WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

dns.exe(Trojan Dropper) [Closed]

Started by EmC88 , Mar 18 2013 06:18 PM

This topic is locked

7 replies to this topic

#1 EmC88

New Member

New Member
3 posts

Posted 18 March 2013 - 06:18 PM

So I was browsing around the internet to reinstall Gimp. I went to a website to where I had thought to have downloaded it. While it was halfway through the download, my Norton Security Suit went off and told me that it blocked the Trojan named "dns.exe(Trojan.Dropper)". While I thought this was the only problem on my computer that it detected, when I was browsing my DA I noticed that some text was underlined in red. When I hover above the text it showed these two malicious sites (Discount Buddy and Tidy Network). After that, I couldn't figure out how to delete it or add it to the quarantine section of my security suit. So please can you tell me how to delete this program and if it can still cause harm to my computer even if it is blocked? And also when I loged intmy yahoo account it had 225 messages in the spam box from malicious websites and when I checked my inbox it said that someone from Iceland tried to log into my account. Can someone help me here I also have their IP adress. I also have the location of the attack . Its from Iceland and I also have his/her IP address.(85.220.23.99). The site name is www.GetGimp.com Just search it in google and when you click on the BIG download button (NOTE: DONT DO IT UNLESS IF YOU WANT TO GET IT TWO!!!) Then after its done it will install the Dropper, the malware/spyware and then youl end up like me. So please help spread that this site is not safe, and it looks almost exactly like the TRUE Gimp site.

Edited by EmC88, 19 March 2013 - 04:22 PM.

Advertisements

Register to Remove

#2 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 19 March 2013 - 11:09 PM

Hi and Welcome!! Emc88

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!

======================================

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

============ Next ==============

Scan with OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

=============================== Next =======================================

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

On your next reply please post :
checkup.txt
OTL.txt
Extras.txt
TDSSKiller log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation

#3 EmC88

New Member

New Member
3 posts

Posted 20 March 2013 - 05:05 PM

Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.6.602.180
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Empowering Technology eSettings Service capuserv.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 26 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

OTL logfile created on: 3/20/2013 4:24:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ethan\Pictures
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 45.12% Memory free
5.70 Gb Paging File | 3.72 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 0.64 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 49.97 Gb Free Space | 98.21% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ethan\Pictures\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe (Symantec Corporation)
PRC - C:\Users\Ethan\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\49fb1905333f84fce2906ea3d2571084\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bdf6500c4c3b2d6ec6c02f2b8155d5dd\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e67c93130bccca9ecab38df6cd2e60cb\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a40abd2f2caf5cb5c4509dd5fb552eda\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f9d4a89fc32b5a458c0a02c48dc8538e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Constant Guard Protection Suite\IDVault.XmlSerializers.dll ()
MOD - C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll ()
MOD - C:\Program Files\Constant Guard Protection Suite\sqlite3.dll ()
MOD - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\wincfi39.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()

========== Services (SafeList) ==========

SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (IDVaultSvc) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- C:/windows/system32\winhttp.dll ()
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130320.006\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130320.006\NAVENG.SYS (Symantec Corporation)
DRV - (AntiLog32) -- C:\Windows\System32\drivers\AntiLog32.sys (Zemana Ltd.)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130319.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (keycrypt) -- C:\Windows\System32\drivers\KeyCrypt32.sys (Zemana Ltd.)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys (Symantec Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\1402000.013\symtdiv.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys (Symantec Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT2418376
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Ethan\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.xfinit...q={searchTerms}
IE - HKCU\..\SearchScopes\{4D37F29A-1040-44AC-AB24-E18001D48B9E}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{868BFF01-9EB6-4538-A047-0B314165A1D5}: "URL" = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT2418376
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://Bing.zugo.com...cfg=2-71-0-BkIn

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Xfinity.com Search"
FF - prefs.js..browser.search.selectedEngine: "Xfinity.com Search"
FF - prefs.js..browser.search.order.1: "Xfinity.com Search"
FF - prefs.js..keyword.URL: "http://search.xfinit...tech_search&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/01/01 21:22:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/03/20 16:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

[2012/07/07 22:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Extensions
[2013/03/17 18:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\zgeb3h5q.default\extensions
[2013/01/01 13:37:42 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\zgeb3h5q.default\extensions\idvaultaddin@whitesky
File not found (No name found) -- C:\USERS\ETHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZGEB3H5Q.DEFAULT\EXTENSIONS\TIDYNETWORK@TIDYNETWORK

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Ethan\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 0.0.1 ([127] * in Computer)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7BDD46-E55A-4F8F-8B14-9366C29D1E13}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:/windows/system32\mscoree.dll ()
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:/windows/system32\mscoree.dll ()
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:/windows/system32\mscoree.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:/windows/system32\sysdm.cpl ()
O29 - HKLM SecurityProviders - (credssp.dll) - C:/windows/system32\credssp.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{017240ee-d2a0-11dd-b060-001e68137028}\Shell - "" = AutoRun
O33 - MountPoints2\{017240ee-d2a0-11dd-b060-001e68137028}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{45769761-892d-11e0-995b-001e68137028}\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 16:05:08 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{8166DCE1-C01D-4205-9BD5-10713C8F1D3E}
[2013/03/19 16:06:40 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{F2303248-52F4-4969-88F4-39986D6F60C8}
[2013/03/19 06:26:09 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{E0776C8D-21AE-4B9D-A2D9-35E5EBC6AC30}
[2013/03/18 06:39:48 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{CCC5A1DA-B923-4694-A66C-674CEB43D925}
[2013/03/17 19:32:05 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\Ethan\Desktop\NPE.exe
[2013/03/17 19:16:14 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\NPE
[2013/03/17 17:58:53 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\Discount Buddy
[2013/03/17 08:49:46 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{1FA0F607-B470-4758-BF10-7187FD9D1FD0}
[2013/03/16 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{72543635-05D2-40D9-96E6-5D654E434A74}
[2013/03/15 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{1E3E0080-0C04-408A-B4D7-135134AA80B0}
[2013/03/15 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{677462C6-B867-40E5-B3D3-4BDE002F5C8E}
[2013/03/15 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{9CD87619-4265-432E-91FE-02DA09D086F4}
[2013/03/15 06:41:31 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{93B73B5B-FE87-4943-89E8-9D41CC3A613D}
[2013/03/15 06:41:30 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{81138CD9-87A0-492F-9962-C907C7C6563C}
[2013/03/14 11:04:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/14 10:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{704126E6-5C23-40B9-9709-2E831D3BC163}
[2013/03/14 10:29:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 10:29:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 10:29:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 10:29:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 10:29:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 10:29:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 10:29:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 10:29:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/14 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{27AC428D-AC95-40C9-AC99-4C82B434956D}
[2013/03/11 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\Ethan\AppData\Local\{DE9FB93C-FC43-436E-8CBD-5680CA512A88}
[2013/03/11 18:02:16 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/03/11 17:59:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/03/11 17:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/03/11 17:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/03/11 17:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/03/01 17:47:43 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/03/01 17:47:42 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/03/01 17:47:32 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/03/01 17:47:31 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/18 17:22:40 | 000,025,936 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\KeyCrypt32.sys
[2013/02/18 17:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\KeyCryptSDK
[2013/02/18 17:22:39 | 007,369,552 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\ZALSDKCore.dll
[2013/02/18 17:22:39 | 000,082,320 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\AntiLog32.sys
[2013/02/18 17:22:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZALSDK_uninst
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 16:20:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 16:12:30 | 000,890,798 | ---- | M] () -- C:\Users\Ethan\Desktop\SecurityCheck.exe
[2013/03/20 16:04:10 | 000,069,661 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/03/20 16:03:14 | 000,069,661 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/03/20 16:03:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 16:03:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 16:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 16:02:47 | 2951,122,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 06:31:00 | 000,613,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/19 06:31:00 | 000,108,528 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/17 19:44:05 | 000,000,680 | ---- | M] () -- C:\Users\Ethan\AppData\Local\d3d9caps.dat
[2013/03/17 19:15:31 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Ethan\Desktop\NPE.exe
[2013/03/14 19:53:16 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013/03/14 19:38:09 | 000,000,104 | ---- | M] () -- C:\Users\Ethan\Desktop\Recycle Bin - Shortcut.lnk
[2013/03/14 19:21:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/14 19:21:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/11 17:21:52 | 000,298,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/18 17:22:39 | 000,082,320 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\AntiLog32.sys
[2013/02/18 17:22:33 | 000,002,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2013/02/18 17:22:31 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/20 16:12:29 | 000,890,798 | ---- | C] () -- C:\Users\Ethan\Desktop\SecurityCheck.exe
[2013/03/14 19:38:09 | 000,000,104 | ---- | C] () -- C:\Users\Ethan\Desktop\Recycle Bin - Shortcut.lnk
[2013/03/11 17:58:45 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/03/11 17:57:18 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/03/11 17:51:53 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/03/11 17:47:02 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/02/18 17:22:29 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2013/01/01 16:55:41 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/12/07 19:09:11 | 000,002,091 | ---- | C] () -- C:\Users\Ethan\.recently-used.xbel
[2012/08/16 09:01:48 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2010/11/13 16:48:40 | 000,069,661 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/13 16:48:40 | 000,069,661 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/07 22:16:57 | 000,000,093 | ---- | C] () -- C:\Users\Ethan\AppData\Local\fusioncache.dat
[2009/07/30 14:11:33 | 000,001,357 | ---- | C] () -- C:\ProgramData\lxdi
[2008/12/26 17:21:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/11 22:00:57 | 000,000,680 | ---- | C] () -- C:\Users\Ethan\AppData\Local\d3d9caps.dat
[2008/09/20 13:38:53 | 000,007,168 | ---- | C] () -- C:\Users\Ethan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/05 18:00:34 | 000,027,335 | ---- | C] () -- C:\Users\Ethan\AppData\Roaming\nvModes.001
[2008/09/05 18:00:33 | 000,027,335 | ---- | C] () -- C:\Users\Ethan\AppData\Roaming\nvModes.dat
[1999/07/06 18:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
[1999/07/06 18:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\4C3B2B99-ECAA-4D9D-B9D5-9F7442A71C71

