:09.0119 5060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:44:09.0119 5060 i8042prt - ok
02:44:09.0150 5060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:44:09.0166 5060 iaStorV - ok
02:44:09.0197 5060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:44:09.0197 5060 iirsp - ok
02:44:09.0213 5060 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
02:44:09.0213 5060 intelide - ok
02:44:09.0260 5060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:44:09.0275 5060 intelppm - ok
02:44:09.0369 5060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:44:09.0369 5060 IpFilterDriver - ok
02:44:09.0384 5060 IpInIp - ok
02:44:09.0431 5060 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:44:09.0431 5060 IPMIDRV - ok
02:44:09.0478 5060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:44:09.0478 5060 IPNAT - ok
02:44:09.0540 5060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:44:09.0540 5060 IRENUM - ok
02:44:09.0587 5060 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:44:09.0587 5060 isapnp - ok
02:44:09.0634 5060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:44:09.0634 5060 iScsiPrt - ok
02:44:09.0790 5060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:44:09.0790 5060 iteatapi - ok
02:44:09.0806 5060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:44:09.0821 5060 iteraid - ok
02:44:09.0946 5060 jbridgep - ok
02:44:10.0055 5060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:44:10.0055 5060 kbdclass - ok
02:44:10.0149 5060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:44:10.0164 5060 kbdhid - ok
02:44:10.0305 5060 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:44:10.0336 5060 KSecDD - ok
02:44:10.0367 5060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:44:10.0367 5060 lltdio - ok
02:44:10.0430 5060 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:44:10.0430 5060 LSI_FC - ok
02:44:10.0476 5060 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:44:10.0492 5060 LSI_SAS - ok
02:44:10.0523 5060 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:44:10.0523 5060 LSI_SCSI - ok
02:44:10.0570 5060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:44:10.0570 5060 luafv - ok
02:44:10.0664 5060 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
02:44:10.0664 5060 massfilter - ok
02:44:10.0710 5060 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
02:44:10.0710 5060 MBAMProtector - ok
02:44:10.0773 5060 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
02:44:10.0773 5060 mbmiodrvr - ok
02:44:10.0804 5060 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:44:10.0804 5060 megasas - ok
02:44:10.0835 5060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:44:10.0835 5060 Modem - ok
02:44:10.0882 5060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:44:10.0882 5060 monitor - ok
02:44:10.0913 5060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:44:10.0913 5060 mouclass - ok
02:44:10.0944 5060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:44:10.0944 5060 mouhid - ok
02:44:10.0976 5060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:44:10.0976 5060 MountMgr - ok
02:44:11.0022 5060 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:44:11.0022 5060 mpio - ok
02:44:11.0054 5060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:44:11.0054 5060 mpsdrv - ok
02:44:11.0085 5060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:44:11.0085 5060 Mraid35x - ok
02:44:11.0147 5060 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
02:44:11.0147 5060 MRV6X32P - ok
02:44:11.0194 5060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:44:11.0210 5060 MRxDAV - ok
02:44:11.0256 5060 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:44:11.0256 5060 mrxsmb - ok
02:44:11.0303 5060 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:44:11.0319 5060 mrxsmb10 - ok
02:44:11.0350 5060 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:44:11.0350 5060 mrxsmb20 - ok
02:44:11.0381 5060 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
02:44:11.0381 5060 msahci - ok
02:44:11.0412 5060 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:44:11.0412 5060 msdsm - ok
02:44:11.0475 5060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:44:11.0475 5060 Msfs - ok
02:44:11.0522 5060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:44:11.0522 5060 msisadrv - ok
02:44:11.0568 5060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:44:11.0568 5060 MSKSSRV - ok
02:44:11.0631 5060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:44:11.0631 5060 MSPCLOCK - ok
02:44:11.0662 5060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:44:11.0662 5060 MSPQM - ok
02:44:11.0709 5060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:44:11.0709 5060 MsRPC - ok
02:44:11.0756 5060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:44:11.0756 5060 mssmbios - ok
02:44:11.0802 5060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:44:11.0802 5060 MSTEE - ok
02:44:11.0834 5060 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
02:44:11.0834 5060 MTsensor - ok
02:44:11.0849 5060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:44:11.0849 5060 Mup - ok
02:44:11.0880 5060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:44:11.0896 5060 NativeWifiP - ok
02:44:11.0943 5060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:44:11.0958 5060 NDIS - ok
02:44:12.0005 5060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:44:12.0005 5060 NdisTapi - ok
02:44:12.0036 5060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:44:12.0036 5060 Ndisuio - ok
02:44:12.0208 5060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:44:12.0224 5060 NdisWan - ok
02:44:12.0317 5060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:44:12.0333 5060 NDProxy - ok
02:44:12.0411 5060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:44:12.0411 5060 NetBIOS - ok
02:44:12.0504 5060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
02:44:12.0520 5060 netbt - ok
02:44:12.0567 5060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:44:12.0567 5060 nfrd960 - ok