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/09/05 04:34:24 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Acer
[2010/05/06 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Atari
[2012/04/22 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Autodesk
[2012/05/02 17:33:33 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\AVG
[2010/06/09 06:50:49 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\BitZipper
[2010/03/18 12:01:41 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Blitware
[2010/06/26 10:35:41 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\DAEMON Tools Lite
[2013/01/01 15:19:57 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\GetRightToGo
[2012/12/07 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\gtk-2.0
[2013/03/20 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\ID Vault
[2009/02/27 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\IObit
[2008/09/05 04:34:23 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Leadertech
[2009/03/10 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Lexmark Productivity Studio
[2012/11/10 00:19:25 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\OpenOffice.org
[2013/01/04 09:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\SecondLife
[2012/05/10 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\SoftGrid Client
[2012/09/23 09:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Sony
[2010/09/07 16:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\TP
[2012/10/01 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\TuneUp Software
[2009/01/07 12:21:39 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Uniblue
[2012/07/02 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Ethan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/08/16 07:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/09/05 16:37:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/09/05 16:37:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1200BEVS-22UST0 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 51.00GB
Starting Offset: 10479468544
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 51.00GB
Starting Offset: 65394442240
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >

OTL Extras logfile created on: 3/20/2013 4:24:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ethan\Pictures
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 45.12% Memory free
5.70 Gb Paging File | 3.72 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 0.64 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 49.97 Gb Free Space | 98.21% Space Free | Partition Type: NTFS

Computer Name: ETHAN-PC | User Name: Ethan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BF5422-2BDA-4D5C-8929-5006E0577623}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1B4DEEA7-3D0C-4FD3-BD71-11ADDE4DABFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C69502A-F49D-45C2-88A0-57C992BAB06D}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B33113F-384E-42A3-A549-EB0CE998848A}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C07154E-8F50-488E-B474-1AB73545FDCF}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F240598-6E47-4349-9BEF-6990ACB90F2B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5C8817F9-4973-4488-879C-B8DCD5E743C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{62EEFC50-0C1E-47A2-B23C-6D9F1F6BE9CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{657D1A7F-10B3-4D03-9E53-275EF5FB7F31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B765DE0-F5D1-46E7-844C-65FF2FF8C0CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A191928C-8D34-4D43-A6CF-4E1BDC8E09BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3385F82-2341-4F8A-89AD-6FE23483FF30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7207E25-162B-4B11-9BAD-D7E3ACE040EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{D006C5F0-F1CA-4DB9-8A25-BBE90E55BEBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0C1D5B8-E5DD-4CD6-B382-AD1D20F06A58}" = rport=139 | protocol=6 | dir=out | app=system |
"{DEC817DA-8DB4-4D64-8E59-D7F7B388B914}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E7950DFE-9032-48D4-A7B0-603144C686E0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC359730-7F22-484F-A1BB-767F30738718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE06302D-2772-45B4-B700-E69C420C23D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0F3DF5A-629C-4C71-AA16-1595B9DCDC10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E89D1-C09E-4A2E-B211-CBA750BF13AE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{027EFFEF-61F6-4B7E-8DA8-67672F0CB02C}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{055A4D42-3BBA-47FB-8339-2BF4917C7EA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{05D19F80-E6BA-4F45-BB52-7F0436A172B3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{0D64D28C-20E1-427A-8A24-07B5321644EA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1500FA78-5012-4AA2-8186-3E4E713E2124}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{1631217C-5014-4AE4-B291-FF30CD38E035}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{21E0D3F3-2C18-4E57-8EBE-F6AEEEF42D50}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{245EEC3E-A3EC-4D4E-8799-37495D5C09C6}" = protocol=6 | dir=in | app=i:\documents\ea games\battlefield 2142\bf2142.exe |
"{24F59028-3D4C-445C-861D-7FCAAC059698}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{29973AC4-736D-43E9-B4A5-95BE5BB483D7}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{30A08DC9-D681-487E-B8DB-29EFE801382D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{39A1F0BF-A8C6-4A4A-91BF-D707435AE994}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3F381F35-9EA4-4C97-98FF-15FC67331192}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{4523A59F-7661-4D6D-9A38-6C83493736BA}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{48DC8C42-96FB-4F7F-9BD9-148F666623BE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{4D57DEE6-9901-4490-9122-FAE9395A2A56}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{54A54E08-8F67-48E9-8CD1-46F2F192703F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57584DB2-E460-4D5C-83B8-02335354CE21}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{57D9935F-D40F-4C95-9A6A-C3BA3EBB003E}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{5A3769DA-15EC-4C22-BC86-024AF0D9886E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{629F0572-DB96-4E81-9CE9-429FA961B829}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{66ABFE7C-518E-4FA4-B51C-8263911A0459}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{67EA7F03-BFA7-4CFD-8E63-A63C03696477}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{690F9576-D658-4DF0-8EEA-7C13D04A71D0}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{692E3C58-ED31-4C6D-A4DC-9324AE20A1F5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6B18D848-3254-4879-8E92-59B43D4F8043}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{6DA0E285-194F-4470-AB3E-AFFF1CABC964}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{6E3B8E31-3EB1-42AE-AD73-CB3CEF4D2C89}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{79845857-B4B4-4CDD-8950-0C8142A3075D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{882EEAA8-2880-47BB-B2CA-ABCAF3A89BA2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{8A2ED094-41EF-4AD9-BDDA-B439B19C7CC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CDDC7CE-F6D8-49CA-A57C-040686762BAC}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{9B0CE279-6686-4CF9-BCD9-E0309A3A95DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9C9647DC-BC9E-4965-9AC3-C5519E01EE63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4A85534-7D9F-404E-B18A-BF099291DB7F}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{A9388547-0A31-4169-BB61-3CBBA5B30120}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{B50F7637-34B9-44E8-A294-F3E27910CE16}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B8BDBFFE-4F6A-465A-AA82-701A2FF38736}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{B924930E-EF04-41B7-82D8-998D82D5FB3E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE23C0A0-8B24-4C27-A9D2-1831CB2FB8D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D513E4AA-91F4-43EE-A1C5-83BAF1A10294}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{D9EC4ED4-17C4-44F2-A428-8B7846F970D0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DA574521-7556-4939-BF27-FE3CBF44EB94}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{E5F3AC16-B94C-49E2-986D-3291CF44064F}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{E8BB74B1-9BAF-4F24-B066-C0F3FFAE208E}" = protocol=17 | dir=in | app=i:\documents\ea games\battlefield 2142\bf2142.exe |
"{F2CD1F5B-64D1-4429-9350-AF9DF52E3023}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F9ED6ABA-1C88-4088-9B04-9C430652F42F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB498B97-BD1A-4DA6-9653-5499B54E5B02}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{11219140-A060-49F0-B00D-752BC2AA53FA}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"TCP Query User{23D60847-B7B8-452B-99D4-36C4538AFAFC}C:\westwood\c&c95\cncnet.exe" = protocol=6 | dir=in | app=c:\westwood\c&c95\cncnet.exe |
"TCP Query User{3ACC11CF-BFA7-48B9-952E-FE10870F5036}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{40542E5C-6D16-4E60-9E8A-AC0B76071C40}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{66D13E62-FC81-4247-986B-FBC9CFCE0AA4}C:\westwood\c&c95\c&c95.exe" = protocol=6 | dir=in | app=c:\westwood\c&c95\c&c95.exe |
"TCP Query User{67524FD9-F133-4FF7-869B-E69BC942BDE9}C:\users\ethan\downloads\marathoninfinity-20120514-win\marathon infinity\marathon infinity.exe" = protocol=6 | dir=in | app=c:\users\ethan\downloads\marathoninfinity-20120514-win\marathon infinity\marathon infinity.exe |
"TCP Query User{716546FB-4725-497A-858A-DC6D303B7EF8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{856A55CE-E8EA-43EC-ADC9-F1CF75CE3E4E}C:\users\ethan\downloads\marathon-20120514-win\marathon (a1)\marathon.exe" = protocol=6 | dir=in | app=c:\users\ethan\downloads\marathon-20120514-win\marathon (a1)\marathon.exe |
"TCP Query User{9C1C86EB-B1E5-4946-96B6-2C972E90B317}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{F4078EE3-2077-433C-BBB8-09A61EBA336B}F:\battlefield 2142 deluxe edition\bf2142.exe" = protocol=6 | dir=in | app=f:\battlefield 2142 deluxe edition\bf2142.exe |
"UDP Query User{059856E5-8E99-49A9-80DA-1D3E07B0F038}C:\westwood\c&c95\cncnet.exe" = protocol=17 | dir=in | app=c:\westwood\c&c95\cncnet.exe |
"UDP Query User{27112585-27BC-4F51-85A8-BE96C27A21DF}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"UDP Query User{2FA173CD-9676-401F-929C-87B0836E134A}C:\westwood\c&c95\c&c95.exe" = protocol=17 | dir=in | app=c:\westwood\c&c95\c&c95.exe |
"UDP Query User{3F791092-D102-4BB0-8304-8DECA453CC5F}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{4770E361-E08F-4DD2-A577-6822D06DCB56}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{65A14807-0C03-4470-B270-75C1FD9579EA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8069B240-5E65-4AE8-AD5E-73DB90E9583E}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"UDP Query User{A4942A89-C1BC-46A9-B431-6997DD02AB6F}C:\users\ethan\downloads\marathoninfinity-20120514-win\marathon infinity\marathon infinity.exe" = protocol=17 | dir=in | app=c:\users\ethan\downloads\marathoninfinity-20120514-win\marathon infinity\marathon infinity.exe |
"UDP Query User{B86BA858-F343-4A0C-9528-8F2BCCDCB475}F:\battlefield 2142 deluxe edition\bf2142.exe" = protocol=17 | dir=in | app=f:\battlefield 2142 deluxe edition\bf2142.exe |
"UDP Query User{E5F0B728-49AC-4A64-ABFB-FF8003A767CB}C:\users\ethan\downloads\marathon-20120514-win\marathon (a1)\marathon.exe" = protocol=17 | dir=in | app=c:\users\ethan\downloads\marathon-20120514-win\marathon (a1)\marathon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047D47E3-7275-4B6E-AE56-63CA6BB2EA6D}" = Winbond CIR Drivers
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.4.6.637
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.50.03
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID Vault" = Constant Guard Protection Suite
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SecondLifeViewer" = SecondLifeViewer (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2013 8:45:27 AM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/18/2013 8:45:28 AM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 3/19/2013 12:25:27 AM | Computer Name = Ethan-PC | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 12.2.0.8 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c28 Start Time: 01ce2433804deaee Termination Time: 37

Error - 3/19/2013 12:26:38 AM | Computer Name = Ethan-PC | Source = IDVault | ID = 0
Description = Application not started Process with an Id of 112892 is not running.

Error - 3/19/2013 8:29:38 AM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/19/2013 8:29:38 AM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/19/2013 8:29:39 AM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 3/20/2013 6:11:30 PM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/20/2013 6:11:30 PM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/20/2013 6:11:30 PM | Computer Name = Ethan-PC | Source = MsiInstaller | ID = 1023
Description =

[ System Events ]
Error - 3/19/2013 6:04:55 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/19/2013 6:04:55 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/20/2013 6:02:23 PM | Computer Name = Ethan-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/20/2013 6:02:40 PM | Computer Name = Ethan-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/20/2013 6:03:17 PM | Computer Name = Ethan-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 3/20/2013 6:03:32 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2013 6:03:32 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2013 6:03:32 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/20/2013 6:03:32 PM | Computer Name = Ethan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/20/2013 6:12:33 PM | Computer Name = Ethan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

16:51:08.0914 26188 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:51:10.0957 26188 ============================================================
16:51:10.0957 26188 Current date / time: 2013/03/20 16:51:10.0957
16:51:10.0957 26188 SystemInfo:
16:51:10.0957 26188
16:51:10.0957 26188 OS Version: 6.0.6002 ServicePack: 2.0
16:51:10.0957 26188 Product type: Workstation
16:51:10.0957 26188 ComputerName: ETHAN-PC
16:51:10.0957 26188 UserName: Ethan
16:51:10.0957 26188 Windows directory: C:\Windows
16:51:10.0957 26188 System windows directory: C:\Windows
16:51:10.0957 26188 Processor architecture: Intel x86
16:51:10.0957 26188 Number of processors: 2
16:51:10.0957 26188 Page size: 0x1000
16:51:10.0957 26188 Boot type: Normal boot
16:51:10.0957 26188 ============================================================
16:51:14.0701 26188 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:51:14.0701 26188 ============================================================
16:51:14.0701 26188 \Device\Harddisk0\DR0:
16:51:14.0701 26188 MBR partitions:
16:51:14.0701 26188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x6649800
16:51:14.0701 26188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x79CE800, BlocksNum 0x65C5800
16:51:14.0701 26188 ============================================================
16:51:14.0764 26188 C: <-> \Device\Harddisk0\DR0\Partition1
16:51:14.0888 26188 D: <-> \Device\Harddisk0\DR0\Partition2
16:51:14.0888 26188 ============================================================
16:51:14.0888 26188 Initialize success
16:51:14.0888 26188 ============================================================
16:52:12.0446 26584 ============================================================
16:52:12.0446 26584 Scan started
16:52:12.0446 26584 Mode: Manual;
16:52:12.0446 26584 ============================================================
16:52:13.0756 26584 ================ Scan system memory ========================
16:52:13.0756 26584 System memory - ok
16:52:13.0756 26584 ================ Scan services =============================
16:52:14.0053 26584 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:52:14.0068 26584 ACPI - ok
16:52:14.0146 26584 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:14.0146 26584 AdobeFlashPlayerUpdateSvc - ok
16:52:14.0193 26584 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:52:14.0193 26584 adp94xx - ok
16:52:14.0240 26584 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:52:14.0240 26584 adpahci - ok
16:52:14.0287 26584 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:52:14.0287 26584 adpu160m - ok
16:52:14.0318 26584 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:52:14.0333 26584 adpu320 - ok
16:52:14.0380 26584 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:52:14.0380 26584 AeLookupSvc - ok
16:52:14.0427 26584 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:52:14.0427 26584 AFD - ok
16:52:14.0443 26584 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
16:52:14.0443 26584 AgereModemAudio - ok
16:52:14.0505 26584 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:52:14.0536 26584 AgereSoftModem - ok
16:52:14.0567 26584 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:52:14.0567 26584 agp440 - ok
16:52:14.0599 26584 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:52:14.0599 26584 aic78xx - ok
16:52:14.0645 26584 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:52:14.0645 26584 ALG - ok
16:52:14.0677 26584 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:52:14.0677 26584 aliide - ok
16:52:14.0708 26584 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:52:14.0708 26584 amdagp - ok
16:52:14.0739 26584 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:52:14.0739 26584 amdide - ok
16:52:14.0755 26584 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:52:14.0755 26584 AmdK7 - ok
16:52:14.0801 26584 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:52:14.0801 26584 AmdK8 - ok
16:52:14.0864 26584 [ A595832D7708BC26372BF5FDD73963C9 ] AntiLog32 C:\Windows\system32\drivers\AntiLog32.sys
16:52:14.0864 26584 AntiLog32 - ok
16:52:14.0895 26584 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:52:14.0895 26584 Appinfo - ok
16:52:14.0942 26584 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:52:14.0942 26584 arc - ok
16:52:14.0957 26584 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:52:14.0957 26584 arcsas - ok
16:52:15.0051 26584 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:52:15.0051 26584 aspnet_state - ok
16:52:15.0113 26584 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:15.0113 26584 AsyncMac - ok
16:52:15.0145 26584 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:52:15.0145 26584 atapi - ok
16:52:15.0207 26584 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:52:15.0207 26584 AudioEndpointBuilder - ok
16:52:15.0223 26584 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:52:15.0223 26584 Audiosrv - ok
16:52:15.0410 26584 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:52:15.0425 26584 BBSvc - ok
16:52:15.0457 26584 [ 1C29299BAF836F213AE5EE6EB9014A9A ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
16:52:15.0472 26584 BCM43XV - ok
16:52:15.0519 26584 [ 1C29299BAF836F213AE5EE6EB9014A9A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:52:15.0535 26584 BCM43XX - ok
16:52:15.0581 26584 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:52:15.0581 26584 Beep - ok
16:52:15.0628 26584 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:52:15.0628 26584 BFE - ok
16:52:15.0847 26584 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
16:52:15.0878 26584 BHDrvx86 - ok
16:52:15.0971 26584 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:52:15.0987 26584 BingDesktopUpdate - ok
16:52:16.0049 26584 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:52:16.0112 26584 BITS - ok
16:52:16.0127 26584 blbdrive - ok
16:52:16.0159 26584 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:52:16.0159 26584 bowser - ok
16:52:16.0237 26584 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:52:16.0237 26584 BrFiltLo - ok
16:52:16.0268 26584 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:52:16.0268 26584 BrFiltUp - ok
16:52:16.0330 26584 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:52:16.0330 26584 Browser - ok
16:52:16.0361 26584 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:52:16.0377 26584 Brserid - ok
16:52:16.0408 26584 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:52:16.0408 26584 BrSerWdm - ok
16:52:16.0439 26584 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:52:16.0439 26584 BrUsbMdm - ok
16:52:16.0471 26584 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:52:16.0471 26584 BrUsbSer - ok
16:52:16.0486 26584 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:52:16.0486 26584 BTHMODEM - ok
16:52:16.0611 26584 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\Windows\system32\drivers\N360\1402000.013\ccSetx86.sys
16:52:16.0611 26584 ccSet_N360 - ok
16:52:16.0658 26584 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:52:16.0658 26584 cdfs - ok
16:52:16.0705 26584 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:52:16.0705 26584 cdrom - ok
16:52:16.0751 26584 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:52:16.0751 26584 CertPropSvc - ok
16:52:16.0814 26584 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:52:16.0814 26584 circlass - ok
16:52:16.0907 26584 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:52:16.0939 26584 CLFS - ok
16:52:16.0970 26584 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:16.0985 26584 clr_optimization_v2.0.50727_32 - ok
16:52:17.0063 26584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:52:17.0063 26584 clr_optimization_v4.0.30319_32 - ok
16:52:17.0095 26584 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:52:17.0110 26584 CmBatt - ok
16:52:17.0157 26584 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:52:17.0173 26584 cmdide - ok
16:52:17.0219 26584 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:52:17.0219 26584 Compbatt - ok
16:52:17.0235 26584 COMSysApp - ok
16:52:17.0251 26584 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:52:17.0251 26584 crcdisk - ok
16:52:17.0297 26584 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:52:17.0297 26584 Crusoe - ok
16:52:17.0344 26584 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:52:17.0360 26584 CryptSvc - ok
16:52:17.0625 26584 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:52:17.0641 26584 cvhsvc - ok
16:52:17.0734 26584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:52:17.0750 26584 DcomLaunch - ok
16:52:17.0797 26584 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:52:17.0797 26584 DfsC - ok
16:52:17.0906 26584 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:52:17.0968 26584 DFSR - ok
16:52:18.0015 26584 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:52:18.0046 26584 Dhcp - ok
16:52:18.0093 26584 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:52:18.0093 26584 disk - ok
16:52:18.0124 26584 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
16:52:18.0124 26584 DKbFltr - ok
16:52:18.0187 26584 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:52:18.0187 26584 Dnscache - ok
16:52:18.0249 26584 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:52:18.0249 26584 dot3svc - ok
16:52:18.0296 26584 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:52:18.0296 26584 DPS - ok
16:52:18.0374 26584 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:52:18.0374 26584 drmkaud - ok
16:52:18.0467 26584 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:52:18.0483 26584 DXGKrnl - ok
16:52:18.0545 26584 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:52:18.0545 26584 E1G60 - ok
16:52:18.0608 26584 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:52:18.0608 26584 EapHost - ok
16:52:18.0670 26584 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:52:18.0670 26584 Ecache - ok
16:52:18.0811 26584 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
16:52:18.0826 26584 eDataSecurity Service - ok
16:52:18.0967 26584 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:52:19.0013 26584 eeCtrl - ok
16:52:19.0169 26584 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:52:19.0185 26584 ehRecvr - ok
16:52:19.0232 26584 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:52:19.0232 26584 ehSched - ok
16:52:19.0294 26584 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:52:19.0294 26584 ehstart - ok
16:52:19.0372 26584 [ A7B5F3B9363F9AB1D4FE459BAF3B15D6 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
16:52:19.0388 26584 eLockService - ok
16:52:19.0435 26584 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:52:19.0450 26584 elxstor - ok
16:52:19.0528 26584 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:52:19.0544 26584 EMDMgmt - ok