02:44:12.0614 5060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:44:12.0614 5060 Npfs - ok
02:44:12.0645 5060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:44:12.0645 5060 nsiproxy - ok
02:44:12.0785 5060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:44:12.0832 5060 Ntfs - ok
02:44:12.0863 5060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:44:12.0863 5060 ntrigdigi - ok
02:44:12.0941 5060 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
02:44:12.0941 5060 NuidFltr - ok
02:44:12.0988 5060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:44:13.0004 5060 Null - ok
02:44:13.0394 5060 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
02:44:13.0409 5060 NVENETFD - ok
02:44:15.0422 5060 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:44:15.0484 5060 nvlddmkm - ok
02:44:15.0843 5060 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:44:15.0858 5060 nvraid - ok
02:44:15.0890 5060 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
02:44:15.0890 5060 nvstor - ok
02:44:15.0936 5060 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
02:44:15.0936 5060 nvstor32 - ok
02:44:15.0999 5060 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:44:15.0999 5060 nv_agp - ok
02:44:16.0014 5060 NwlnkFlt - ok
02:44:16.0030 5060 NwlnkFwd - ok
02:44:16.0077 5060 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:44:16.0077 5060 ohci1394 - ok
02:44:16.0108 5060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:44:16.0108 5060 Parport - ok
02:44:16.0155 5060 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:44:16.0155 5060 partmgr - ok
02:44:16.0186 5060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:44:16.0186 5060 Parvdm - ok
02:44:16.0217 5060 PCASp50 - ok
02:44:16.0280 5060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:44:16.0280 5060 pci - ok
02:44:16.0342 5060 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:44:16.0342 5060 pciide - ok
02:44:16.0373 5060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:44:16.0373 5060 pcmcia - ok
02:44:16.0436 5060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:44:16.0451 5060 PEAUTH - ok
02:44:16.0545 5060 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
02:44:16.0545 5060 Point32 - ok
02:44:16.0607 5060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:44:16.0607 5060 PptpMiniport - ok
02:44:16.0654 5060 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:44:16.0670 5060 Processor - ok
02:44:16.0748 5060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:44:16.0748 5060 PSched - ok
02:44:16.0810 5060 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:44:16.0826 5060 ql2300 - ok
02:44:16.0872 5060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:44:16.0888 5060 ql40xx - ok
02:44:16.0935 5060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:44:16.0935 5060 QWAVEdrv - ok
02:44:16.0982 5060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:44:16.0982 5060 RasAcd - ok
02:44:17.0013 5060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:44:17.0013 5060 Rasl2tp - ok
02:44:17.0060 5060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:44:17.0060 5060 RasPppoe - ok
02:44:17.0091 5060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:44:17.0091 5060 RasSstp - ok
02:44:17.0138 5060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:44:17.0138 5060 rdbss - ok
02:44:17.0184 5060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:44:17.0184 5060 RDPCDD - ok
02:44:17.0231 5060 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:44:17.0231 5060 rdpdr - ok
02:44:17.0247 5060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:44:17.0247 5060 RDPENCDD - ok
02:44:17.0387 5060 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:44:17.0434 5060 RDPWD - ok
02:44:17.0543 5060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:44:17.0543 5060 rspndr - ok
02:44:17.0574 5060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:44:17.0574 5060 sbp2port - ok
02:44:17.0637 5060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:44:17.0637 5060 secdrv - ok
02:44:17.0652 5060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:44:17.0652 5060 Serenum - ok
02:44:17.0684 5060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:44:17.0684 5060 Serial - ok
02:44:17.0730 5060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:44:17.0730 5060 sermouse - ok
02:44:17.0746 5060 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
02:44:17.0762 5060 sffdisk - ok
02:44:17.0777 5060 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:44:17.0777 5060 sffp_mmc - ok
02:44:17.0793 5060 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
02:44:17.0793 5060 sffp_sd - ok
02:44:17.0824 5060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:44:17.0824 5060 sfloppy - ok
02:44:17.0855 5060 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:44:17.0855 5060 sisagp - ok
02:44:17.0886 5060 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:44:17.0886 5060 SiSRaid2 - ok
02:44:17.0902 5060 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:44:17.0918 5060 SiSRaid4 - ok
02:44:17.0949 5060 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
02:44:17.0949 5060 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 7b75299a4d201d6a6533603d6914ab04
02:44:17.0949 5060 Smb ( Virus.Win32.ZAccess.c ) - infected
02:44:17.0949 5060 Smb - detected Virus.Win32.ZAccess.c (0)
02:44:17.0996 5060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:44:17.0996 5060 spldr - ok
02:44:18.0058 5060 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
02:44:18.0058 5060 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
02:44:18.0074 5060 sptd ( LockedFile.Multi.Generic ) - warning
02:44:18.0074 5060 sptd - detected LockedFile.Multi.Generic (1)
02:44:18.0120 5060 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:44:18.0136 5060 srv - ok
02:44:18.0167 5060 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:44:18.0167 5060 srv2 - ok
02:44:18.0214 5060 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:44:18.0214 5060 srvnet - ok
02:44:18.0292 5060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:44:18.0292 5060 swenum - ok
02:44:18.0339 5060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:44:18.0339 5060 Symc8xx - ok
02:44:18.0370 5060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:44:18.0370 5060 Sym_hi - ok
02:44:18.0417 5060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:44:18.0432 5060 Sym_u3 - ok
02:44:18.0510 5060 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
02:44:18.0526 5060 Tcpip - ok
02:44:18.0588 5060 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
02:44:18.0588 5060 Tcpip6 - ok
02:44:18.0635 5060 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:44:18.0635 5060 tcpipreg - ok
02:44:18.0666 5060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:44:18.0666 5060 TDPIPE - ok
02:44:18.0698 5060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:44:18.0698 5060 TDTCP - ok
02:44:18.0744 5060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:44:18.0744 5060 tdx - ok
02:44:18.0791 5060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:44:18.0791 5060 TermDD - ok
02:44:18.0869 5060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:44:18.0869 5060 tssecsrv - ok
02:44:18.0932 5060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:44:18.0947 5060 tunmp - ok
02:44:18.0978 5060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:44:18.0978 5060 tunnel - ok
02:44:19.0025 5060 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:44:19.0025 5060 uagp35 - ok
02:44:19.0072 5060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:44:19.0072 5060 udfs - ok
02:44:19.0103 5060 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:44:19.0103 5060 uliagpkx - ok
02:44:19.0134 5060 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:44:19.0134 5060 uliahci - ok
02:44:19.0166 5060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:44:19.0166 5060 UlSata - ok
02:44:19.0197 5060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:44:19.0197 5060 ulsata2 - ok
02:44:19.0228 5060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:44:19.0228 5060 umbus - ok
02:44:19.0275 5060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:44:19.0290 5060 usbccgp - ok
02:44:19.0306 5060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:44:19.0306 5060 usbcir - ok
02:44:19.0353 5060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:44:19.0353 5060 usbehci - ok
02:44:19.0431 5060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:44:19.0431 5060 usbhub - ok
02:44:19.0478 5060 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
02:44:19.0478 5060 usbohci - ok
02:44:19.0556 5060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:44:19.0602 5060 usbprint - ok
02:44:19.0649 5060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:44:19.0649 5060 usbscan - ok
02:44:19.0680 5060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:44:19.0680 5060 USBSTOR - ok
02:44:19.0727 5060 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
02:44:19.0743 5060 usbuhci - ok
02:44:19.0774 5060 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
02:44:19.0774 5060 USB_RNDIS - ok
02:44:19.0805 5060 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:44:19.0805 5060 vga - ok
02:44:19.0852 5060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:44:19.0868 5060 VgaSave - ok
02:44:19.0883 5060 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:44:19.0883 5060 viaagp - ok
02:44:19.0914 5060 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:44:19.0914 5060 ViaC7 - ok
02:44:19.0946 5060 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
02:44:19.0946 5060 viaide - ok
02:44:19.0977 5060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:44:19.0977 5060 volmgr - ok
02:44:20.0039 5060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:44:20.0055 5060 volmgrx - ok
02:44:20.0086 5060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:44:20.0102 5060 volsnap - ok
02:44:20.0133 5060 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:44:20.0133 5060 vsmraid - ok
02:44:20.0164 5060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:44:20.0164 5060 WacomPen - ok
02:44:20.0211 5060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:20.0211 5060 Wanarp - ok
02:44:20.0226 5060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:20.0226 5060 Wanarpv6 - ok
02:44:20.0258 5060 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:44:20.0258 5060 Wd - ok
02:44:20.0304 5060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:44:20.0320 5060 Wdf01000 - ok
02:44:20.0398 5060 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
02:44:20.0398 5060 WmiAcpi - ok
02:44:20.0445 5060 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:44:20.0445 5060 WpdUsb - ok
02:44:20.0492 5060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:44:20.0492 5060 ws2ifsl - ok
02:44:20.0538 5060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:44:20.0554 5060 WUDFRd - ok
02:44:20.0616 5060 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
02:44:20.0616 5060 ZTEusbmdm6k - ok
02:44:20.0663 5060 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
02:44:20.0663 5060 ZTEusbnmea - ok
02:44:20.0694 5060 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
02:44:20.0694 5060 ZTEusbser6k - ok
02:44:20.0741 5060 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:44:20.0788 5060 \Device\Harddisk0\DR0 - ok
02:44:20.0804 5060 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
02:44:20.0850 5060 \Device\Harddisk1\DR1 - ok
02:44:20.0850 5060 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
02:44:20.0850 5060 \Device\Harddisk0\DR0\Partition0 - ok
02:44:20.0850 5060 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
02:44:20.0850 5060 \Device\Harddisk1\DR1\Partition0 - ok
02:44:20.0850 5060 ============================================================
02:44:20.0850 5060 Scan finished
02:44:20.0850 5060 ============================================================
02:44:20.0866 5052 Detected object count: 2
02:44:20.0866 5052 Actual detected object count: 2
02:44:59.0746 5052 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
02:44:59.0934 5052 Backup copy found, using it..