16:52:19.0622 26584 [ 207E2DDA01AAC6AD64F0368CA59FC179 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
16:52:19.0637 26584 eNet Service - ok
16:52:19.0684 26584 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:52:19.0700 26584 EraserUtilRebootDrv - ok
16:52:19.0731 26584 [ A7B084BFBBD582A843D2F5C35220F962 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
16:52:19.0747 26584 eRecoveryService - ok
16:52:19.0809 26584 [ 06484E97D22F06DE8DE0F8E2BEC6FA9E ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
16:52:19.0809 26584 eSettingsService - ok
16:52:19.0871 26584 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:52:19.0887 26584 EventSystem - ok
16:52:19.0981 26584 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:52:19.0981 26584 exfat - ok
16:52:20.0074 26584 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:52:20.0074 26584 fastfat - ok
16:52:20.0137 26584 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:52:20.0152 26584 fdc - ok
16:52:20.0199 26584 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:52:20.0199 26584 fdPHost - ok
16:52:20.0230 26584 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:52:20.0230 26584 FDResPub - ok
16:52:20.0293 26584 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:52:20.0293 26584 FileInfo - ok
16:52:20.0355 26584 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:52:20.0371 26584 Filetrace - ok
16:52:20.0386 26584 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:52:20.0402 26584 flpydisk - ok
16:52:20.0464 26584 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:52:20.0464 26584 FltMgr - ok
16:52:20.0527 26584 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:52:20.0542 26584 FontCache - ok
16:52:20.0683 26584 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:52:20.0683 26584 FontCache3.0.0.0 - ok
16:52:20.0729 26584 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:52:20.0729 26584 fssfltr - ok
16:52:21.0322 26584 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:52:21.0634 26584 fsssvc - ok
16:52:21.0665 26584 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:52:21.0665 26584 Fs_Rec - ok
16:52:21.0728 26584 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:52:21.0743 26584 gagp30kx - ok
16:52:21.0931 26584 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:52:21.0946 26584 gpsvc - ok
16:52:21.0977 26584 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:52:21.0977 26584 HdAudAddService - ok
16:52:22.0024 26584 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:52:22.0040 26584 HDAudBus - ok
16:52:22.0087 26584 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:52:22.0087 26584 HidBth - ok
16:52:22.0133 26584 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:52:22.0133 26584 HidIr - ok
16:52:22.0180 26584 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:52:22.0180 26584 hidserv - ok
16:52:22.0196 26584 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:52:22.0211 26584 HidUsb - ok
16:52:22.0258 26584 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:52:22.0258 26584 hkmsvc - ok
16:52:22.0289 26584 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:52:22.0289 26584 HpCISSs - ok
16:52:22.0336 26584 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:52:22.0352 26584 HTTP - ok
16:52:22.0383 26584 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:52:22.0383 26584 i2omp - ok
16:52:22.0414 26584 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:52:22.0414 26584 i8042prt - ok
16:52:22.0445 26584 [ DE01BF14FFB150C779FD561BD0E3C5C5 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:52:22.0461 26584 iaStor - ok
16:52:22.0492 26584 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:52:22.0492 26584 iaStorV - ok
16:52:22.0586 26584 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:52:22.0586 26584 IDriverT - ok
16:52:22.0648 26584 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:22.0679 26584 idsvc - ok
16:52:23.0459 26584 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130319.002\IDSvix86.sys
16:52:23.0475 26584 IDSVix86 - ok
16:52:23.0569 26584 [ 5949989FFE62C5EC8B91B9A37D658B90 ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
16:52:23.0584 26584 IDVaultSvc - ok
16:52:23.0631 26584 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:52:23.0631 26584 iirsp - ok
16:52:23.0756 26584 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:52:23.0771 26584 IKEEXT - ok
16:52:23.0834 26584 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
16:52:23.0849 26584 int15 - ok
16:52:23.0990 26584 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:52:24.0068 26584 IntcAzAudAddService - ok
16:52:24.0083 26584 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
16:52:24.0083 26584 intelide - ok
16:52:24.0130 26584 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:52:24.0130 26584 intelppm - ok
16:52:24.0177 26584 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:52:24.0177 26584 IPBusEnum - ok
16:52:24.0224 26584 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:24.0224 26584 IpFilterDriver - ok
16:52:24.0333 26584 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:52:24.0364 26584 iphlpsvc - ok
16:52:24.0380 26584 IpInIp - ok
16:52:24.0411 26584 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:52:24.0411 26584 IPMIDRV - ok
16:52:24.0442 26584 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:52:24.0442 26584 IPNAT - ok
16:52:24.0505 26584 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:52:24.0505 26584 IRENUM - ok
16:52:24.0598 26584 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:52:24.0598 26584 isapnp - ok
16:52:24.0676 26584 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:52:24.0676 26584 iScsiPrt - ok
16:52:24.0707 26584 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:52:24.0707 26584 iteatapi - ok
16:52:24.0739 26584 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:52:24.0739 26584 iteraid - ok
16:52:24.0785 26584 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:52:24.0785 26584 kbdclass - ok
16:52:24.0848 26584 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:52:24.0848 26584 kbdhid - ok
16:52:24.0910 26584 [ 073F64AE093C96CA7ED4BC4F80996261 ] keycrypt C:\Windows\system32\DRIVERS\KeyCrypt32.sys
16:52:24.0910 26584 keycrypt - ok
16:52:24.0957 26584 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:52:24.0973 26584 KeyIso - ok
16:52:25.0019 26584 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:52:25.0035 26584 KSecDD - ok
16:52:25.0175 26584 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:52:25.0191 26584 KtmRm - ok
16:52:25.0238 26584 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:52:25.0253 26584 LanmanServer - ok
16:52:25.0316 26584 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:52:25.0331 26584 LanmanWorkstation - ok
16:52:25.0441 26584 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:52:25.0503 26584 LightScribeService - ok
16:52:25.0550 26584 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:52:25.0550 26584 lltdio - ok
16:52:25.0612 26584 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:52:25.0612 26584 lltdsvc - ok
16:52:25.0659 26584 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:52:25.0659 26584 lmhosts - ok
16:52:25.0721 26584 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:52:25.0721 26584 LSI_FC - ok
16:52:25.0753 26584 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:52:25.0753 26584 LSI_SAS - ok
16:52:25.0784 26584 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:52:25.0784 26584 LSI_SCSI - ok
16:52:25.0831 26584 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:52:25.0831 26584 luafv - ok
16:52:25.0909 26584 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:52:25.0909 26584 Mcx2Svc - ok
16:52:25.0940 26584 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:52:25.0987 26584 megasas - ok
16:52:26.0018 26584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:52:26.0018 26584 MMCSS - ok
16:52:26.0049 26584 MobilityService - ok
16:52:26.0127 26584 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:52:26.0127 26584 Modem - ok
16:52:26.0221 26584 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:52:26.0221 26584 monitor - ok
16:52:26.0252 26584 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:52:26.0267 26584 mouclass - ok
16:52:26.0330 26584 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:52:26.0330 26584 mouhid - ok
16:52:26.0408 26584 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:52:26.0408 26584 MountMgr - ok
16:52:26.0408 26584 MozillaMaintenance - ok
16:52:26.0486 26584 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:52:26.0517 26584 mpio - ok
16:52:26.0564 26584 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:52:26.0564 26584 mpsdrv - ok
16:52:26.0642 26584 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:52:26.0657 26584 MpsSvc - ok
16:52:26.0673 26584 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:52:26.0673 26584 Mraid35x - ok
16:52:26.0720 26584 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:52:26.0720 26584 MRxDAV - ok
16:52:26.0813 26584 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:26.0813 26584 mrxsmb - ok
16:52:26.0860 26584 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:26.0891 26584 mrxsmb10 - ok
16:52:26.0907 26584 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:26.0907 26584 mrxsmb20 - ok
16:52:26.0938 26584 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
16:52:26.0938 26584 msahci - ok
16:52:26.0969 26584 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:52:26.0969 26584 msdsm - ok
16:52:27.0016 26584 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:52:27.0016 26584 MSDTC - ok
16:52:27.0079 26584 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:52:27.0079 26584 Msfs - ok
16:52:27.0110 26584 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:52:27.0125 26584 msisadrv - ok
16:52:27.0188 26584 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:52:27.0188 26584 MSiSCSI - ok
16:52:27.0219 26584 msiserver - ok
16:52:27.0266 26584 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:52:27.0266 26584 MSKSSRV - ok
16:52:27.0344 26584 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:27.0344 26584 MSPCLOCK - ok
16:52:27.0391 26584 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:52:27.0391 26584 MSPQM - ok
16:52:27.0500 26584 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:52:27.0500 26584 MsRPC - ok
16:52:27.0531 26584 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:52:27.0547 26584 mssmbios - ok
16:52:27.0578 26584 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:52:27.0578 26584 MSTEE - ok
16:52:27.0640 26584 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:52:27.0640 26584 Mup - ok
16:52:27.0781 26584 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
16:52:27.0796 26584 N360 - ok
16:52:27.0843 26584 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:52:27.0843 26584 napagent - ok
16:52:27.0968 26584 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:52:27.0968 26584 NativeWifiP - ok
16:52:28.0124 26584 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130320.006\NAVENG.SYS
16:52:28.0155 26584 NAVENG - ok
16:52:28.0639 26584 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130320.006\NAVEX15.SYS
16:52:28.0670 26584 NAVEX15 - ok
16:52:28.0857 26584 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:52:28.0888 26584 NDIS - ok
16:52:28.0919 26584 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:28.0919 26584 NdisTapi - ok
16:52:28.0951 26584 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:28.0951 26584 Ndisuio - ok
16:52:29.0013 26584 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:29.0029 26584 NdisWan - ok
16:52:29.0075 26584 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:52:29.0075 26584 NDProxy - ok
16:52:29.0153 26584 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:52:29.0153 26584 NetBIOS - ok
16:52:29.0247 26584 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:52:29.0247 26584 netbt - ok
16:52:29.0278 26584 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:52:29.0278 26584 Netlogon - ok
16:52:29.0450 26584 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:52:29.0465 26584 Netman - ok