02:44:59.0949 5052 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
02:45:05.0643 5052 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
02:45:05.0643 5052 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:45:05.0643 5052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:45:24.0082 4520 Deinitialize success

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-26 13:01:10
-----------------------------
13:01:10.561 OS Version: Windows 6.0.6002 Service Pack 2
13:01:10.561 Number of processors: 4 586 0xF0B
13:01:10.562 ComputerName: MARK-PC UserName: Mark
13:01:11.149 Initialize success
13:05:05.446 AVAST engine defs: 12022602
13:08:29.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
13:08:29.171 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
13:08:29.173 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
13:08:29.176 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
13:08:29.207 Disk 0 MBR read successfully
13:08:29.211 Disk 0 MBR scan
13:08:29.216 Disk 0 Windows VISTA default MBR code
13:08:29.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
13:08:29.227 Disk 0 scanning sectors +312578048
13:08:29.302 Disk 0 scanning C:\Windows\system32\drivers
13:08:37.702 Service scanning
13:08:50.092 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:08:55.321 Modules scanning
13:08:59.436 Disk 0 trace - called modules:
13:08:59.450 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85bcb1f8]<<
13:08:59.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a2c0]
13:08:59.473 3 CLASSPNP.SYS[8b5aa8b3] -> nt!IofCallDriver -> [0x85c3a598]
13:08:59.480 5 acpi.sys[807bc6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85c7b8a0]
13:08:59.487 \Driver\atapi[0x85c3e6e8] -> IRP_MJ_CREATE -> 0x85bcb1f8
13:09:00.459 AVAST engine scan C:\Windows
13:09:02.935 AVAST engine scan C:\Windows\system32
13:11:24.873 AVAST engine scan C:\Windows\system32\drivers
13:11:34.875 AVAST engine scan C:\Users\Mark
13:13:02.760 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
13:13:02.766 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 02:50:04
-----------------------------
02:50:04.268 OS Version: Windows 6.0.6002 Service Pack 2
02:50:04.268 Number of processors: 4 586 0xF0B
02:50:04.284 ComputerName: MARK-PC UserName: Mark
02:50:05.828 Initialize success
02:50:13.129 AVAST engine defs: 12022602
02:50:18.433 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
02:50:18.433 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
02:50:18.433 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
02:50:18.433 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
02:50:18.449 Disk 0 MBR read successfully
02:50:18.449 Disk 0 MBR scan
02:50:18.449 Disk 0 Windows VISTA default MBR code
02:50:18.464 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
02:50:18.464 Disk 0 scanning sectors +312578048
02:50:18.589 Disk 0 scanning C:\Windows\system32\drivers
02:50:23.519 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
02:50:34.049 Disk 0 trace - called modules:
02:50:34.064 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xa030afc0]<<
02:50:34.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b0f620]
02:50:34.080 3 CLASSPNP.SYS[8b3aa8b3] -> nt!IofCallDriver -> [0x85340b70]
02:50:34.080 \Driver\00006739[0x8a2d5120] -> IRP_MJ_CREATE -> 0xa030afc0
02:50:35.343 AVAST engine scan C:\Windows
02:50:40.164 AVAST engine scan C:\Windows\system32
02:53:59.469 AVAST engine scan C:\Windows\system32\drivers
02:54:05.444 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-JQ [Trj]
02:54:24.663 AVAST engine scan C:\Users\Mark
02:54:56.004 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
02:54:56.035 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

04:15:46.0224 4600 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
04:15:46.0349 4600 ============================================================
04:15:46.0349 4600 Current date / time: 2012/02/27 04:15:46.0349
04:15:46.0349 4600 SystemInfo:
04:15:46.0349 4600
04:15:46.0349 4600 OS Version: 6.0.6002 ServicePack: 2.0
04:15:46.0349 4600 Product type: Workstation
04:15:46.0349 4600 ComputerName: MARK-PC
04:15:46.0349 4600 UserName: Mark
04:15:46.0349 4600 Windows directory: C:\Windows
04:15:46.0349 4600 System windows directory: C:\Windows
04:15:46.0349 4600 Processor architecture: Intel x86
04:15:46.0349 4600 Number of processors: 4
04:15:46.0349 4600 Page size: 0x1000
04:15:46.0349 4600 Boot type: Normal boot
04:15:46.0349 4600 ============================================================
04:15:47.0456 4600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:15:47.0472 4600 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:15:47.0472 4600 \Device\Harddisk0\DR0:
04:15:47.0472 4600 MBR used
04:15:47.0472 4600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
04:15:47.0472 4600 \Device\Harddisk1\DR1:
04:15:47.0472 4600 MBR used
04:15:47.0472 4600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
04:15:47.0519 4600 Initialize success
04:15:47.0519 4600 ============================================================
04:15:48.0720 4312 ============================================================
04:15:48.0720 4312 Scan started
04:15:48.0720 4312 Mode: Manual;
04:15:48.0720 4312 ============================================================
04:15:49.0781 4312 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:15:49.0796 4312 ACPI - ok
04:15:49.0874 4312 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
04:15:49.0874 4312 ADIHdAudAddService - ok
04:15:49.0937 4312 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:15:49.0952 4312 adp94xx - ok
04:15:50.0015 4312 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:15:50.0015 4312 adpahci - ok
04:15:50.0046 4312 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:15:50.0046 4312 adpu160m - ok
04:15:50.0062 4312 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:15:50.0062 4312 adpu320 - ok
04:15:50.0155 4312 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:15:50.0155 4312 AFD - ok
04:15:50.0202 4312 AFGMp50 - ok
04:15:50.0249 4312 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
04:15:50.0249 4312 AFGSp50 - ok