16:52:29.0543 26584 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:52:29.0575 26584 netprofm - ok
16:52:29.0606 26584 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:29.0606 26584 NetTcpPortSharing - ok
16:52:29.0653 26584 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:52:29.0653 26584 nfrd960 - ok
16:52:29.0684 26584 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:52:29.0699 26584 NlaSvc - ok
16:52:29.0746 26584 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:52:29.0746 26584 Npfs - ok
16:52:29.0809 26584 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:52:29.0809 26584 nsi - ok
16:52:29.0855 26584 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:52:29.0855 26584 nsiproxy - ok
16:52:30.0214 26584 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:52:30.0245 26584 Ntfs - ok
16:52:30.0292 26584 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:52:30.0292 26584 NTIDrvr - ok
16:52:30.0308 26584 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:52:30.0323 26584 ntrigdigi - ok
16:52:30.0386 26584 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:52:30.0386 26584 Null - ok
16:52:30.0479 26584 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:52:30.0511 26584 NVENETFD - ok
16:52:31.0010 26584 [ B36C3B866B0D47E2E2856EC8FD746E39 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:52:31.0197 26584 nvlddmkm - ok
16:52:31.0244 26584 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:52:31.0244 26584 nvraid - ok
16:52:31.0275 26584 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:52:31.0275 26584 nvsmu - ok
16:52:31.0306 26584 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:52:31.0306 26584 nvstor - ok
16:52:31.0353 26584 [ CF672C71844A3B407EB86042829BCE09 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:52:31.0369 26584 nvsvc - ok
16:52:31.0384 26584 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:52:31.0384 26584 nv_agp - ok
16:52:31.0400 26584 NwlnkFlt - ok
16:52:31.0415 26584 NwlnkFwd - ok
16:52:31.0493 26584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:52:31.0556 26584 odserv - ok
16:52:31.0618 26584 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:52:31.0618 26584 ohci1394 - ok
16:52:31.0712 26584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:31.0712 26584 ose - ok
16:52:32.0944 26584 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:52:33.0116 26584 osppsvc - ok
16:52:33.0334 26584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:52:33.0365 26584 p2pimsvc - ok
16:52:33.0381 26584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:52:33.0397 26584 p2psvc - ok
16:52:33.0443 26584 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:52:33.0443 26584 Parport - ok
16:52:33.0521 26584 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:52:33.0521 26584 partmgr - ok
16:52:33.0568 26584 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:52:33.0568 26584 Parvdm - ok
16:52:33.0646 26584 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:52:33.0646 26584 PcaSvc - ok
16:52:33.0693 26584 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:52:33.0693 26584 pci - ok
16:52:33.0724 26584 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:52:33.0724 26584 pciide - ok
16:52:33.0802 26584 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:52:33.0818 26584 pcmcia - ok
16:52:33.0880 26584 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:52:33.0911 26584 PEAUTH - ok
16:52:34.0395 26584 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:52:34.0426 26584 pla - ok
16:52:34.0473 26584 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:52:34.0489 26584 PlugPlay - ok
16:52:34.0535 26584 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
16:52:34.0535 26584 PnkBstrA - ok
16:52:34.0582 26584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:52:34.0582 26584 PNRPAutoReg - ok
16:52:34.0613 26584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:52:34.0629 26584 PNRPsvc - ok
16:52:34.0816 26584 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:52:34.0863 26584 PolicyAgent - ok
16:52:34.0910 26584 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:52:34.0910 26584 PptpMiniport - ok
16:52:34.0957 26584 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:52:34.0972 26584 Processor - ok
16:52:35.0019 26584 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:52:35.0019 26584 ProfSvc - ok
16:52:35.0050 26584 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:52:35.0050 26584 ProtectedStorage - ok
16:52:35.0113 26584 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:52:35.0113 26584 PSched - ok
16:52:35.0175 26584 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
16:52:35.0175 26584 PSDFilter - ok
16:52:35.0191 26584 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
16:52:35.0191 26584 PSDNServ - ok
16:52:35.0206 26584 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
16:52:35.0222 26584 psdvdisk - ok
16:52:35.0269 26584 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:52:35.0300 26584 ql2300 - ok
16:52:35.0331 26584 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:52:35.0331 26584 ql40xx - ok
16:52:35.0378 26584 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:52:35.0378 26584 QWAVE - ok
16:52:35.0440 26584 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:52:35.0440 26584 QWAVEdrv - ok
16:52:35.0503 26584 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:52:35.0503 26584 RasAcd - ok
16:52:35.0565 26584 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:52:35.0565 26584 RasAuto - ok
16:52:35.0627 26584 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:35.0627 26584 Rasl2tp - ok
16:52:35.0752 26584 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:52:35.0768 26584 RasMan - ok
16:52:35.0815 26584 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:35.0815 26584 RasPppoe - ok
16:52:35.0877 26584 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:52:35.0877 26584 RasSstp - ok
16:52:35.0986 26584 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:52:36.0002 26584 rdbss - ok
16:52:36.0049 26584 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:36.0049 26584 RDPCDD - ok
16:52:36.0158 26584 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:52:36.0205 26584 rdpdr - ok
16:52:36.0205 26584 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:52:36.0220 26584 RDPENCDD - ok
16:52:36.0267 26584 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:52:36.0267 26584 RDPWD - ok
16:52:36.0345 26584 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:52:36.0345 26584 RemoteAccess - ok
16:52:36.0407 26584 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:52:36.0407 26584 RemoteRegistry - ok
16:52:36.0610 26584 [ 0A468612A19FEB657D127E7C4810F6FC ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:52:36.0610 26584 RichVideo - ok
16:52:36.0641 26584 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:52:36.0641 26584 rimmptsk - ok
16:52:36.0657 26584 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:52:36.0657 26584 rimsptsk - ok
16:52:36.0657 26584 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:52:36.0657 26584 rismxdp - ok
16:52:36.0719 26584 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:52:36.0719 26584 RpcLocator - ok
16:52:36.0907 26584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:52:36.0922 26584 RpcSs - ok
16:52:36.0985 26584 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:52:36.0985 26584 rspndr - ok
16:52:37.0031 26584 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:52:37.0031 26584 SamSs - ok
16:52:37.0078 26584 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:52:37.0094 26584 sbp2port - ok
16:52:37.0141 26584 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:52:37.0141 26584 SCardSvr - ok
16:52:37.0328 26584 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:52:37.0375 26584 Schedule - ok
16:52:37.0421 26584 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:52:37.0437 26584 SCPolicySvc - ok
16:52:37.0499 26584 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:52:37.0499 26584 sdbus - ok
16:52:37.0577 26584 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:52:37.0593 26584 SDRSVC - ok
16:52:37.0749 26584 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:52:37.0796 26584 SeaPort - ok
16:52:37.0811 26584 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:52:37.0811 26584 secdrv - ok
16:52:37.0858 26584 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:52:37.0858 26584 seclogon - ok
16:52:37.0905 26584 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:52:37.0905 26584 SENS - ok
16:52:37.0952 26584 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:52:37.0967 26584 Serenum - ok
16:52:37.0983 26584 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:52:37.0999 26584 Serial - ok
16:52:38.0014 26584 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:52:38.0014 26584 sermouse - ok
16:52:38.0092 26584 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:52:38.0092 26584 SessionEnv - ok
16:52:38.0139 26584 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:52:38.0139 26584 sffdisk - ok
16:52:38.0186 26584 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:52:38.0201 26584 sffp_mmc - ok
16:52:38.0233 26584 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:52:38.0233 26584 sffp_sd - ok
16:52:38.0264 26584 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:52:38.0279 26584 sfloppy - ok
16:52:38.0342 26584 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:52:38.0404 26584 Sftfs - ok
16:52:38.0685 26584 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
16:52:38.0732 26584 sftlist - ok
16:52:38.0841 26584 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:52:38.0872 26584 Sftplay - ok
16:52:38.0888 26584 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:52:38.0888 26584 Sftredir - ok
16:52:38.0935 26584 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:52:38.0935 26584 Sftvol - ok
16:52:39.0013 26584 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
16:52:39.0106 26584 sftvsa - ok
16:52:39.0184 26584 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:52:39.0184 26584 SharedAccess - ok
16:52:39.0247 26584 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:52:39.0247 26584 ShellHWDetection - ok
16:52:39.0293 26584 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:52:39.0293 26584 sisagp - ok
16:52:39.0371 26584 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:52:39.0387 26584 SiSRaid2 - ok
16:52:39.0403 26584 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:52:39.0403 26584 SiSRaid4 - ok
16:52:40.0027 26584 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:52:40.0151 26584 slsvc - ok
16:52:40.0198 26584 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:52:40.0214 26584 SLUINotify - ok
16:52:40.0261 26584 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:52:40.0261 26584 Smb - ok
16:52:40.0323 26584 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:52:40.0339 26584 SNMPTRAP - ok
16:52:40.0666 26584 [ 1C550748F896E53B7B0FE7717845132B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:52:40.0729 26584 SNP2UVC - ok
16:52:40.0775 26584 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:52:40.0775 26584 spldr - ok
16:52:40.0853 26584 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:52:40.0885 26584 Spooler - ok
16:52:40.0947 26584 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
16:52:40.0947 26584 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
16:52:40.0947 26584 sptd ( LockedFile.Multi.Generic ) - warning
16:52:40.0947 26584 sptd - detected LockedFile.Multi.Generic (1)
16:52:41.0259 26584 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\Windows\System32\Drivers\N360\1402000.013\SRTSP.SYS
16:52:41.0290 26584 SRTSP - ok
16:52:41.0321 26584 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\N360\1402000.013\SRTSPX.SYS
16:52:41.0321 26584 SRTSPX - ok
16:52:41.0462 26584 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:52:41.0477 26584 srv - ok
16:52:41.0524 26584 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:52:41.0524 26584 srv2 - ok
16:52:41.0555 26584 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:52:41.0555 26584 srvnet - ok
16:52:41.0633 26584 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:52:41.0633 26584 SSDPSRV - ok