04:15:50.0311 4312 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:15:50.0311 4312 agp440 - ok
04:15:50.0342 4312 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:15:50.0342 4312 aic78xx - ok
04:15:50.0389 4312 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
04:15:50.0389 4312 aliide - ok
04:15:50.0420 4312 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:15:50.0420 4312 amdagp - ok
04:15:50.0436 4312 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
04:15:50.0436 4312 amdide - ok
04:15:50.0452 4312 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:15:50.0452 4312 AmdK7 - ok
04:15:50.0498 4312 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
04:15:50.0498 4312 AmdK8 - ok
04:15:50.0561 4312 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:15:50.0561 4312 arc - ok
04:15:50.0592 4312 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:15:50.0592 4312 arcsas - ok
04:15:50.0623 4312 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:15:50.0623 4312 AsyncMac - ok
04:15:50.0670 4312 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:15:50.0670 4312 atapi - ok
04:15:50.0732 4312 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:15:50.0732 4312 Beep - ok
04:15:50.0764 4312 blbdrive - ok
04:15:50.0810 4312 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:15:50.0810 4312 bowser - ok
04:15:50.0857 4312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:15:50.0857 4312 BrFiltLo - ok
04:15:50.0873 4312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:15:50.0873 4312 BrFiltUp - ok
04:15:50.0904 4312 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:15:50.0904 4312 Brserid - ok
04:15:50.0935 4312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:15:50.0935 4312 BrSerWdm - ok
04:15:50.0951 4312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:15:50.0951 4312 BrUsbMdm - ok
04:15:50.0966 4312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:15:50.0966 4312 BrUsbSer - ok
04:15:50.0998 4312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:15:50.0998 4312 BTHMODEM - ok
04:15:51.0091 4312 catchme - ok
04:15:51.0154 4312 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:15:51.0154 4312 cdfs - ok
04:15:51.0185 4312 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:15:51.0185 4312 cdrom - ok
04:15:51.0216 4312 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:15:51.0216 4312 circlass - ok
04:15:51.0263 4312 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:15:51.0263 4312 CLFS - ok
04:15:51.0294 4312 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
04:15:51.0294 4312 cmdide - ok
04:15:51.0310 4312 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
04:15:51.0310 4312 Compbatt - ok
04:15:51.0341 4312 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:15:51.0341 4312 crcdisk - ok
04:15:51.0388 4312 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:15:51.0388 4312 Crusoe - ok
04:15:51.0481 4312 DfsC (4ce25ee05f00ce7baa8bcf74a04a6bf2) C:\Windows\system32\Drivers\dfsc.sys
04:15:51.0481 4312 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 4ce25ee05f00ce7baa8bcf74a04a6bf2, Fake md5: a7179de59ae269ab70345527894ccd7c
04:15:51.0481 4312 DfsC ( Virus.Win32.ZAccess.c ) - infected
04:15:51.0481 4312 DfsC - detected Virus.Win32.ZAccess.c (0)
04:15:51.0575 4312 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:15:51.0575 4312 disk - ok
04:15:51.0668 4312 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
04:15:51.0668 4312 Dot4 - ok
04:15:51.0731 4312 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:15:51.0731 4312 Dot4Print - ok
04:15:51.0778 4312 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
04:15:51.0778 4312 dot4usb - ok
04:15:51.0824 4312 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:15:51.0824 4312 drmkaud - ok
04:15:51.0902 4312 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:15:51.0902 4312 DXGKrnl - ok
04:15:51.0934 4312 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:15:51.0934 4312 E1G60 - ok
04:15:51.0996 4312 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:15:51.0996 4312 Ecache - ok
04:15:52.0058 4312 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:15:52.0058 4312 elxstor - ok
04:15:52.0121 4312 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:15:52.0121 4312 exfat - ok
04:15:52.0168 4312 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:15:52.0168 4312 fastfat - ok
04:15:52.0199 4312 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:15:52.0199 4312 fdc - ok
04:15:52.0246 4312 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:15:52.0246 4312 FileInfo - ok
04:15:52.0292 4312 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:15:52.0292 4312 Filetrace - ok
04:15:52.0324 4312 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:15:52.0324 4312 flpydisk - ok
04:15:52.0339 4312 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:15:52.0339 4312 FltMgr - ok
04:15:52.0402 4312 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:15:52.0402 4312 Fs_Rec - ok
04:15:52.0448 4312 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:15:52.0448 4312 gagp30kx - ok
04:15:52.0542 4312 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:15:52.0542 4312 HdAudAddService - ok
04:15:52.0589 4312 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:15:52.0604 4312 HDAudBus - ok
04:15:52.0620 4312 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:15:52.0620 4312 HidBth - ok
04:15:52.0636 4312 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:15:52.0636 4312 HidIr - ok
04:15:52.0698 4312 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:15:52.0698 4312 HidUsb - ok
04:15:52.0729 4312 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:15:52.0729 4312 HpCISSs - ok
04:15:52.0823 4312 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:15:52.0823 4312 HTTP - ok
04:15:52.0885 4312 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
04:15:52.0885 4312 hwdatacard - ok
04:15:52.0885 4312 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:15:52.0901 4312 i2omp - ok
04:15:52.0948 4312 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:15:52.0948 4312 i8042prt - ok