16:52:41.0680 26584 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:52:41.0696 26584 SstpSvc - ok
16:52:41.0711 26584 Steam Client Service - ok
16:52:41.0758 26584 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:52:41.0758 26584 stisvc - ok
16:52:41.0805 26584 [ 2AA2D356CB735CD3CCA9F671BD75C9B5 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
16:52:41.0805 26584 SWDUMon - ok
16:52:41.0852 26584 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:52:41.0852 26584 swenum - ok
16:52:41.0992 26584 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:52:42.0023 26584 swprv - ok
16:52:42.0070 26584 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:52:42.0070 26584 Symc8xx - ok
16:52:42.0133 26584 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\Windows\system32\drivers\N360\1402000.013\SYMDS.SYS
16:52:42.0148 26584 SymDS - ok
16:52:42.0195 26584 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\Windows\system32\drivers\N360\1402000.013\SYMEFA.SYS
16:52:42.0226 26584 SymEFA - ok
16:52:42.0273 26584 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
16:52:42.0273 26584 SymEvent - ok
16:52:42.0320 26584 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1402000.013\Ironx86.SYS
16:52:42.0320 26584 SymIRON - ok
16:52:42.0367 26584 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\System32\Drivers\N360\1402000.013\SYMTDIV.SYS
16:52:42.0382 26584 SYMTDIv - ok
16:52:42.0413 26584 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:52:42.0413 26584 Sym_hi - ok
16:52:42.0429 26584 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:52:42.0429 26584 Sym_u3 - ok
16:52:42.0460 26584 [ 978ACC15501E62D4B26C1567CE42FBAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:52:42.0460 26584 SynTP - ok
16:52:42.0523 26584 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:52:42.0538 26584 SysMain - ok
16:52:42.0585 26584 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:52:42.0601 26584 TabletInputService - ok
16:52:42.0647 26584 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:52:42.0647 26584 TapiSrv - ok
16:52:42.0694 26584 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:52:42.0694 26584 TBS - ok
16:52:43.0006 26584 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:52:43.0037 26584 Tcpip - ok
16:52:43.0100 26584 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:52:43.0100 26584 Tcpip6 - ok
16:52:43.0147 26584 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:52:43.0147 26584 tcpipreg - ok
16:52:43.0178 26584 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:52:43.0178 26584 TDPIPE - ok
16:52:43.0240 26584 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:52:43.0240 26584 TDTCP - ok
16:52:43.0287 26584 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:52:43.0287 26584 tdx - ok
16:52:43.0334 26584 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:52:43.0334 26584 TermDD - ok
16:52:43.0521 26584 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:52:43.0552 26584 TermService - ok
16:52:43.0583 26584 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:52:43.0583 26584 Themes - ok
16:52:43.0615 26584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:52:43.0615 26584 THREADORDER - ok
16:52:43.0693 26584 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:52:43.0693 26584 TrkWks - ok
16:52:43.0771 26584 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:52:43.0771 26584 TrustedInstaller - ok
16:52:43.0817 26584 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:43.0817 26584 tssecsrv - ok
16:52:43.0880 26584 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:52:43.0895 26584 tunmp - ok
16:52:43.0973 26584 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:52:43.0973 26584 tunnel - ok
16:52:44.0020 26584 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:52:44.0020 26584 uagp35 - ok
16:52:44.0145 26584 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:52:44.0176 26584 udfs - ok
16:52:44.0239 26584 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:52:44.0239 26584 UI0Detect - ok
16:52:44.0270 26584 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:52:44.0285 26584 uliagpkx - ok
16:52:44.0363 26584 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:52:44.0379 26584 uliahci - ok
16:52:44.0395 26584 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:52:44.0395 26584 UlSata - ok
16:52:44.0426 26584 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:52:44.0426 26584 ulsata2 - ok
16:52:44.0457 26584 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:52:44.0473 26584 umbus - ok
16:52:44.0473 26584 Updater Service for StartNow Toolbar - ok
16:52:44.0566 26584 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:52:44.0582 26584 upnphost - ok
16:52:44.0629 26584 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:52:44.0629 26584 usbccgp - ok
16:52:44.0660 26584 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:52:44.0675 26584 usbcir - ok
16:52:44.0722 26584 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:52:44.0722 26584 usbehci - ok
16:52:44.0816 26584 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:52:44.0831 26584 usbhub - ok
16:52:44.0878 26584 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:52:44.0878 26584 usbohci - ok
16:52:44.0925 26584 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:52:44.0941 26584 usbprint - ok
16:52:44.0987 26584 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:52:44.0987 26584 usbscan - ok
16:52:45.0034 26584 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:45.0034 26584 USBSTOR - ok
16:52:45.0065 26584 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:45.0065 26584 usbuhci - ok
16:52:45.0128 26584 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:52:45.0128 26584 UxSms - ok
16:52:45.0190 26584 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:52:45.0206 26584 vds - ok
16:52:45.0237 26584 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:45.0237 26584 vga - ok
16:52:45.0284 26584 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:52:45.0284 26584 VgaSave - ok
16:52:45.0299 26584 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:52:45.0299 26584 viaagp - ok
16:52:45.0331 26584 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:52:45.0346 26584 ViaC7 - ok
16:52:45.0362 26584 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:52:45.0362 26584 viaide - ok
16:52:45.0393 26584 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:52:45.0393 26584 volmgr - ok
16:52:45.0471 26584 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:52:45.0487 26584 volmgrx - ok
16:52:45.0533 26584 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:52:45.0549 26584 volsnap - ok
16:52:45.0580 26584 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:52:45.0580 26584 vsmraid - ok
16:52:45.0643 26584 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:52:45.0689 26584 VSS - ok
16:52:45.0705 26584 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:52:45.0721 26584 W32Time - ok
16:52:45.0752 26584 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:52:45.0767 26584 WacomPen - ok
16:52:45.0814 26584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:52:45.0814 26584 Wanarp - ok
16:52:45.0830 26584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:52:45.0830 26584 Wanarpv6 - ok
16:52:45.0923 26584 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:52:45.0923 26584 wcncsvc - ok
16:52:45.0955 26584 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:52:45.0970 26584 WcsPlugInService - ok
16:52:46.0017 26584 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:52:46.0017 26584 Wd - ok
16:52:46.0079 26584 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:52:46.0079 26584 Wdf01000 - ok
16:52:46.0157 26584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:52:46.0157 26584 WdiServiceHost - ok
16:52:46.0157 26584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:52:46.0173 26584 WdiSystemHost - ok
16:52:46.0251 26584 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:52:46.0251 26584 WebClient - ok
16:52:46.0298 26584 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:52:46.0313 26584 Wecsvc - ok
16:52:46.0345 26584 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:52:46.0360 26584 wercplsupport - ok
16:52:46.0423 26584 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:52:46.0423 26584 WerSvc - ok
16:52:46.0469 26584 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
16:52:46.0469 26584 winbondcir - ok
16:52:46.0594 26584 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:52:46.0610 26584 WinDefend - ok
16:52:46.0610 26584 WinHttpAutoProxySvc - ok
16:52:46.0703 26584 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:52:46.0719 26584 Winmgmt - ok
16:52:46.0906 26584 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:52:46.0937 26584 WinRM - ok
16:52:47.0031 26584 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:52:47.0031 26584 Wlansvc - ok
16:52:47.0093 26584 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:52:47.0093 26584 wlcrasvc - ok
16:52:47.0624 26584 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:52:47.0655 26584 wlidsvc - ok
16:52:47.0702 26584 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:47.0702 26584 WmiAcpi - ok
16:52:47.0780 26584 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:52:47.0780 26584 wmiApSrv - ok
16:52:48.0029 26584 [ E8781CF1A4262881897444D22921A3A6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
16:52:48.0029 26584 WMIService - ok
16:52:48.0154 26584 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:52:48.0170 26584 WMPNetworkSvc - ok
16:52:48.0217 26584 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:52:48.0232 26584 WPCSvc - ok
16:52:48.0279 26584 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:52:48.0279 26584 WPDBusEnum - ok
16:52:48.0419 26584 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:52:48.0435 26584 WPFFontCache_v0400 - ok
16:52:48.0466 26584 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:52:48.0482 26584 ws2ifsl - ok
16:52:48.0529 26584 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:52:48.0529 26584 wscsvc - ok
16:52:48.0544 26584 WSearch - ok
16:52:48.0747 26584 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:52:48.0809 26584 wuauserv - ok
16:52:48.0841 26584 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:52:48.0856 26584 WudfPf - ok
16:52:48.0903 26584 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:48.0903 26584 WUDFRd - ok
16:52:48.0934 26584 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:52:48.0934 26584 wudfsvc - ok
16:52:49.0090 26584 [ 8098180B3F6C430A4E60333BC036F936 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
16:52:49.0090 26584 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
16:52:49.0106 26584 ================ Scan global ===============================
16:52:49.0184 26584 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:52:49.0246 26584 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:52:49.0309 26584 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:52:49.0402 26584 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:52:49.0418 26584 [Global] - ok
16:52:49.0418 26584 ================ Scan MBR ==================================
16:52:49.0449 26584 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
16:52:52.0756 26584 \Device\Harddisk0\DR0 - ok
16:52:52.0756 26584 ================ Scan VBR ==================================
16:52:52.0803 26584 [ D62A60D9ECC65DDE4313C3B8A8391C86 ] \Device\Harddisk0\DR0\Partition1
16:52:52.0803 26584 \Device\Harddisk0\DR0\Partition1 - ok
16:52:52.0834 26584 [ 01F49050AEB7F32C1AA0396F9957D17A ] \Device\Harddisk0\DR0\Partition2
16:52:52.0834 26584 \Device\Harddisk0\DR0\Partition2 - ok
16:52:52.0850 26584 ============================================================
16:52:52.0850 26584 Scan finished
16:52:52.0850 26584 ============================================================
16:52:52.0865 26576 Detected object count: 1
16:52:52.0865 26576 Actual detected object count: 1
16:54:50.0503 26576 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:54:50.0503 26576 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#4 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 20 March 2013 - 11:42 PM