04:15:52.0979 4312 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:15:52.0979 4312 iaStorV - ok
04:15:53.0010 4312 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:15:53.0010 4312 iirsp - ok
04:15:53.0041 4312 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
04:15:53.0041 4312 intelide - ok
04:15:53.0088 4312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:15:53.0088 4312 intelppm - ok
04:15:53.0150 4312 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:15:53.0150 4312 IpFilterDriver - ok
04:15:53.0166 4312 IpInIp - ok
04:15:53.0197 4312 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:15:53.0197 4312 IPMIDRV - ok
04:15:53.0228 4312 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:15:53.0228 4312 IPNAT - ok
04:15:53.0275 4312 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:15:53.0275 4312 IRENUM - ok
04:15:53.0291 4312 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:15:53.0291 4312 isapnp - ok
04:15:53.0338 4312 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:15:53.0338 4312 iScsiPrt - ok
04:15:53.0369 4312 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:15:53.0369 4312 iteatapi - ok
04:15:53.0384 4312 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:15:53.0384 4312 iteraid - ok
04:15:53.0478 4312 jbridgep - ok
04:15:53.0509 4312 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:15:53.0509 4312 kbdclass - ok
04:15:53.0540 4312 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:15:53.0540 4312 kbdhid - ok
04:15:53.0618 4312 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
04:15:53.0618 4312 KSecDD - ok
04:15:53.0665 4312 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:15:53.0665 4312 lltdio - ok
04:15:53.0712 4312 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:15:53.0712 4312 LSI_FC - ok
04:15:53.0743 4312 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:15:53.0743 4312 LSI_SAS - ok
04:15:53.0790 4312 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:15:53.0790 4312 LSI_SCSI - ok
04:15:53.0821 4312 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:15:53.0821 4312 luafv - ok
04:15:53.0868 4312 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
04:15:53.0868 4312 massfilter - ok
04:15:53.0899 4312 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
04:15:53.0899 4312 MBAMProtector - ok
04:15:53.0962 4312 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
04:15:53.0962 4312 mbmiodrvr - ok
04:15:53.0993 4312 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:15:53.0993 4312 megasas - ok
04:15:54.0024 4312 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:15:54.0024 4312 Modem - ok
04:15:54.0086 4312 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:15:54.0086 4312 monitor - ok
04:15:54.0118 4312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:15:54.0118 4312 mouclass - ok
04:15:54.0133 4312 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:15:54.0133 4312 mouhid - ok
04:15:54.0164 4312 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:15:54.0164 4312 MountMgr - ok
04:15:54.0211 4312 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:15:54.0211 4312 mpio - ok
04:15:54.0242 4312 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:15:54.0242 4312 mpsdrv - ok
04:15:54.0274 4312 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:15:54.0274 4312 Mraid35x - ok
04:15:54.0336 4312 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
04:15:54.0336 4312 MRV6X32P - ok
04:15:54.0383 4312 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:15:54.0383 4312 MRxDAV - ok
04:15:54.0430 4312 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:15:54.0430 4312 mrxsmb - ok
04:15:54.0476 4312 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:15:54.0476 4312 mrxsmb10 - ok
04:15:54.0492 4312 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:15:54.0492 4312 mrxsmb20 - ok
04:15:54.0523 4312 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
04:15:54.0523 4312 msahci - ok
04:15:54.0554 4312 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:15:54.0554 4312 msdsm - ok
04:15:54.0617 4312 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:15:54.0617 4312 Msfs - ok
04:15:54.0664 4312 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:15:54.0664 4312 msisadrv - ok
04:15:54.0726 4312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:15:54.0726 4312 MSKSSRV - ok
04:15:54.0773 4312 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:15:54.0773 4312 MSPCLOCK - ok
04:15:54.0835 4312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:15:54.0835 4312 MSPQM - ok
04:15:54.0866 4312 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:15:54.0882 4312 MsRPC - ok
04:15:54.0913 4312 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:15:54.0913 4312 mssmbios - ok
04:15:54.0960 4312 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:15:54.0960 4312 MSTEE - ok
04:15:54.0991 4312 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
04:15:54.0991 4312 MTsensor - ok
04:15:55.0007 4312 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:15:55.0007 4312 Mup - ok
04:15:55.0054 4312 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:15:55.0054 4312 NativeWifiP - ok
04:15:55.0085 4312 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:15:55.0085 4312 NDIS - ok
04:15:55.0132 4312 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:15:55.0132 4312 NdisTapi - ok
04:15:55.0163 4312 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:15:55.0163 4312 Ndisuio - ok
04:15:55.0178 4312 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:15:55.0178 4312 NdisWan - ok
04:15:55.0225 4312 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:15:55.0225 4312 NDProxy - ok
04:15:55.0272 4312 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:15:55.0272 4312 NetBIOS - ok
04:15:55.0350 4312 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
04:15:55.0350 4312 netbt - ok
04:15:55.0397 4312 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:15:55.0397 4312 nfrd960 - ok
04:15:55.0444 4312 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:15:55.0444 4312 Npfs - ok
04:15:55.0475 4312 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:15:55.0475 4312 nsiproxy - ok
04:15:55.0553 4312 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:15:55.0584 4312 Ntfs - ok
04:15:55.0615 4312 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:15:55.0615 4312 ntrigdigi - ok
04:15:55.0678 4312 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
04:15:55.0678 4312 NuidFltr - ok
04:15:55.0709 4312 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:15:55.0709 4312 Null - ok
04:15:55.0787 4312 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
04:15:55.0818 4312 NVENETFD - ok
04:15:56.0114 4312 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:15:56.0317 4312 nvlddmkm - ok
04:15:56.0348 4312 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
04:15:56.0348 4312 nvraid - ok
04:15:56.0395 4312 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
04:15:56.0395 4312 nvstor - ok
04:15:56.0426 4312 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
04:15:56.0426 4312 nvstor32 - ok
04:15:56.0489 4312 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:15:56.0489 4312 nv_agp - ok
04:15:56.0504 4312 NwlnkFlt - ok
04:15:56.0520 4312 NwlnkFwd - ok
04:15:56.0582 4312 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:15:56.0582 4312 ohci1394 - ok
04:15:56.0598 4312 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:15:56.0598 4312 Parport - ok
04:15:56.0645 4312 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:15:56.0645 4312 partmgr - ok
04:15:56.0676 4312 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:15:56.0676 4312 Parvdm - ok
04:15:56.0707 4312 PCASp50 - ok
04:15:56.0754 4312 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:15:56.0754 4312 pci - ok
04:15:56.0816 4312 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:15:56.0816 4312 pciide - ok
04:15:56.0863 4312 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:15:56.0863 4312 pcmcia - ok
04:15:56.0957 4312 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:15:56.0972 4312 PEAUTH - ok
04:15:57.0050 4312 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
04:15:57.0050 4312 Point32 - ok
04:15:57.0066 4312 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:15:57.0066 4312 PptpMiniport - ok
04:15:57.0097 4312 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:15:57.0097 4312 Processor - ok
04:15:57.0160 4312 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:15:57.0160 4312 PSched - ok
04:15:57.0222 4312 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:15:57.0253 4312 ql2300 - ok
04:15:57.0284 4312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:15:57.0284 4312 ql40xx - ok
04:15:57.0316 4312 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:15:57.0316 4312 QWAVEdrv - ok
04:15:57.0362 4312 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:15:57.0362 4312 RasAcd - ok
04:15:57.0394 4312 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:15:57.0394 4312 Rasl2tp - ok
04:15:57.0440 4312 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:15:57.0440 4312 RasPppoe - ok
04:15:57.0472 4312 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:15:57.0472 4312 RasSstp - ok
04:15:57.0518 4312 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:15:57.0534 4312 rdbss - ok
04:15:57.0565 4312 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:15:57.0565 4312 RDPCDD - ok
04:15:57.0612 4312 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:15:57.0628 4312 rdpdr - ok
04:15:57.0628 4312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:15:57.0628 4312 RDPENCDD - ok
04:15:57.0674 4312 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:15:57.0674 4312 RDPWD - ok
04:15:57.0721 4312 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:15:57.0721 4312 rspndr - ok
04:15:57.0752 4312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:15:57.0752 4312 sbp2port - ok
04:15:57.0815 4312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:15:57.0815 4312 secdrv - ok
04:15:57.0846 4312 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:15:57.0846 4312 Serenum - ok
04:15:57.0877 4312 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:15:57.0877 4312 Serial - ok
04:15:57.0924 4312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:15:57.0924 4312 sermouse - ok
04:15:57.0940 4312 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:15:57.0940 4312 sffdisk - ok
04:15:57.0971 4312 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:15:57.0971 4312 sffp_mmc - ok
04:15:57.0986 4312 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:15:57.0986 4312 sffp_sd - ok
04:15:58.0018 4312 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:15:58.0018 4312 sfloppy - ok
04:15:58.0064 4312 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:15:58.0064 4312 sisagp - ok
04:15:58.0096 4312 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:15:58.0096 4312 SiSRaid2 - ok
04:15:58.0111 4312 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:15:58.0111 4312 SiSRaid4 - ok
04:15:58.0158 4312 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:15:58.0158 4312 Smb - ok
04:15:58.0205 4312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:15:58.0205 4312 spldr - ok
04:15:58.0267 4312 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
04:15:58.0267 4312 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
04:15:58.0283 4312 sptd ( LockedFile.Multi.Generic ) - warning
04:15:58.0283 4312 sptd - detected LockedFile.Multi.Generic (1)
04:15:58.0330 4312 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:15:58.0330 4312 srv - ok
04:15:58.0376 4312 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:15:58.0376 4312 srv2 - ok
04:15:58.0423 4312 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:15:58.0423 4312 srvnet - ok
04:15:58.0517 4312 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:15:58.0517 4312 swenum - ok
04:15:58.0564 4312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:15:58.0564 4312 Symc8xx - ok
04:15:58.0579 4312 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:15:58.0579 4312 Sym_hi - ok
04:15:58.0610 4312 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:15:58.0610 4312 Sym_u3 - ok