Hi EmC88

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

============ Next ==============

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

============ Next ==============

Download RogueKiller and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
Next click on the ShortcutsFix
another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
AdwCleaner log
JRT log
All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

#5 EmC88

New Member

New Member
3 posts

Posted 21 March 2013 - 05:19 PM

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 16:14:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Ethan - ETHAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ethan\Pictures\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Deleted : C:\Windows\system32\conduitEngine.tmp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Ethan\AppData\Local\Conduit
Folder Deleted : C:\Users\Ethan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ethan\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974
Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\zgeb3h5q.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13111 octets] - [21/03/2013 16:14:17]

########## EOF - C:\AdwCleaner[S1].txt - [13172 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Ethan on Thu 03/21/2013 at 16:50:41.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{0c8413c1-fad1-446c-8584-be50576f863e}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{0c8413c1-fad1-446c-8584-be50576f863e}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0c8413c1-fad1-446c-8584-be50576f863e}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{e5f5d888-2587-e012-a817-7038f5690f26}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ethan\appdata\locallow\comcasttb"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/21/2013 at 16:58:20.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ethan [Admin rights]
Mode : Scan -- Date : 03/21/2013 17:11:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8249D591 -> HOOKED (Unknown @ 0x86CEDD08)
SSDT[14] : NtAlertThread @ 0x824161F5 -> HOOKED (Unknown @ 0x86CEDDC8)
SSDT[18] : NtAllocateVirtualMemory @ 0x8245247D -> HOOKED (Unknown @ 0x86AA3C38)
SSDT[21] : NtAlpcConnectPort @ 0x823F4824 -> HOOKED (Unknown @ 0x86AA3900)
SSDT[42] : NtAssignProcessToJobObject @ 0x823C7B08 -> HOOKED (Unknown @ 0x88CE6E30)
SSDT[60] : NtCreateFile @ 0x8244C2D1 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDF12)
SSDT[67] : NtCreateMutant @ 0x8242A7A2 -> HOOKED (Unknown @ 0x86BDCCD8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823CA31F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE4D8)
SSDT[78] : NtCreateThread @ 0x8249BBA4 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCB24)
SSDT[116] : NtDebugActiveProcess @ 0x8246ECA0 -> HOOKED (Unknown @ 0x88CE6F10)
SSDT[123] : NtDeleteKey @ 0x823BC71F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDAA6)
SSDT[126] : NtDeleteValueKey @ 0x823B7CC0 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD978)
SSDT[127] : NtDeviceIoControlFile @ 0x8245244A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE7D0)
SSDT[129] : NtDuplicateObject @ 0x824024E1 -> HOOKED (Unknown @ 0x86AA2D48)
SSDT[147] : NtFreeVirtualMemory @ 0x8228EF1D -> HOOKED (Unknown @ 0x86AA6C20)
SSDT[156] : NtImpersonateAnonymousToken @ 0x823C4F15 -> HOOKED (Unknown @ 0x86BDCDA8)
SSDT[158] : NtImpersonateThread @ 0x823DA50F -> HOOKED (Unknown @ 0x86CEDC48)
SSDT[165] : NtLoadDriver @ 0x82375DEE -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CC720)
SSDT[177] : NtMapViewOfSection @ 0x8241A83A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CC27C)
SSDT[184] : NtOpenEvent @ 0x82403D5F -> HOOKED (Unknown @ 0x86BDCC18)
SSDT[186] : NtOpenFile @ 0x8241038D -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE28E)
SSDT[189] : NtOpenKey @ 0x82412636 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDECC)
SSDT[194] : NtOpenProcess @ 0x8242AF3E -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD104)
SSDT[195] : NtOpenProcessToken @ 0x8240B9C0 -> HOOKED (Unknown @ 0x86AA2C88)
SSDT[197] : NtOpenSection @ 0x8241B60D -> HOOKED (Unknown @ 0x86BE2A88)
SSDT[201] : NtOpenThread @ 0x8242648F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD430)
SSDT[210] : NtProtectVirtualMemory @ 0x82424272 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE498)
SSDT[255] : NtQueueApcThread @ 0x823BB85F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCE4A)
SSDT[282] : NtResumeThread @ 0x82425ADA -> HOOKED (Unknown @ 0x88925CC8)
SSDT[286] : NtSecureConnectPort @ 0x823D76CF -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE430)
SSDT[289] : NtSetContextThread @ 0x8249D03F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CBFA8)
SSDT[305] : NtSetInformationProcess @ 0x8241E868 -> HOOKED (Unknown @ 0x86B4AAB0)
SSDT[317] : NtSetSystemInformation @ 0x823F0E9B -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCAB6)
SSDT[324] : NtSetValueKey @ 0x823E8382 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDB72)
SSDT[330] : NtSuspendProcess @ 0x8249D4CB -> HOOKED (Unknown @ 0x86BE2B68)
SSDT[331] : NtSuspendThread @ 0x823A4921 -> HOOKED (Unknown @ 0x88925D88)
SSDT[334] : NtTerminateProcess @ 0x823FB0D3 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD84E)
SSDT[335] : unknown @ 0x824264C4 -> HOOKED (Unknown @ 0x86A87980)
SSDT[348] : NtUnmapViewOfSection @ 0x8241AAFD -> HOOKED (Unknown @ 0x86AA6B60)
SSDT[358] : NtWriteVirtualMemory @ 0x824178CD -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CBBFA)
SSDT[382] : NtCreateThreadEx @ 0x82425F79 -> HOOKED (Unknown @ 0x877CCFB0)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA8DE)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9A6C)
S_SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C98FA)
S_SSDT[198] : NtGdiGetPixel -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CABBE)
S_SSDT[235] : NtGdiMaskBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA028)
S_SSDT[241] : NtGdiOpenDCW -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9960)
S_SSDT[245] : NtGdiPlgBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA306)
S_SSDT[301] : NtGdiStretchBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9D4C)
S_SSDT[307] : NtGdiTransparentBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA5FC)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB47A)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8D46)
S_SSDT[401] : NtUserGetClassInfoEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB7FE)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x9B880920)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9024)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x9A9F8BF8)
S_SSDT[479] : NtUserMessageCall -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB124)
S_SSDT[497] : NtUserPostMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB404)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB3F2)
S_SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C92D4)
S_SSDT[525] : NtUserSendInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9632)
S_SSDT[532] : NtUserSetClipboardViewer -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CAE92)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C88C8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8A80)
S_SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8A5E)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 5a00a4887c0356056c8129ed55b432fb
[BSP] a01bf87560abf1f2fa424badca7dd02b : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 52371 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127723520 | Size: 52107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03212013_02d1711.txt >>
RKreport[1]_S_03212013_02d1711.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ethan [Admin rights]
Mode : Remove -- Date : 03/21/2013 17:13:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8249D591 -> HOOKED (Unknown @ 0x86CEDD08)
SSDT[14] : NtAlertThread @ 0x824161F5 -> HOOKED (Unknown @ 0x86CEDDC8)
SSDT[18] : NtAllocateVirtualMemory @ 0x8245247D -> HOOKED (Unknown @ 0x86AA3C38)
SSDT[21] : NtAlpcConnectPort @ 0x823F4824 -> HOOKED (Unknown @ 0x86AA3900)
SSDT[42] : NtAssignProcessToJobObject @ 0x823C7B08 -> HOOKED (Unknown @ 0x88CE6E30)
SSDT[60] : NtCreateFile @ 0x8244C2D1 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDF12)
SSDT[67] : NtCreateMutant @ 0x8242A7A2 -> HOOKED (Unknown @ 0x86BDCCD8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823CA31F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE4D8)
SSDT[78] : NtCreateThread @ 0x8249BBA4 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCB24)
SSDT[116] : NtDebugActiveProcess @ 0x8246ECA0 -> HOOKED (Unknown @ 0x88CE6F10)
SSDT[123] : NtDeleteKey @ 0x823BC71F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDAA6)
SSDT[126] : NtDeleteValueKey @ 0x823B7CC0 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD978)
SSDT[127] : NtDeviceIoControlFile @ 0x8245244A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE7D0)
SSDT[129] : NtDuplicateObject @ 0x824024E1 -> HOOKED (Unknown @ 0x86AA2D48)
SSDT[147] : NtFreeVirtualMemory @ 0x8228EF1D -> HOOKED (Unknown @ 0x86AA6C20)
SSDT[156] : NtImpersonateAnonymousToken @ 0x823C4F15 -> HOOKED (Unknown @ 0x86BDCDA8)
SSDT[158] : NtImpersonateThread @ 0x823DA50F -> HOOKED (Unknown @ 0x86CEDC48)
SSDT[165] : NtLoadDriver @ 0x82375DEE -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CC720)
SSDT[177] : NtMapViewOfSection @ 0x8241A83A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CC27C)
SSDT[184] : NtOpenEvent @ 0x82403D5F -> HOOKED (Unknown @ 0x86BDCC18)
SSDT[186] : NtOpenFile @ 0x8241038D -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE28E)
SSDT[189] : NtOpenKey @ 0x82412636 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDECC)
SSDT[194] : NtOpenProcess @ 0x8242AF3E -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD104)
SSDT[195] : NtOpenProcessToken @ 0x8240B9C0 -> HOOKED (Unknown @ 0x86AA2C88)
SSDT[197] : NtOpenSection @ 0x8241B60D -> HOOKED (Unknown @ 0x86BE2A88)
SSDT[201] : NtOpenThread @ 0x8242648F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD430)
SSDT[210] : NtProtectVirtualMemory @ 0x82424272 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE498)
SSDT[255] : NtQueueApcThread @ 0x823BB85F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCE4A)
SSDT[282] : NtResumeThread @ 0x82425ADA -> HOOKED (Unknown @ 0x88925CC8)
SSDT[286] : NtSecureConnectPort @ 0x823D76CF -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CE430)
SSDT[289] : NtSetContextThread @ 0x8249D03F -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CBFA8)
SSDT[305] : NtSetInformationProcess @ 0x8241E868 -> HOOKED (Unknown @ 0x86B4AAB0)
SSDT[317] : NtSetSystemInformation @ 0x823F0E9B -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CCAB6)
SSDT[324] : NtSetValueKey @ 0x823E8382 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CDB72)
SSDT[330] : NtSuspendProcess @ 0x8249D4CB -> HOOKED (Unknown @ 0x86BE2B68)
SSDT[331] : NtSuspendThread @ 0x823A4921 -> HOOKED (Unknown @ 0x88925D88)
SSDT[334] : NtTerminateProcess @ 0x823FB0D3 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CD84E)
SSDT[335] : unknown @ 0x824264C4 -> HOOKED (Unknown @ 0x86A87980)
SSDT[348] : NtUnmapViewOfSection @ 0x8241AAFD -> HOOKED (Unknown @ 0x86AA6B60)
SSDT[358] : NtWriteVirtualMemory @ 0x824178CD -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CBBFA)
SSDT[382] : NtCreateThreadEx @ 0x82425F79 -> HOOKED (Unknown @ 0x877CCFB0)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA8DE)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9A6C)
S_SSDT[124] : NtGdiDeleteObjectApp -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C98FA)
S_SSDT[198] : NtGdiGetPixel -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CABBE)
S_SSDT[235] : NtGdiMaskBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA028)
S_SSDT[241] : NtGdiOpenDCW -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9960)
S_SSDT[245] : NtGdiPlgBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA306)
S_SSDT[301] : NtGdiStretchBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9D4C)
S_SSDT[307] : NtGdiTransparentBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CA5FC)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB47A)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8D46)
S_SSDT[401] : NtUserGetClassInfoEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB7FE)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x9B880920)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9024)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x9A9F8BF8)
S_SSDT[479] : NtUserMessageCall -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB124)
S_SSDT[497] : NtUserPostMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB404)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CB3F2)
S_SSDT[513] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C92D4)
S_SSDT[525] : NtUserSendInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C9632)
S_SSDT[532] : NtUserSetClipboardViewer -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963CAE92)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C88C8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8A80)
S_SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x963C8A5E)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 5a00a4887c0356056c8129ed55b432fb
[BSP] a01bf87560abf1f2fa424badca7dd02b : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 52371 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127723520 | Size: 52107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03212013_02d1713.txt >>
RKreport[1]_S_03212013_02d1711.txt ; RKreport[2]_D_03212013_02d1713.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ethan [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/21/2013 17:15:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 157 / Fail 0
My documents: Success 5 / Fail 5
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 91 / Fail 8
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << RKreport[3]_SC_03212013_02d1715.txt >>
RKreport[1]_S_03212013_02d1711.txt ; RKreport[2]_D_03212013_02d1713.txt ; RKreport[3]_SC_03212013_02d1715.txt

#6 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 22 March 2013 - 07:11 AM

Hi EmC88

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

#7 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 26 March 2013 - 08:17 AM

Still need help?

#8 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 29 March 2013 - 02:02 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Body Background

skin color theme