04:15:58.0673 4312 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:15:58.0673 4312 Tcpip - ok
04:15:58.0704 4312 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:15:58.0720 4312 Tcpip6 - ok
04:15:58.0751 4312 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:15:58.0751 4312 tcpipreg - ok
04:15:58.0813 4312 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:15:58.0813 4312 TDPIPE - ok
04:15:58.0829 4312 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:15:58.0829 4312 TDTCP - ok
04:15:58.0876 4312 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:15:58.0876 4312 tdx - ok
04:15:58.0907 4312 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:15:58.0922 4312 TermDD - ok
04:15:58.0954 4312 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:15:58.0954 4312 tssecsrv - ok
04:15:59.0016 4312 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:15:59.0016 4312 tunmp - ok
04:15:59.0047 4312 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:15:59.0047 4312 tunnel - ok
04:15:59.0094 4312 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:15:59.0094 4312 uagp35 - ok
04:15:59.0141 4312 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:15:59.0141 4312 udfs - ok
04:15:59.0172 4312 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:15:59.0172 4312 uliagpkx - ok
04:15:59.0203 4312 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:15:59.0203 4312 uliahci - ok
04:15:59.0234 4312 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:15:59.0234 4312 UlSata - ok
04:15:59.0250 4312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:15:59.0250 4312 ulsata2 - ok
04:15:59.0297 4312 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:15:59.0297 4312 umbus - ok
04:15:59.0328 4312 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:15:59.0328 4312 usbccgp - ok
04:15:59.0359 4312 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:15:59.0359 4312 usbcir - ok
04:15:59.0406 4312 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:15:59.0406 4312 usbehci - ok
04:15:59.0437 4312 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:15:59.0453 4312 usbhub - ok
04:15:59.0468 4312 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:15:59.0484 4312 usbohci - ok
04:15:59.0515 4312 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:15:59.0515 4312 usbprint - ok
04:15:59.0562 4312 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:15:59.0578 4312 usbscan - ok
04:15:59.0609 4312 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:15:59.0609 4312 USBSTOR - ok
04:15:59.0624 4312 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
04:15:59.0624 4312 usbuhci - ok
04:15:59.0656 4312 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
04:15:59.0656 4312 USB_RNDIS - ok
04:15:59.0702 4312 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:15:59.0702 4312 vga - ok
04:15:59.0765 4312 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:15:59.0765 4312 VgaSave - ok
04:15:59.0827 4312 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:15:59.0827 4312 viaagp - ok
04:15:59.0858 4312 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:15:59.0858 4312 ViaC7 - ok
04:15:59.0874 4312 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
04:15:59.0874 4312 viaide - ok
04:15:59.0921 4312 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:15:59.0921 4312 volmgr - ok
04:15:59.0968 4312 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:15:59.0968 4312 volmgrx - ok
04:16:00.0014 4312 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:16:00.0014 4312 volsnap - ok
04:16:00.0046 4312 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:16:00.0046 4312 vsmraid - ok
04:16:00.0077 4312 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:16:00.0077 4312 WacomPen - ok
04:16:00.0108 4312 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:00.0108 4312 Wanarp - ok
04:16:00.0139 4312 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:00.0139 4312 Wanarpv6 - ok
04:16:00.0170 4312 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:16:00.0170 4312 Wd - ok
04:16:00.0217 4312 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:16:00.0217 4312 Wdf01000 - ok
04:16:00.0311 4312 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
04:16:00.0311 4312 WmiAcpi - ok
04:16:00.0342 4312 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:16:00.0342 4312 WpdUsb - ok
04:16:00.0389 4312 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:16:00.0389 4312 ws2ifsl - ok
04:16:00.0436 4312 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:16:00.0436 4312 WUDFRd - ok
04:16:00.0498 4312 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
04:16:00.0498 4312 ZTEusbmdm6k - ok
04:16:00.0560 4312 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
04:16:00.0560 4312 ZTEusbnmea - ok
04:16:00.0576 4312 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
04:16:00.0592 4312 ZTEusbser6k - ok
04:16:00.0623 4312 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:16:00.0670 4312 \Device\Harddisk0\DR0 - ok
04:16:00.0685 4312 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
04:16:00.0732 4312 \Device\Harddisk1\DR1 - ok
04:16:00.0732 4312 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
04:16:00.0732 4312 \Device\Harddisk0\DR0\Partition0 - ok
04:16:00.0732 4312 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
04:16:00.0732 4312 \Device\Harddisk1\DR1\Partition0 - ok
04:16:00.0732 4312 ============================================================
04:16:00.0732 4312 Scan finished
04:16:00.0732 4312 ============================================================
04:16:00.0748 5272 Detected object count: 2
04:16:00.0748 5272 Actual detected object count: 2
04:16:06.0395 5272 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
04:16:09.0796 5272 Backup copy not found, trying to cure infected file..
04:16:09.0827 5272 Cure success, using it..
04:16:09.0827 5272 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
04:16:12.0931 5272 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
04:16:12.0931 5272 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:16:12.0931 5272 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
04:16:29.0296 4224 Deinitialize success